From: Eric Sandeen <sandeen@sandeen.net>
To: Christoph Hellwig <hch@infradead.org>
Cc: xfs mailing list <xfs@oss.sgi.com>
Subject: Re: [PATCH] xfs_metadump: agcount*agblocks overflow
Date: Thu, 02 Jul 2009 14:56:29 -0500 [thread overview]
Message-ID: <4A4D10ED.70506@sandeen.net> (raw)
In-Reply-To: <20090702192903.GA13919@infradead.org>
Christoph Hellwig wrote:
> On Thu, Jul 02, 2009 at 12:03:23PM -0500, Eric Sandeen wrote:
>> Found another potential overflow in xfs_metadump,
>> similar to those just fixed in repair.
>>
>> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
>> --
>>
>> diff --git a/db/metadump.c b/db/metadump.c
>> index 19aed4f..ef6e571 100644
>> --- a/db/metadump.c
>> +++ b/db/metadump.c
>> @@ -222,7 +222,8 @@ valid_bno(
>> return 1;
>> if (agno == (mp->m_sb.sb_agcount - 1) && agbno > 0 &&
>> agbno <= (mp->m_sb.sb_dblocks -
>> - (mp->m_sb.sb_agcount - 1) * mp->m_sb.sb_agblocks))
>> + (xfs_drfsbno_t)(mp->m_sb.sb_agcount - 1) *
>> + mp->m_sb.sb_agblocks))
>> return 1;
>>
>> return 0;
>
> I have a really hard time reading the function (both before and after
> your patch). It's a real mess and no wonder we have these overflow
> problems here. What about the following instead:
well, I think the original goal was to make it efficient for the common
case. How muchthis matters, not really sure. (at least that's the
comment in the xfs_repair counterpart)
> static int
> valid_bno(
> xfs_agnumber_t agno,
> xfs_agblock_t agbno)
> {
> xfs_agnumber_t last_agno = mp->m_sb.sb_agcount - 1;
> xfs_drfsbno_t nblocks;
>
> /*
> * The first block in every AG contains a backups superblock,
> * and is copied separately, and we can skip it early as an
> * optimization.
> */
> if (agbno == 0)
> return 0;
>
> /*
> * An invalid AG number is never okay.
> */
> if (agno > last_agno)
> return 0;
>
> if (agno == last_agno) {
> nblocks = mp->m_sb.sb_dblocks -
> ((xfs_drfsbno_t)mp->m_sb.sb_agblocks *
> (mp->m_sb.sb_agcount - 1));
> } else {
> nblocks = mp->m_sb.sb_agblocks);
> }
>
> if (agbno > nblocks)
> return 0;
> return 1;
> }
>
> and with that form I wonder if we don't still have an off-by-one
> in the last if clause - shouldn't the agblocks be the count of blocks
> while agbno is an indes and thus 0-based?
>
> Btw, do you have a testcase for this?
no testcase here, though could craft one. I discovered it on Jesse's
corruptd fs (very big metadump image)
-Eric
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
prev parent reply other threads:[~2009-07-02 19:56 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-02 17:03 [PATCH] xfs_metadump: agcount*agblocks overflow Eric Sandeen
2009-07-02 19:29 ` Christoph Hellwig
2009-07-02 19:56 ` Eric Sandeen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A4D10ED.70506@sandeen.net \
--to=sandeen@sandeen.net \
--cc=hch@infradead.org \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.