From: Brian Foster <bfoster@redhat.com>
To: Amir Goldstein <amir73il@gmail.com>
Cc: "Darrick J . Wong" <darrick.wong@oracle.com>,
Dave Chinner <david@fromorbit.com>,
linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v4] xfs: fix the size of xfs_mode_to_ftype table
Date: Sat, 24 Dec 2016 09:11:47 -0500 [thread overview]
Message-ID: <20161224141146.GA44791@bfoster.bfoster> (raw)
In-Reply-To: <1482440841-10819-1-git-send-email-amir73il@gmail.com>
On Thu, Dec 22, 2016 at 11:07:21PM +0200, Amir Goldstein wrote:
> Fix the size of the xfs_mode_to_ftype conversion table,
> which was too small to handle a malformed on-disk value
> of mode=S_IFMT.
>
> Use a convenience macros S_DT(mode) to convert from
> mode to dirent file type and change the name of the table
> to xfs_dtype_to_ftype to correctly describe its index values.
>
> Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> ---
A couple nits...
> fs/xfs/libxfs/xfs_dir2.c | 17 ++++++++---------
> fs/xfs/libxfs/xfs_dir2.h | 4 +++-
> fs/xfs/xfs_iops.c | 2 +-
> 3 files changed, 12 insertions(+), 11 deletions(-)
>
> Darrick,
>
> So my holiday season cleanup is now down to this one patch.
> I pulled back the common code and added the needed macros in
> xfs code, so this can be safely applied to xfsprogs as well.
> I will send a patch to xfsprogs later.
>
> Tested with generic/396 with -n ftype=0|1.
>
> Amir.
>
> v4:
> - independent fix patch for xfs
>
> v3:
> - resort to simpler cleanup with macros DT_MAX and S_DT()
> - mention the minor bug fix in commit message
>
> v2:
> - add private conversion from common to on-disk values
>
> v1:
> - use common conversion functions to get on-disk values
>
> diff --git a/fs/xfs/libxfs/xfs_dir2.c b/fs/xfs/libxfs/xfs_dir2.c
> index c58d72c..539f498 100644
> --- a/fs/xfs/libxfs/xfs_dir2.c
> +++ b/fs/xfs/libxfs/xfs_dir2.c
> @@ -41,15 +41,14 @@ struct xfs_name xfs_name_dotdot = { (unsigned char *)"..", 2, XFS_DIR3_FT_DIR };
> * for file type specification. This will be propagated into the directory
> * structure if appropriate for the given operation and filesystem config.
> */
> -const unsigned char xfs_mode_to_ftype[S_IFMT >> S_SHIFT] = {
> - [0] = XFS_DIR3_FT_UNKNOWN,
> - [S_IFREG >> S_SHIFT] = XFS_DIR3_FT_REG_FILE,
> - [S_IFDIR >> S_SHIFT] = XFS_DIR3_FT_DIR,
> - [S_IFCHR >> S_SHIFT] = XFS_DIR3_FT_CHRDEV,
> - [S_IFBLK >> S_SHIFT] = XFS_DIR3_FT_BLKDEV,
> - [S_IFIFO >> S_SHIFT] = XFS_DIR3_FT_FIFO,
> - [S_IFSOCK >> S_SHIFT] = XFS_DIR3_FT_SOCK,
> - [S_IFLNK >> S_SHIFT] = XFS_DIR3_FT_SYMLINK,
> +const unsigned char xfs_dtype_to_ftype[S_DT_MAX] = {
Please retain the use of FT_UNKNOWN.
> + [DT_REG] = XFS_DIR3_FT_REG_FILE,
> + [DT_DIR] = XFS_DIR3_FT_DIR,
> + [DT_CHR] = XFS_DIR3_FT_CHRDEV,
> + [DT_BLK] = XFS_DIR3_FT_BLKDEV,
> + [DT_FIFO] = XFS_DIR3_FT_FIFO,
> + [DT_SOCK] = XFS_DIR3_FT_SOCK,
> + [DT_LNK] = XFS_DIR3_FT_SYMLINK,
> };
>
> /*
> diff --git a/fs/xfs/libxfs/xfs_dir2.h b/fs/xfs/libxfs/xfs_dir2.h
> index 0197590..a069c3e 100644
> --- a/fs/xfs/libxfs/xfs_dir2.h
> +++ b/fs/xfs/libxfs/xfs_dir2.h
> @@ -35,7 +35,9 @@ extern struct xfs_name xfs_name_dotdot;
> * directory filetype conversion tables.
> */
> #define S_SHIFT 12
> -extern const unsigned char xfs_mode_to_ftype[];
> +#define S_DT(mode) (((mode) & S_IFMT) >> S_SHIFT)
> +#define S_DT_MAX (S_DT(S_IFMT) + 1)
I think I'd prefer to see the '+ 1' in the xfs_dtype_to_ftype()
definition.
Those aside, this patch seems fine to me with the simple justification
that the array size doesn't match the set of index values we
limit/validate/scope mode against. AFAIU, this isn't a known bug and
applies to mode values either read from disk or passed in externally.
Darrick has pointed out that we already validate mode values on disk. I
assume we (the kernel) do the same thing for mode values that are passed
to XFS, but I don't see anything wrong with considering invalid input
sufficiently to prevent us from doing something stupid (going off the
end of the array and crashing or, perhaps worse, reading a valid ftype
value) due to potential external (or future) brokenness or corruption.
IOW, it's a landmine fixup in a currently non-reproducible error
condition bundled with a minor cleanup to avoid all of the ugly shifting
in the array initialization.
Brian
> +extern const unsigned char xfs_dtype_to_ftype[];
>
> /*
> * directory operations vector for encode/decode routines
> diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c
> index 308bebb..d2da9ca 100644
> --- a/fs/xfs/xfs_iops.c
> +++ b/fs/xfs/xfs_iops.c
> @@ -103,7 +103,7 @@ xfs_dentry_to_name(
> {
> namep->name = dentry->d_name.name;
> namep->len = dentry->d_name.len;
> - namep->type = xfs_mode_to_ftype[(mode & S_IFMT) >> S_SHIFT];
> + namep->type = xfs_dtype_to_ftype[S_DT(mode)];
> }
>
> STATIC void
> --
> 2.7.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-12-24 14:12 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-19 20:10 [RFC][PATCH 00/11] common implementation of dirent file types Amir Goldstein
2016-12-19 20:10 ` [RFC][PATCH 01/11] fs: common implementation of file type conversions Amir Goldstein
2016-12-19 21:13 ` Darrick J. Wong
2016-12-20 5:01 ` Amir Goldstein
2016-12-20 7:37 ` [RFC][PATCH v2 " Amir Goldstein
2016-12-19 20:10 ` [RFC][PATCH 02/11] ufs: use fs_umode_to_dtype() helper Amir Goldstein
2016-12-19 20:11 ` [RFC][PATCH 03/11] hfsplus: " Amir Goldstein
2016-12-19 20:11 ` [RFC][PATCH 04/11] ext2: use common file type conversion Amir Goldstein
2016-12-19 20:11 ` [RFC][PATCH 05/11] exofs: " Amir Goldstein
2016-12-19 21:50 ` Boaz Harrosh
2016-12-19 20:11 ` [RFC][PATCH 06/11] ext4: " Amir Goldstein
2016-12-19 20:11 ` [RFC][PATCH 07/11] ocfs2: " Amir Goldstein
2016-12-19 20:11 ` [RFC][PATCH 08/11] f2fs: " Amir Goldstein
2016-12-19 20:11 ` [RFC][PATCH 09/11] nilfs2: " Amir Goldstein
2016-12-19 20:11 ` [RFC][PATCH 10/11] btrfs: " Amir Goldstein
2016-12-19 20:11 ` [RFC][PATCH 11/11] xfs: " Amir Goldstein
2016-12-19 21:55 ` Darrick J. Wong
2016-12-20 6:17 ` Amir Goldstein
2016-12-20 14:07 ` Amir Goldstein
2016-12-20 0:28 ` Darrick J. Wong
2016-12-20 5:20 ` Amir Goldstein
2016-12-21 5:23 ` Dave Chinner
2016-12-21 6:37 ` Amir Goldstein
2016-12-21 10:12 ` [RFC][PATCH v2 " Amir Goldstein
2016-12-21 18:01 ` [PATCH v3 " Amir Goldstein
2016-12-22 21:07 ` [PATCH v4] xfs: fix the size of xfs_mode_to_ftype table Amir Goldstein
2016-12-23 21:01 ` Darrick J. Wong
2016-12-24 7:31 ` Amir Goldstein
2016-12-24 14:11 ` Brian Foster [this message]
2016-12-21 15:06 ` [RFC][PATCH 11/11] xfs: use common file type conversion Theodore Ts'o
2016-12-21 16:37 ` Amir Goldstein
2016-12-21 22:56 ` Theodore Ts'o
2016-12-22 5:54 ` Amir Goldstein
2016-12-22 20:30 ` Amir Goldstein
2016-12-21 16:59 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161224141146.GA44791@bfoster.bfoster \
--to=bfoster@redhat.com \
--cc=amir73il@gmail.com \
--cc=darrick.wong@oracle.com \
--cc=david@fromorbit.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.