From: Carlos Maiolino <cmaiolino@redhat.com>
To: Dave Chinner <david@fromorbit.com>
Cc: linux-xfs@vger.kernel.org
Subject: Re: [PATCH 4/6 v2] xfs: validate btree records on retreival
Date: Tue, 5 Jun 2018 12:42:07 +0200 [thread overview]
Message-ID: <20180605104207.3qlaudozsmjrize7@odin.usersys.redhat.com> (raw)
In-Reply-To: <20180605064043.GH10363@dastard>
> union xfs_btree_rec *rec;
> int error;
>
> @@ -222,12 +224,28 @@ xfs_alloc_get_rec(
> if (error || !(*stat))
> return error;
> if (rec->alloc.ar_blockcount == 0)
> - return -EFSCORRUPTED;
> + goto out_bad_rec;
>
> *bno = be32_to_cpu(rec->alloc.ar_startblock);
> *len = be32_to_cpu(rec->alloc.ar_blockcount);
>
> - return error;
> + /* check for valid extent range, including overflow */
> + if (!xfs_verify_agbno(mp, agno, *bno))
> + goto out_bad_rec;
> + if (*bno > *bno + *len)
> + goto out_bad_rec;
> + if (!xfs_verify_agbno(mp, agno, *bno + *len - 1))
> + goto out_bad_rec;
> +
> + return 0;
> +
> +out_bad_rec:
> + xfs_warn(mp,
> + "%s Freespace BTree record corruption in AG %d detected!",
> + cur->bc_btnum == XFS_BTNUM_BNO ? "Block" : "Size", agno);
> + xfs_warn(mp,
> + "start block 0x%x block count 0x%x", *bno, *len);
> + return -EFSCORRUPTED;
> }
>
> /*
> diff --git a/fs/xfs/libxfs/xfs_ialloc.c b/fs/xfs/libxfs/xfs_ialloc.c
> index ec5ea02b5553..3f551eb29157 100644
> --- a/fs/xfs/libxfs/xfs_ialloc.c
> +++ b/fs/xfs/libxfs/xfs_ialloc.c
> @@ -121,16 +121,45 @@ xfs_inobt_get_rec(
> struct xfs_inobt_rec_incore *irec,
> int *stat)
> {
> + struct xfs_mount *mp = cur->bc_mp;
> + xfs_agnumber_t agno = cur->bc_private.a.agno;
> union xfs_btree_rec *rec;
> int error;
> + uint64_t realfree;
>
> error = xfs_btree_get_rec(cur, &rec, stat);
> if (error || *stat == 0)
> return error;
>
> - xfs_inobt_btrec_to_irec(cur->bc_mp, rec, irec);
> + xfs_inobt_btrec_to_irec(mp, rec, irec);
> +
> + if (!xfs_verify_agino(mp, agno, irec->ir_startino))
> + goto out_bad_rec;
> + if (irec->ir_count < XFS_INODES_PER_HOLEMASK_BIT ||
> + irec->ir_count > XFS_INODES_PER_CHUNK)
> + goto out_bad_rec;
> + if (irec->ir_freecount > XFS_INODES_PER_CHUNK)
> + goto out_bad_rec;
> +
> + /* if there are no holes, return the first available offset */
> + if (!xfs_inobt_issparse(irec->ir_holemask))
> + realfree = irec->ir_free;
> + else
> + realfree = irec->ir_free & xfs_inobt_irec_to_allocmask(irec);
> + if (hweight64(realfree) != irec->ir_freecount)
> + goto out_bad_rec;
>
> return 0;
> +
> +out_bad_rec:
> + xfs_warn(mp,
> + "%s Inode BTree record corruption in AG %d detected!",
> + cur->bc_btnum == XFS_BTNUM_INO ? "Used" : "Free", agno);
> + xfs_warn(mp,
> +"start inode 0x%x, count 0x%x, free 0x%x freemask 0x%llx, holemask 0x%x",
> + irec->ir_startino, irec->ir_count, irec->ir_freecount,
> + irec->ir_free, irec->ir_holemask);
> + return -EFSCORRUPTED;
> }
>
> /*
> diff --git a/fs/xfs/libxfs/xfs_refcount.c b/fs/xfs/libxfs/xfs_refcount.c
> index ed5704c7dcf5..9a2a2004af24 100644
> --- a/fs/xfs/libxfs/xfs_refcount.c
> +++ b/fs/xfs/libxfs/xfs_refcount.c
> @@ -111,16 +111,51 @@ xfs_refcount_get_rec(
> struct xfs_refcount_irec *irec,
> int *stat)
> {
> + struct xfs_mount *mp = cur->bc_mp;
> + xfs_agnumber_t agno = cur->bc_private.a.agno;
> union xfs_btree_rec *rec;
> int error;
> + xfs_agblock_t realstart;
>
> error = xfs_btree_get_rec(cur, &rec, stat);
> - if (!error && *stat == 1) {
> - xfs_refcount_btrec_to_irec(rec, irec);
> - trace_xfs_refcount_get(cur->bc_mp, cur->bc_private.a.agno,
> - irec);
> + if (error || !*stat)
> + return error;
> +
> + xfs_refcount_btrec_to_irec(rec, irec);
> +
> + agno = cur->bc_private.a.agno;
> + if (irec->rc_blockcount == 0 || irec->rc_blockcount > MAXREFCEXTLEN)
> + goto out_bad_rec;
> +
> + /* handle special COW-staging state */
> + realstart = irec->rc_startblock;
> + if (realstart & XFS_REFC_COW_START) {
> + if (irec->rc_refcount != 1)
> + goto out_bad_rec;
> + realstart &= ~XFS_REFC_COW_START;
> }
> - return error;
> +
> + /* check for valid extent range, including overflow */
> + if (!xfs_verify_agbno(mp, agno, realstart))
> + goto out_bad_rec;
> + if (realstart > realstart + irec->rc_blockcount)
I am not sure if I'm right, but I thought this ought to be ">="?
Other than that, you can add:
Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com>
--
Carlos
next prev parent reply other threads:[~2018-06-05 10:42 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-05 6:24 [PATCH 0/6 V2] xfs: more verifications! Dave Chinner
2018-06-05 6:24 ` [PATCH 1/6] xfs: catch bad stripe alignment configurations Dave Chinner
2018-06-05 9:27 ` Carlos Maiolino
2018-06-05 6:24 ` [PATCH 2/6] xfs: verify extent size hint is valid in inode verifier Dave Chinner
2018-06-05 9:53 ` Carlos Maiolino
2018-06-05 22:56 ` Dave Chinner
2018-06-05 17:10 ` Darrick J. Wong
2018-06-07 16:16 ` Darrick J. Wong
2018-06-08 1:10 ` Dave Chinner
2018-06-08 1:23 ` Darrick J. Wong
2018-06-08 2:23 ` Eric Sandeen
2018-07-24 6:39 ` Eric Sandeen
2018-07-24 16:43 ` Darrick J. Wong
2018-08-20 15:06 ` Brian Foster
2018-08-20 15:27 ` Eric Sandeen
2018-08-20 15:36 ` Darrick J. Wong
2018-08-20 15:59 ` Brian Foster
2018-08-20 22:15 ` Dave Chinner
2018-08-21 10:56 ` Brian Foster
2018-08-22 0:41 ` Dave Chinner
2018-06-05 6:24 ` [PATCH 3/6] xfs: verify COW " Dave Chinner
2018-06-05 10:00 ` Carlos Maiolino
2018-06-05 17:09 ` Darrick J. Wong
2018-06-05 6:24 ` [PATCH 4/6] xfs: validate btree records on retreival Dave Chinner
2018-06-05 6:40 ` [PATCH 4/6 v2] " Dave Chinner
2018-06-05 10:42 ` Carlos Maiolino [this message]
2018-06-05 23:00 ` Dave Chinner
2018-06-05 17:47 ` Darrick J. Wong
2018-06-05 23:02 ` Dave Chinner
2018-06-06 1:21 ` [PATCH 4/6 v3] " Dave Chinner
2018-06-05 6:24 ` [PATCH 5/6] xfs: verify root inode more thoroughly Dave Chinner
2018-06-05 10:50 ` Carlos Maiolino
2018-06-05 17:10 ` Darrick J. Wong
2018-06-05 6:24 ` [PATCH 6/6] xfs: push corruption -> ESTALE conversion to xfs_nfs_get_inode() Dave Chinner
2018-06-05 11:12 ` Carlos Maiolino
2018-06-05 17:11 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180605104207.3qlaudozsmjrize7@odin.usersys.redhat.com \
--to=cmaiolino@redhat.com \
--cc=david@fromorbit.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).