From: Christoph Hellwig <hch@lst.de>
To: stable@vger.kernel.org
Cc: linux-xfs@vger.kernel.org, Amir Goldstein <amir73il@gmail.com>,
"Darrick J. Wong" <darrick.wong@oracle.com>
Subject: [PATCH 10/19] xfs: sanity check inode mode when creating new dentry
Date: Thu, 2 Feb 2017 08:56:02 +0100 [thread overview]
Message-ID: <1486022171-8076-11-git-send-email-hch@lst.de> (raw)
In-Reply-To: <1486022171-8076-1-git-send-email-hch@lst.de>
From: Amir Goldstein <amir73il@gmail.com>
commit fab8eef86c814c3dd46bc5d760b6e4a53d5fc5a6 upstream.
The helper xfs_dentry_to_name() is used by 2 different
classes of callers: Callers that pass zero mode and don't care
about the returned name.type field and Callers that pass
non zero mode and do care about the name.type field.
Change xfs_dentry_to_name() to not take the mode argument and
change the call sites of the first class to not pass the mode
argument.
Create a new helper xfs_dentry_mode_to_name() which does pass
the mode argument and returns -EFSCORRUPTED if mode is invalid.
Callers that translate non zero mode to on-disk file type now
check the return value and will export the error to user instead
of staging an invalid file type to be written to directory entry.
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/xfs_iops.c | 48 +++++++++++++++++++++++++++++++++++++++---------
1 file changed, 39 insertions(+), 9 deletions(-)
diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c
index 1abe719..f5e0f60 100644
--- a/fs/xfs/xfs_iops.c
+++ b/fs/xfs/xfs_iops.c
@@ -98,12 +98,27 @@ xfs_init_security(
static void
xfs_dentry_to_name(
struct xfs_name *namep,
+ struct dentry *dentry)
+{
+ namep->name = dentry->d_name.name;
+ namep->len = dentry->d_name.len;
+ namep->type = XFS_DIR3_FT_UNKNOWN;
+}
+
+static int
+xfs_dentry_mode_to_name(
+ struct xfs_name *namep,
struct dentry *dentry,
int mode)
{
namep->name = dentry->d_name.name;
namep->len = dentry->d_name.len;
namep->type = xfs_mode_to_ftype(mode);
+
+ if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN))
+ return -EFSCORRUPTED;
+
+ return 0;
}
STATIC void
@@ -119,7 +134,7 @@ xfs_cleanup_inode(
* xfs_init_security we must back out.
* ENOSPC can hit here, among other things.
*/
- xfs_dentry_to_name(&teardown, dentry, 0);
+ xfs_dentry_to_name(&teardown, dentry);
xfs_remove(XFS_I(dir), &teardown, XFS_I(inode));
}
@@ -154,8 +169,12 @@ xfs_generic_create(
if (error)
return error;
+ /* Verify mode is valid also for tmpfile case */
+ error = xfs_dentry_mode_to_name(&name, dentry, mode);
+ if (unlikely(error))
+ goto out_free_acl;
+
if (!tmpfile) {
- xfs_dentry_to_name(&name, dentry, mode);
error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip);
} else {
error = xfs_create_tmpfile(XFS_I(dir), dentry, mode, &ip);
@@ -248,7 +267,7 @@ xfs_vn_lookup(
if (dentry->d_name.len >= MAXNAMELEN)
return ERR_PTR(-ENAMETOOLONG);
- xfs_dentry_to_name(&name, dentry, 0);
+ xfs_dentry_to_name(&name, dentry);
error = xfs_lookup(XFS_I(dir), &name, &cip, NULL);
if (unlikely(error)) {
if (unlikely(error != -ENOENT))
@@ -275,7 +294,7 @@ xfs_vn_ci_lookup(
if (dentry->d_name.len >= MAXNAMELEN)
return ERR_PTR(-ENAMETOOLONG);
- xfs_dentry_to_name(&xname, dentry, 0);
+ xfs_dentry_to_name(&xname, dentry);
error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name);
if (unlikely(error)) {
if (unlikely(error != -ENOENT))
@@ -310,7 +329,9 @@ xfs_vn_link(
struct xfs_name name;
int error;
- xfs_dentry_to_name(&name, dentry, inode->i_mode);
+ error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode);
+ if (unlikely(error))
+ return error;
error = xfs_link(XFS_I(dir), XFS_I(inode), &name);
if (unlikely(error))
@@ -329,7 +350,7 @@ xfs_vn_unlink(
struct xfs_name name;
int error;
- xfs_dentry_to_name(&name, dentry, 0);
+ xfs_dentry_to_name(&name, dentry);
error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry)));
if (error)
@@ -359,7 +380,9 @@ xfs_vn_symlink(
mode = S_IFLNK |
(irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO);
- xfs_dentry_to_name(&name, dentry, mode);
+ error = xfs_dentry_mode_to_name(&name, dentry, mode);
+ if (unlikely(error))
+ goto out;
error = xfs_symlink(XFS_I(dir), &name, symname, mode, &cip);
if (unlikely(error))
@@ -395,6 +418,7 @@ xfs_vn_rename(
{
struct inode *new_inode = d_inode(ndentry);
int omode = 0;
+ int error;
struct xfs_name oname;
struct xfs_name nname;
@@ -405,8 +429,14 @@ xfs_vn_rename(
if (flags & RENAME_EXCHANGE)
omode = d_inode(ndentry)->i_mode;
- xfs_dentry_to_name(&oname, odentry, omode);
- xfs_dentry_to_name(&nname, ndentry, d_inode(odentry)->i_mode);
+ error = xfs_dentry_mode_to_name(&oname, odentry, omode);
+ if (omode && unlikely(error))
+ return error;
+
+ error = xfs_dentry_mode_to_name(&nname, ndentry,
+ d_inode(odentry)->i_mode);
+ if (unlikely(error))
+ return error;
return xfs_rename(XFS_I(odir), &oname, XFS_I(d_inode(odentry)),
XFS_I(ndir), &nname,
--
2.1.4
next prev parent reply other threads:[~2017-02-02 7:56 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-02 7:55 4.9-stable updates for XFS Christoph Hellwig
2017-02-02 7:55 ` [PATCH 01/19] xfs: bump up reserved blocks in xfs_alloc_set_aside Christoph Hellwig
2017-02-02 7:55 ` [PATCH 02/19] xfs: fix bogus minleft manipulations Christoph Hellwig
2017-02-02 7:55 ` [PATCH 03/19] xfs: adjust allocation length in xfs_alloc_space_available Christoph Hellwig
2017-02-02 7:55 ` [PATCH 04/19] xfs: don't rely on ->total " Christoph Hellwig
2017-02-02 7:55 ` [PATCH 05/19] xfs: don't print warnings when xfs_log_force fails Christoph Hellwig
2017-02-02 7:55 ` [PATCH 06/19] xfs: make the ASSERT() condition likely Christoph Hellwig
2017-02-02 7:55 ` [PATCH 07/19] xfs: sanity check directory inode di_size Christoph Hellwig
2017-02-02 7:56 ` [PATCH 08/19] xfs: add missing include dependencies to xfs_dir2.h Christoph Hellwig
2017-02-02 7:56 ` [PATCH 09/19] xfs: replace xfs_mode_to_ftype table with switch statement Christoph Hellwig
2017-02-02 7:56 ` Christoph Hellwig [this message]
2017-02-02 7:56 ` [PATCH 11/19] xfs: sanity check inode di_mode Christoph Hellwig
2017-02-02 7:56 ` [PATCH 12/19] xfs: don't wrap ID in xfs_dq_get_next_id Christoph Hellwig
2017-02-02 7:56 ` [PATCH 13/19] xfs: fix xfs_mode_to_ftype() prototype Christoph Hellwig
2017-02-02 7:56 ` [PATCH 14/19] xfs: fix COW writeback race Christoph Hellwig
2017-02-02 7:56 ` [PATCH 15/19] xfs: verify dirblocklog correctly Christoph Hellwig
2017-02-02 7:56 ` [PATCH 16/19] xfs: remove racy hasattr check from attr ops Christoph Hellwig
2017-02-02 7:56 ` [PATCH 17/19] xfs: extsize hints are not unlikely in xfs_bmap_btalloc Christoph Hellwig
2017-02-02 7:56 ` [PATCH 18/19] xfs: clear _XBF_PAGES from buffers when readahead page Christoph Hellwig
2017-02-02 7:56 ` [PATCH 19/19] xfs: fix bmv_count confusion w/ shared extents Christoph Hellwig
2017-02-02 10:18 ` 4.9-stable updates for XFS Greg KH
2017-02-02 16:00 ` Eric Sandeen
2017-02-02 17:34 ` Eric Sandeen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1486022171-8076-11-git-send-email-hch@lst.de \
--to=hch@lst.de \
--cc=amir73il@gmail.com \
--cc=darrick.wong@oracle.com \
--cc=linux-xfs@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).