From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: Christoph Hellwig <hch@lst.de>
Cc: linux-xfs@vger.kernel.org
Subject: Re: [PATCH 3/5] repair: remove BITS_PER_LONG cpp checks in bmap.[ch]
Date: Sun, 26 Jan 2020 14:20:00 -0800 [thread overview]
Message-ID: <20200126222000.GG3447196@magnolia> (raw)
In-Reply-To: <20200126113541.787884-4-hch@lst.de>
On Sun, Jan 26, 2020 at 12:35:39PM +0100, Christoph Hellwig wrote:
> Add a little helper to validate the nex count so that we can use compile
> time magic checks for sizeof long directly. Also don't print the max
> in case of an overflow as the value will always be the same.
>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> repair/bmap.c | 29 +++++++++++++++++++++--------
> repair/bmap.h | 13 -------------
> 2 files changed, 21 insertions(+), 21 deletions(-)
>
> diff --git a/repair/bmap.c b/repair/bmap.c
> index 44e43ab4..0d717cd3 100644
> --- a/repair/bmap.c
> +++ b/repair/bmap.c
> @@ -22,6 +22,22 @@
> pthread_key_t dblkmap_key;
> pthread_key_t ablkmap_key;
>
> +/*
> + * For 32 bit platforms, we are limited to extent arrays of 2^31 bytes, which
> + * limits the number of extents in an inode we can check. If we don't limit the
> + * valid range, we can overflow the BLKMAP_SIZE() calculation and allocate less
> + * memory than we think we needed, and hence walk off the end of the array and
> + * corrupt memory.
> + */
> +static inline bool
> +blkmap_nex_valid(
> + xfs_extnum_t nex)
> +{
> + if (sizeof(long) < 64 && nex >= INT_MAX / sizeof(bmap_ext_t))
sizeof(long) < 8
Frankly I suspect the maximum array length on 32 bit platforms is far
less than 2^31 bytes...
--D
> + return false;
> + return true;
> +}
> +
> blkmap_t *
> blkmap_alloc(
> xfs_extnum_t nex,
> @@ -35,8 +51,7 @@ blkmap_alloc(
> if (nex < 1)
> nex = 1;
>
> -#if (BITS_PER_LONG == 32) /* on 64-bit platforms this is never true */
> - if (nex > BLKMAP_NEXTS_MAX) {
> + if (!blkmap_nex_valid(nex)) {
> do_warn(
> _("Number of extents requested in blkmap_alloc (%d) overflows 32 bits.\n"
> "If this is not a corruption, then you will need a 64 bit system\n"
> @@ -44,7 +59,6 @@ blkmap_alloc(
> nex);
> return NULL;
> }
> -#endif
>
> key = whichfork ? ablkmap_key : dblkmap_key;
> blkmap = pthread_getspecific(key);
> @@ -278,20 +292,19 @@ blkmap_grow(
> ASSERT(pthread_getspecific(key) == blkmap);
> }
>
> -#if (BITS_PER_LONG == 32) /* on 64-bit platforms this is never true */
> - if (new_naexts > BLKMAP_NEXTS_MAX) {
> + if (!blkmap_nex_valid(new_naexts)) {
> do_error(
> _("Number of extents requested in blkmap_grow (%d) overflows 32 bits.\n"
> "You need a 64 bit system to repair this filesystem.\n"),
> new_naexts);
> return NULL;
> }
> -#endif
> +
> if (new_naexts <= 0) {
> do_error(
> _("Number of extents requested in blkmap_grow (%d) overflowed the\n"
> - "maximum number of supported extents (%d).\n"),
> - new_naexts, BLKMAP_NEXTS_MAX);
> + "maximum number of supported extents.\n"),
> + new_naexts);
> return NULL;
> }
>
> diff --git a/repair/bmap.h b/repair/bmap.h
> index 4b588df8..df9602b3 100644
> --- a/repair/bmap.h
> +++ b/repair/bmap.h
> @@ -28,19 +28,6 @@ typedef struct blkmap {
> #define BLKMAP_SIZE(n) \
> (offsetof(blkmap_t, exts) + (sizeof(bmap_ext_t) * (n)))
>
> -/*
> - * For 32 bit platforms, we are limited to extent arrays of 2^31 bytes, which
> - * limits the number of extents in an inode we can check. If we don't limit the
> - * valid range, we can overflow the BLKMAP_SIZE() calculation and allocate less
> - * memory than we think we needed, and hence walk off the end of the array and
> - * corrupt memory.
> - */
> -#if BITS_PER_LONG == 32
> -#define BLKMAP_NEXTS_MAX ((INT_MAX / sizeof(bmap_ext_t)) - 1)
> -#else
> -#define BLKMAP_NEXTS_MAX INT_MAX
> -#endif
> -
> extern pthread_key_t dblkmap_key;
> extern pthread_key_t ablkmap_key;
>
> --
> 2.24.1
>
next prev parent reply other threads:[~2020-01-26 22:20 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-26 11:35 stop generating platform_defs.h Christoph Hellwig
2020-01-26 11:35 ` [PATCH 1/5] xfsprogs: remove the ENABLE_GETTEXT substitution in platform_defs.h.in Christoph Hellwig
2020-01-26 22:12 ` Darrick J. Wong
2020-01-26 11:35 ` [PATCH 2/5] xfsprogs: remove the SIZEOF_CHAR_P " Christoph Hellwig
2020-01-26 22:13 ` Darrick J. Wong
2020-01-26 11:35 ` [PATCH 3/5] repair: remove BITS_PER_LONG cpp checks in bmap.[ch] Christoph Hellwig
2020-01-26 22:20 ` Darrick J. Wong [this message]
2020-01-26 11:35 ` [PATCH 4/5] xfsprogs: remove the SIZEOF_LONG substitution in platform_defs.h.in Christoph Hellwig
2020-01-26 22:20 ` Darrick J. Wong
2020-01-26 11:35 ` [PATCH 5/5] xfsprogs: stop generating platform_defs.h Christoph Hellwig
2020-01-26 22:21 ` Darrick J. Wong
-- strict thread matches above, loose matches on Subject: below --
2020-01-29 6:49 stop generating platform_defs.h V2 Christoph Hellwig
2020-01-29 6:49 ` [PATCH 3/5] repair: remove BITS_PER_LONG cpp checks in bmap.[ch] Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200126222000.GG3447196@magnolia \
--to=darrick.wong@oracle.com \
--cc=hch@lst.de \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.