From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: darrick.wong@oracle.com
Cc: linux-xfs@vger.kernel.org
Subject: [PATCH 3/4] xfs: refactor file range validation
Date: Sun, 06 Dec 2020 15:11:09 -0800 [thread overview]
Message-ID: <160729626928.1608297.12355625902682243490.stgit@magnolia> (raw)
In-Reply-To: <160729625074.1608297.13414859761208067117.stgit@magnolia>
From: Darrick J. Wong <darrick.wong@oracle.com>
Refactor all the open-coded validation of file block ranges into a
single helper, and teach the bmap scrubber to check the ranges.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_bmap.c | 2 +-
fs/xfs/libxfs/xfs_types.c | 25 +++++++++++++++++++++++++
fs/xfs/libxfs/xfs_types.h | 3 +++
fs/xfs/scrub/bmap.c | 4 ++++
fs/xfs/xfs_bmap_item.c | 2 +-
fs/xfs/xfs_rmap_item.c | 2 +-
6 files changed, 35 insertions(+), 3 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c
index 7bcf498ef6b2..dcf56bcafb8f 100644
--- a/fs/xfs/libxfs/xfs_bmap.c
+++ b/fs/xfs/libxfs/xfs_bmap.c
@@ -6227,7 +6227,7 @@ xfs_bmap_validate_extent(
{
struct xfs_mount *mp = ip->i_mount;
- if (irec->br_startoff + irec->br_blockcount <= irec->br_startoff)
+ if (!xfs_verify_fileext(mp, irec->br_startoff, irec->br_blockcount))
return __this_address;
if (XFS_IS_REALTIME_INODE(ip) && whichfork == XFS_DATA_FORK) {
diff --git a/fs/xfs/libxfs/xfs_types.c b/fs/xfs/libxfs/xfs_types.c
index 7b310eb296b7..b254fbeaaa50 100644
--- a/fs/xfs/libxfs/xfs_types.c
+++ b/fs/xfs/libxfs/xfs_types.c
@@ -258,3 +258,28 @@ xfs_verify_dablk(
return dabno <= max_dablk;
}
+
+/* Check that a file block offset does not exceed the maximum. */
+bool
+xfs_verify_fileoff(
+ struct xfs_mount *mp,
+ xfs_fileoff_t off)
+{
+ return off <= XFS_MAX_FILEOFF;
+}
+
+/* Check that a range of file block offsets do not exceed the maximum. */
+bool
+xfs_verify_fileext(
+ struct xfs_mount *mp,
+ xfs_fileoff_t off,
+ xfs_fileoff_t len)
+{
+ if (off + len <= off)
+ return false;
+
+ if (!xfs_verify_fileoff(mp, off))
+ return false;
+
+ return xfs_verify_fileoff(mp, off + len - 1);
+}
diff --git a/fs/xfs/libxfs/xfs_types.h b/fs/xfs/libxfs/xfs_types.h
index 18e83ce46568..064bd6e8c922 100644
--- a/fs/xfs/libxfs/xfs_types.h
+++ b/fs/xfs/libxfs/xfs_types.h
@@ -203,5 +203,8 @@ bool xfs_verify_icount(struct xfs_mount *mp, unsigned long long icount);
bool xfs_verify_dablk(struct xfs_mount *mp, xfs_fileoff_t off);
void xfs_icount_range(struct xfs_mount *mp, unsigned long long *min,
unsigned long long *max);
+bool xfs_verify_fileoff(struct xfs_mount *mp, xfs_fileoff_t off);
+bool xfs_verify_fileext(struct xfs_mount *mp, xfs_fileoff_t off,
+ xfs_fileoff_t len);
#endif /* __XFS_TYPES_H__ */
diff --git a/fs/xfs/scrub/bmap.c b/fs/xfs/scrub/bmap.c
index cce8ac7d3973..bce4421acdb9 100644
--- a/fs/xfs/scrub/bmap.c
+++ b/fs/xfs/scrub/bmap.c
@@ -329,6 +329,10 @@ xchk_bmap_iextent(
xchk_fblock_set_corrupt(info->sc, info->whichfork,
irec->br_startoff);
+ if (!xfs_verify_fileext(mp, irec->br_startoff, irec->br_blockcount))
+ xchk_fblock_set_corrupt(info->sc, info->whichfork,
+ irec->br_startoff);
+
xchk_bmap_dirattr_extent(ip, info, irec);
/* There should never be a "hole" extent in either extent list. */
diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c
index 5c9706760e68..9a2e54b7ccb9 100644
--- a/fs/xfs/xfs_bmap_item.c
+++ b/fs/xfs/xfs_bmap_item.c
@@ -449,7 +449,7 @@ xfs_bui_validate(
if (!xfs_verify_ino(mp, bmap->me_owner))
return false;
- if (bmap->me_startoff + bmap->me_len <= bmap->me_startoff)
+ if (!xfs_verify_fileext(mp, bmap->me_startoff, bmap->me_len))
return false;
return xfs_verify_fsbext(mp, bmap->me_startblock, bmap->me_len);
diff --git a/fs/xfs/xfs_rmap_item.c b/fs/xfs/xfs_rmap_item.c
index 4fa875237422..49cebd68b672 100644
--- a/fs/xfs/xfs_rmap_item.c
+++ b/fs/xfs/xfs_rmap_item.c
@@ -490,7 +490,7 @@ xfs_rui_validate_map(
!xfs_verify_ino(mp, rmap->me_owner))
return false;
- if (rmap->me_startoff + rmap->me_len <= rmap->me_startoff)
+ if (!xfs_verify_fileext(mp, rmap->me_startoff, rmap->me_len))
return false;
return xfs_verify_fsbext(mp, rmap->me_startblock, rmap->me_len);
next prev parent reply other threads:[~2020-12-06 23:14 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-06 23:10 [PATCH 0/4] xfs: refactor extent validation for 5.11 Darrick J. Wong
2020-12-06 23:10 ` [PATCH 1/4] xfs: refactor data device extent validation Darrick J. Wong
2020-12-06 23:49 ` Dave Chinner
2020-12-07 14:15 ` Christoph Hellwig
2020-12-07 17:46 ` Brian Foster
2020-12-06 23:11 ` [PATCH 2/4] xfs: refactor realtime volume " Darrick J. Wong
2020-12-06 23:51 ` Dave Chinner
2020-12-07 14:16 ` Christoph Hellwig
2020-12-07 17:46 ` Brian Foster
2020-12-06 23:11 ` Darrick J. Wong [this message]
2020-12-06 23:56 ` [PATCH 3/4] xfs: refactor file range validation Dave Chinner
2020-12-07 14:17 ` Christoph Hellwig
2020-12-07 17:46 ` Brian Foster
2020-12-06 23:11 ` [PATCH 4/4] xfs: rename xfs_fc_* back to xfs_fs_* Darrick J. Wong
2020-12-06 23:56 ` Dave Chinner
2020-12-07 14:17 ` Christoph Hellwig
2020-12-07 17:46 ` Brian Foster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=160729626928.1608297.12355625902682243490.stgit@magnolia \
--to=darrick.wong@oracle.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.