From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: Brian Foster <bfoster@redhat.com>
Cc: linux-xfs@vger.kernel.org
Subject: Re: [PATCH 1/9] xfs: sanity-check the unused space before trying to use it
Date: Wed, 21 Mar 2018 10:44:53 -0700 [thread overview]
Message-ID: <20180321174453.GG4818@magnolia> (raw)
In-Reply-To: <20180321135233.GB11127@bfoster.bfoster>
On Wed, Mar 21, 2018 at 09:52:33AM -0400, Brian Foster wrote:
> On Wed, Mar 14, 2018 at 05:29:36PM -0700, Darrick J. Wong wrote:
> > From: Darrick J. Wong <darrick.wong@oracle.com>
> >
> > In xfs_dir2_data_use_free, we examine on-disk metadata and ASSERT if
> > it doesn't make sense. Since a carefully crafted fuzzed image can cause
> > the kernel to crash after blowing a bunch of assertions, let's move
> > those checks into a validator function and rig everything up to return
> > EFSCORRUPTED to userspace. Found by lastbit fuzzing ltail.bestcount via
> > xfs/391.
> >
> > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> > ---
> > fs/xfs/libxfs/xfs_dir2.h | 2 +
> > fs/xfs/libxfs/xfs_dir2_block.c | 38 ++++++++++++-------
> > fs/xfs/libxfs/xfs_dir2_data.c | 78 +++++++++++++++++++++++++++++++---------
> > fs/xfs/libxfs/xfs_dir2_leaf.c | 6 +++
> > fs/xfs/libxfs/xfs_dir2_node.c | 4 ++
> > 5 files changed, 93 insertions(+), 35 deletions(-)
> >
> >
> > diff --git a/fs/xfs/libxfs/xfs_dir2.h b/fs/xfs/libxfs/xfs_dir2.h
> > index 388d67c..989e95a 100644
> > --- a/fs/xfs/libxfs/xfs_dir2.h
> > +++ b/fs/xfs/libxfs/xfs_dir2.h
> > @@ -173,7 +173,7 @@ extern void xfs_dir2_data_log_unused(struct xfs_da_args *args,
> > extern void xfs_dir2_data_make_free(struct xfs_da_args *args,
> > struct xfs_buf *bp, xfs_dir2_data_aoff_t offset,
> > xfs_dir2_data_aoff_t len, int *needlogp, int *needscanp);
> > -extern void xfs_dir2_data_use_free(struct xfs_da_args *args,
> > +extern int xfs_dir2_data_use_free(struct xfs_da_args *args,
> > struct xfs_buf *bp, struct xfs_dir2_data_unused *dup,
> > xfs_dir2_data_aoff_t offset, xfs_dir2_data_aoff_t len,
> > int *needlogp, int *needscanp);
> > diff --git a/fs/xfs/libxfs/xfs_dir2_block.c b/fs/xfs/libxfs/xfs_dir2_block.c
> > index 2da86a3..5726402 100644
> > --- a/fs/xfs/libxfs/xfs_dir2_block.c
> > +++ b/fs/xfs/libxfs/xfs_dir2_block.c
> > @@ -454,12 +454,15 @@ xfs_dir2_block_addname(
> > /*
> > * Mark the space needed for the new leaf entry, now in use.
> > */
> > - xfs_dir2_data_use_free(args, bp, enddup,
> > + error = xfs_dir2_data_use_free(args, bp, enddup,
> > (xfs_dir2_data_aoff_t)
> > ((char *)enddup - (char *)hdr + be16_to_cpu(enddup->length) -
> > sizeof(*blp)),
> > (xfs_dir2_data_aoff_t)sizeof(*blp),
> > &needlog, &needscan);
>
> Parameter alignment looks screwed up on many of these updated calls
> throughout.
Yeah, they're a mess. As usual I tried to start with the smallest
possible fix, but ugh this does scream for some cleaning.
> > + if (error)
> > + return error;
> > +
> > /*
> > * Update the tail (entry count).
> > */
> ...
> > diff --git a/fs/xfs/libxfs/xfs_dir2_node.c b/fs/xfs/libxfs/xfs_dir2_node.c
> > index 0839ffe..641b352 100644
> > --- a/fs/xfs/libxfs/xfs_dir2_node.c
> > +++ b/fs/xfs/libxfs/xfs_dir2_node.c
> > @@ -2023,9 +2023,11 @@ xfs_dir2_node_addname_int(
> > /*
> > * Mark the first part of the unused space, inuse for us.
> > */
> > - xfs_dir2_data_use_free(args, dbp, dup,
> > + error = xfs_dir2_data_use_free(args, dbp, dup,
> > (xfs_dir2_data_aoff_t)((char *)dup - (char *)hdr), length,
> > &needlog, &needscan);
> > + if (error)
> > + return error;
>
> Do we have to deal with dbp here?
It's bjoined to the transaction, so dbp should be freed when the caller
cancels the transaction after we error out. OTOH it doesn't hurt to
try to release the buffer early.
--D
> Brian
>
> > /*
> > * Fill in the new entry and log it.
> > */
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-03-21 17:44 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-15 0:29 [PATCH v2 0/9] xfs-4.17: online scrub fixes Darrick J. Wong
2018-03-15 0:29 ` [PATCH 1/9] xfs: sanity-check the unused space before trying to use it Darrick J. Wong
2018-03-21 13:52 ` Brian Foster
2018-03-21 17:44 ` Darrick J. Wong [this message]
2018-03-22 5:59 ` [PATCH v2 " Darrick J. Wong
2018-03-22 14:33 ` Brian Foster
2018-03-22 17:23 ` Darrick J. Wong
2018-03-22 22:04 ` Dave Chinner
2018-03-22 17:53 ` [PATCH v3 " Darrick J. Wong
2018-03-22 22:21 ` [PATCH v4 " Darrick J. Wong
2018-03-23 12:29 ` Brian Foster
2018-03-15 0:29 ` [PATCH 2/9] xfs: refactor bmap record valiation Darrick J. Wong
2018-03-21 13:55 ` Brian Foster
2018-03-21 20:30 ` Darrick J. Wong
2018-03-22 6:01 ` [PATCH v2 " Darrick J. Wong
2018-03-22 14:33 ` Brian Foster
2018-03-15 0:29 ` [PATCH 3/9] xfs: refactor inode verifier error logging Darrick J. Wong
2018-03-21 13:55 ` Brian Foster
2018-03-15 0:29 ` [PATCH 4/9] xfs: refactor inode buffer " Darrick J. Wong
2018-03-21 13:55 ` Brian Foster
2018-03-21 18:03 ` Darrick J. Wong
2018-04-24 19:51 ` Eric Sandeen
2018-03-15 0:30 ` [PATCH 5/9] xfs: bmap scrubber should do rmap xref with bmap for sparse files Darrick J. Wong
2018-03-21 17:42 ` Brian Foster
2018-03-21 18:11 ` Darrick J. Wong
2018-03-22 6:02 ` [PATCH v2 " Darrick J. Wong
2018-03-22 14:33 ` Brian Foster
2018-03-22 17:35 ` Darrick J. Wong
2018-03-15 0:30 ` [PATCH 6/9] xfs: inode scrubber shouldn't bother with raw checks Darrick J. Wong
2018-03-21 17:42 ` Brian Foster
2018-03-21 20:37 ` Darrick J. Wong
2018-03-15 0:30 ` [PATCH 7/9] xfs: remove xfs_buf parameter from inode scrub methods Darrick J. Wong
2018-03-21 17:42 ` Brian Foster
2018-03-15 0:30 ` [PATCH 8/9] xfs: record inode buf errors as a xref error in inode scrubber Darrick J. Wong
2018-03-21 17:42 ` Brian Foster
2018-03-21 20:50 ` Darrick J. Wong
2018-03-22 14:34 ` Brian Foster
2018-03-22 6:24 ` [PATCH v2 " Darrick J. Wong
2018-03-22 14:34 ` Brian Foster
2018-03-15 0:30 ` [PATCH 9/9] xfs: move inode extent size hint validation to libxfs Darrick J. Wong
2018-03-21 17:42 ` Brian Foster
2018-03-21 3:21 ` [PATCH 10/9] xfs: don't accept inode buffers with suspicious unlinked chains Darrick J. Wong
2018-03-21 17:43 ` Brian Foster
2018-03-21 20:52 ` Darrick J. Wong
2018-03-22 6:08 ` [PATCH v2 " Darrick J. Wong
2018-03-22 14:34 ` Brian Foster
2018-03-21 3:21 ` [PATCH 11/9] xfs: flag inode corruption if parent ptr doesn't get us a real inode Darrick J. Wong
2018-03-22 14:34 ` Brian Foster
2018-03-22 17:49 ` Darrick J. Wong
2018-03-22 17:57 ` [PATCH v2 " Darrick J. Wong
2018-03-23 12:29 ` Brian Foster
2018-03-22 6:19 ` [PATCH 12/9] xfs: xfs_scrub_iallocbt_xref_rmap_inodes should use xref_set_corrupt Darrick J. Wong
2018-03-22 14:34 ` Brian Foster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180321174453.GG4818@magnolia \
--to=darrick.wong@oracle.com \
--cc=bfoster@redhat.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).