From: allison.henderson@oracle.com
To: linux-xfs@vger.kernel.org
Subject: [PATCH v5 12/26] xfs: Add xfs_verify_pptr
Date: Mon, 7 Nov 2022 02:01:42 -0700 [thread overview]
Message-ID: <20221107090156.299319-13-allison.henderson@oracle.com> (raw)
In-Reply-To: <20221107090156.299319-1-allison.henderson@oracle.com>
From: Allison Henderson <allison.henderson@oracle.com>
Attribute names of parent pointers are not strings. So we need to modify
attr_namecheck to verify parent pointer records when the XFS_ATTR_PARENT flag is
set.
Signed-off-by: Allison Henderson <allison.henderson@oracle.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
---
fs/xfs/libxfs/xfs_attr.c | 47 ++++++++++++++++++++++++++++++++---
fs/xfs/libxfs/xfs_attr.h | 3 ++-
fs/xfs/libxfs/xfs_da_format.h | 8 ++++++
fs/xfs/scrub/attr.c | 2 +-
fs/xfs/xfs_attr_item.c | 11 +++++---
fs/xfs/xfs_attr_list.c | 17 +++++++++----
6 files changed, 74 insertions(+), 14 deletions(-)
diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c
index 101823772bf9..711022742e34 100644
--- a/fs/xfs/libxfs/xfs_attr.c
+++ b/fs/xfs/libxfs/xfs_attr.c
@@ -1577,9 +1577,33 @@ xfs_attr_node_get(
return error;
}
-/* Returns true if the attribute entry name is valid. */
-bool
-xfs_attr_namecheck(
+/*
+ * Verify parent pointer attribute is valid.
+ * Return true on success or false on failure
+ */
+STATIC bool
+xfs_verify_pptr(
+ struct xfs_mount *mp,
+ const struct xfs_parent_name_rec *rec)
+{
+ xfs_ino_t p_ino;
+ xfs_dir2_dataptr_t p_diroffset;
+
+ p_ino = be64_to_cpu(rec->p_ino);
+ p_diroffset = be32_to_cpu(rec->p_diroffset);
+
+ if (!xfs_verify_ino(mp, p_ino))
+ return false;
+
+ if (p_diroffset > XFS_DIR2_MAX_DATAPTR)
+ return false;
+
+ return true;
+}
+
+/* Returns true if the string attribute entry name is valid. */
+static bool
+xfs_str_attr_namecheck(
const void *name,
size_t length)
{
@@ -1594,6 +1618,23 @@ xfs_attr_namecheck(
return !memchr(name, 0, length);
}
+/* Returns true if the attribute entry name is valid. */
+bool
+xfs_attr_namecheck(
+ struct xfs_mount *mp,
+ const void *name,
+ size_t length,
+ int flags)
+{
+ if (flags & XFS_ATTR_PARENT) {
+ if (length != sizeof(struct xfs_parent_name_rec))
+ return false;
+ return xfs_verify_pptr(mp, (struct xfs_parent_name_rec *)name);
+ }
+
+ return xfs_str_attr_namecheck(name, length);
+}
+
int __init
xfs_attr_intent_init_cache(void)
{
diff --git a/fs/xfs/libxfs/xfs_attr.h b/fs/xfs/libxfs/xfs_attr.h
index 3e81f3f48560..b79dae788cfb 100644
--- a/fs/xfs/libxfs/xfs_attr.h
+++ b/fs/xfs/libxfs/xfs_attr.h
@@ -547,7 +547,8 @@ int xfs_attr_get(struct xfs_da_args *args);
int xfs_attr_set(struct xfs_da_args *args);
int xfs_attr_set_iter(struct xfs_attr_intent *attr);
int xfs_attr_remove_iter(struct xfs_attr_intent *attr);
-bool xfs_attr_namecheck(const void *name, size_t length);
+bool xfs_attr_namecheck(struct xfs_mount *mp, const void *name, size_t length,
+ int flags);
int xfs_attr_calc_size(struct xfs_da_args *args, int *local);
void xfs_init_attr_trans(struct xfs_da_args *args, struct xfs_trans_res *tres,
unsigned int *total);
diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h
index b02b67f1999e..75b13807145d 100644
--- a/fs/xfs/libxfs/xfs_da_format.h
+++ b/fs/xfs/libxfs/xfs_da_format.h
@@ -731,6 +731,14 @@ xfs_attr3_leaf_name(xfs_attr_leafblock_t *leafp, int idx)
return &((char *)leafp)[be16_to_cpu(entries[idx].nameidx)];
}
+static inline int
+xfs_attr3_leaf_flags(xfs_attr_leafblock_t *leafp, int idx)
+{
+ struct xfs_attr_leaf_entry *entries = xfs_attr3_leaf_entryp(leafp);
+
+ return entries[idx].flags;
+}
+
static inline xfs_attr_leaf_name_remote_t *
xfs_attr3_leaf_name_remote(xfs_attr_leafblock_t *leafp, int idx)
{
diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c
index b6f0c9f3f124..d3e75c077fab 100644
--- a/fs/xfs/scrub/attr.c
+++ b/fs/xfs/scrub/attr.c
@@ -128,7 +128,7 @@ xchk_xattr_listent(
}
/* Does this name make sense? */
- if (!xfs_attr_namecheck(name, namelen)) {
+ if (!xfs_attr_namecheck(sx->sc->mp, name, namelen, flags)) {
xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno);
return;
}
diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c
index 95e9ecbb4a67..da807f286a09 100644
--- a/fs/xfs/xfs_attr_item.c
+++ b/fs/xfs/xfs_attr_item.c
@@ -593,7 +593,8 @@ xfs_attri_item_recover(
*/
attrp = &attrip->attri_format;
if (!xfs_attri_validate(mp, attrp) ||
- !xfs_attr_namecheck(nv->name.i_addr, nv->name.i_len))
+ !xfs_attr_namecheck(mp, nv->name.i_addr, nv->name.i_len,
+ attrp->alfi_attr_filter))
return -EFSCORRUPTED;
error = xlog_recover_iget(mp, attrp->alfi_ino, &ip);
@@ -804,7 +805,8 @@ xlog_recover_attri_commit_pass2(
}
attr_name = item->ri_buf[i].i_addr;
- if (!xfs_attr_namecheck(attr_name, attri_formatp->alfi_name_len)) {
+ if (!xfs_attr_namecheck(mp, attr_name, attri_formatp->alfi_name_len,
+ attri_formatp->alfi_attr_filter)) {
XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
item->ri_buf[i].i_addr, item->ri_buf[i].i_len);
return -EFSCORRUPTED;
@@ -822,8 +824,9 @@ xlog_recover_attri_commit_pass2(
}
attr_nname = item->ri_buf[i].i_addr;
- if (!xfs_attr_namecheck(attr_nname,
- attri_formatp->alfi_nname_len)) {
+ if (!xfs_attr_namecheck(mp, attr_nname,
+ attri_formatp->alfi_nname_len,
+ attri_formatp->alfi_attr_filter)) {
XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
item->ri_buf[i].i_addr,
item->ri_buf[i].i_len);
diff --git a/fs/xfs/xfs_attr_list.c b/fs/xfs/xfs_attr_list.c
index 99bbbe1a0e44..a51f7f13a352 100644
--- a/fs/xfs/xfs_attr_list.c
+++ b/fs/xfs/xfs_attr_list.c
@@ -58,9 +58,13 @@ xfs_attr_shortform_list(
struct xfs_attr_sf_sort *sbuf, *sbp;
struct xfs_attr_shortform *sf;
struct xfs_attr_sf_entry *sfe;
+ struct xfs_mount *mp;
int sbsize, nsbuf, count, i;
int error = 0;
+ ASSERT(context != NULL);
+ ASSERT(dp != NULL);
+ mp = dp->i_mount;
sf = (struct xfs_attr_shortform *)dp->i_af.if_u1.if_data;
ASSERT(sf != NULL);
if (!sf->hdr.count)
@@ -82,8 +86,9 @@ xfs_attr_shortform_list(
(dp->i_af.if_bytes + sf->hdr.count * 16) < context->bufsize)) {
for (i = 0, sfe = &sf->list[0]; i < sf->hdr.count; i++) {
if (XFS_IS_CORRUPT(context->dp->i_mount,
- !xfs_attr_namecheck(sfe->nameval,
- sfe->namelen)))
+ !xfs_attr_namecheck(mp, sfe->nameval,
+ sfe->namelen,
+ sfe->flags)))
return -EFSCORRUPTED;
context->put_listent(context,
sfe->flags,
@@ -174,8 +179,9 @@ xfs_attr_shortform_list(
cursor->offset = 0;
}
if (XFS_IS_CORRUPT(context->dp->i_mount,
- !xfs_attr_namecheck(sbp->name,
- sbp->namelen))) {
+ !xfs_attr_namecheck(mp, sbp->name,
+ sbp->namelen,
+ sbp->flags))) {
error = -EFSCORRUPTED;
goto out;
}
@@ -465,7 +471,8 @@ xfs_attr3_leaf_list_int(
}
if (XFS_IS_CORRUPT(context->dp->i_mount,
- !xfs_attr_namecheck(name, namelen)))
+ !xfs_attr_namecheck(mp, name, namelen,
+ entry->flags)))
return -EFSCORRUPTED;
context->put_listent(context, entry->flags,
name, namelen, valuelen);
--
2.25.1
next prev parent reply other threads:[~2022-11-07 9:03 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-07 9:01 [PATCH v5 00/26] Parent Pointers allison.henderson
2022-11-07 9:01 ` [PATCH v5 01/26] xfs: Add new name to attri/d allison.henderson
2022-11-07 9:01 ` [PATCH v5 02/26] xfs: Increase XFS_DEFER_OPS_NR_INODES to 5 allison.henderson
2022-11-07 9:01 ` [PATCH v5 03/26] xfs: Hold inode locks in xfs_ialloc allison.henderson
2022-11-07 9:01 ` [PATCH v5 04/26] xfs: Hold inode locks in xfs_trans_alloc_dir allison.henderson
2022-11-07 9:01 ` [PATCH v5 05/26] xfs: Hold inode locks in xfs_rename allison.henderson
2022-11-07 9:01 ` [PATCH v5 06/26] xfs: Expose init_xattrs in xfs_create_tmpfile allison.henderson
2022-11-07 9:01 ` [PATCH v5 07/26] xfs: get directory offset when adding directory name allison.henderson
2022-11-07 9:01 ` [PATCH v5 08/26] xfs: get directory offset when removing " allison.henderson
2022-11-07 9:01 ` [PATCH v5 09/26] xfs: get directory offset when replacing a " allison.henderson
2022-11-07 9:01 ` [PATCH v5 10/26] xfs: add parent pointer support to attribute code allison.henderson
2022-11-07 9:01 ` [PATCH v5 11/26] xfs: define parent pointer xattr format allison.henderson
2022-11-07 9:01 ` allison.henderson [this message]
2022-11-07 9:01 ` [PATCH v5 13/26] xfs: extend transaction reservations for parent attributes allison.henderson
2022-11-07 9:01 ` [PATCH v5 14/26] xfs: parent pointer attribute creation allison.henderson
2022-11-07 14:28 ` kernel test robot
2022-11-07 20:02 ` kernel test robot
2022-11-08 10:43 ` kernel test robot
2022-11-07 9:01 ` [PATCH v5 15/26] xfs: add parent attributes to link allison.henderson
2022-11-07 15:59 ` kernel test robot
2022-11-07 23:24 ` kernel test robot
2022-11-08 13:35 ` kernel test robot
2022-11-07 9:01 ` [PATCH v5 16/26] xfs: add parent attributes to symlink allison.henderson
2022-11-07 17:30 ` kernel test robot
2022-11-08 7:21 ` kernel test robot
2022-11-08 16:26 ` kernel test robot
2022-11-07 9:01 ` [PATCH v5 17/26] xfs: remove parent pointers in unlink allison.henderson
2022-11-08 19:38 ` kernel test robot
2022-11-07 9:01 ` [PATCH v5 18/26] xfs: Indent xfs_rename allison.henderson
2022-11-07 9:01 ` [PATCH v5 19/26] xfs: Add parent pointers to rename allison.henderson
2022-11-08 22:50 ` kernel test robot
2022-11-07 9:01 ` [PATCH v5 20/26] xfs: Add parent pointers to xfs_cross_rename allison.henderson
2022-11-07 9:01 ` [PATCH v5 21/26] xfs: Add the parent pointer support to the superblock version 5 allison.henderson
2022-11-07 9:01 ` [PATCH v5 22/26] xfs: Add helper function xfs_attr_list_context_init allison.henderson
2022-11-07 9:01 ` [PATCH v5 23/26] xfs: Filter XFS_ATTR_PARENT for getfattr allison.henderson
2022-11-07 9:01 ` [PATCH v5 24/26] xfs: Add parent pointer ioctl allison.henderson
2022-11-07 9:01 ` [PATCH v5 25/26] xfs: fix unit conversion error in xfs_log_calc_max_attrsetm_res allison.henderson
2022-11-07 9:01 ` [PATCH v5 26/26] xfs: drop compatibility minimum log size computations for reflink allison.henderson
2022-11-10 5:51 [PATCH v5 24/26] xfs: Add parent pointer ioctl kernel test robot
2022-11-10 7:07 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221107090156.299319-13-allison.henderson@oracle.com \
--to=allison.henderson@oracle.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.