* [PATCH] xfs_metadump: agcount*agblocks overflow
@ 2009-07-02 17:03 Eric Sandeen
2009-07-02 19:29 ` Christoph Hellwig
0 siblings, 1 reply; 3+ messages in thread
From: Eric Sandeen @ 2009-07-02 17:03 UTC (permalink / raw)
To: xfs mailing list
Found another potential overflow in xfs_metadump,
similar to those just fixed in repair.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
--
diff --git a/db/metadump.c b/db/metadump.c
index 19aed4f..ef6e571 100644
--- a/db/metadump.c
+++ b/db/metadump.c
@@ -222,7 +222,8 @@ valid_bno(
return 1;
if (agno == (mp->m_sb.sb_agcount - 1) && agbno > 0 &&
agbno <= (mp->m_sb.sb_dblocks -
- (mp->m_sb.sb_agcount - 1) * mp->m_sb.sb_agblocks))
+ (xfs_drfsbno_t)(mp->m_sb.sb_agcount - 1) *
+ mp->m_sb.sb_agblocks))
return 1;
return 0;
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] xfs_metadump: agcount*agblocks overflow
2009-07-02 17:03 [PATCH] xfs_metadump: agcount*agblocks overflow Eric Sandeen
@ 2009-07-02 19:29 ` Christoph Hellwig
2009-07-02 19:56 ` Eric Sandeen
0 siblings, 1 reply; 3+ messages in thread
From: Christoph Hellwig @ 2009-07-02 19:29 UTC (permalink / raw)
To: Eric Sandeen; +Cc: xfs mailing list
On Thu, Jul 02, 2009 at 12:03:23PM -0500, Eric Sandeen wrote:
> Found another potential overflow in xfs_metadump,
> similar to those just fixed in repair.
>
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
> --
>
> diff --git a/db/metadump.c b/db/metadump.c
> index 19aed4f..ef6e571 100644
> --- a/db/metadump.c
> +++ b/db/metadump.c
> @@ -222,7 +222,8 @@ valid_bno(
> return 1;
> if (agno == (mp->m_sb.sb_agcount - 1) && agbno > 0 &&
> agbno <= (mp->m_sb.sb_dblocks -
> - (mp->m_sb.sb_agcount - 1) * mp->m_sb.sb_agblocks))
> + (xfs_drfsbno_t)(mp->m_sb.sb_agcount - 1) *
> + mp->m_sb.sb_agblocks))
> return 1;
>
> return 0;
I have a really hard time reading the function (both before and after
your patch). It's a real mess and no wonder we have these overflow
problems here. What about the following instead:
static int
valid_bno(
xfs_agnumber_t agno,
xfs_agblock_t agbno)
{
xfs_agnumber_t last_agno = mp->m_sb.sb_agcount - 1;
xfs_drfsbno_t nblocks;
/*
* The first block in every AG contains a backups superblock,
* and is copied separately, and we can skip it early as an
* optimization.
*/
if (agbno == 0)
return 0;
/*
* An invalid AG number is never okay.
*/
if (agno > last_agno)
return 0;
if (agno == last_agno) {
nblocks = mp->m_sb.sb_dblocks -
((xfs_drfsbno_t)mp->m_sb.sb_agblocks *
(mp->m_sb.sb_agcount - 1));
} else {
nblocks = mp->m_sb.sb_agblocks);
}
if (agbno > nblocks)
return 0;
return 1;
}
and with that form I wonder if we don't still have an off-by-one
in the last if clause - shouldn't the agblocks be the count of blocks
while agbno is an indes and thus 0-based?
Btw, do you have a testcase for this?
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] xfs_metadump: agcount*agblocks overflow
2009-07-02 19:29 ` Christoph Hellwig
@ 2009-07-02 19:56 ` Eric Sandeen
0 siblings, 0 replies; 3+ messages in thread
From: Eric Sandeen @ 2009-07-02 19:56 UTC (permalink / raw)
To: Christoph Hellwig; +Cc: xfs mailing list
Christoph Hellwig wrote:
> On Thu, Jul 02, 2009 at 12:03:23PM -0500, Eric Sandeen wrote:
>> Found another potential overflow in xfs_metadump,
>> similar to those just fixed in repair.
>>
>> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
>> --
>>
>> diff --git a/db/metadump.c b/db/metadump.c
>> index 19aed4f..ef6e571 100644
>> --- a/db/metadump.c
>> +++ b/db/metadump.c
>> @@ -222,7 +222,8 @@ valid_bno(
>> return 1;
>> if (agno == (mp->m_sb.sb_agcount - 1) && agbno > 0 &&
>> agbno <= (mp->m_sb.sb_dblocks -
>> - (mp->m_sb.sb_agcount - 1) * mp->m_sb.sb_agblocks))
>> + (xfs_drfsbno_t)(mp->m_sb.sb_agcount - 1) *
>> + mp->m_sb.sb_agblocks))
>> return 1;
>>
>> return 0;
>
> I have a really hard time reading the function (both before and after
> your patch). It's a real mess and no wonder we have these overflow
> problems here. What about the following instead:
well, I think the original goal was to make it efficient for the common
case. How muchthis matters, not really sure. (at least that's the
comment in the xfs_repair counterpart)
> static int
> valid_bno(
> xfs_agnumber_t agno,
> xfs_agblock_t agbno)
> {
> xfs_agnumber_t last_agno = mp->m_sb.sb_agcount - 1;
> xfs_drfsbno_t nblocks;
>
> /*
> * The first block in every AG contains a backups superblock,
> * and is copied separately, and we can skip it early as an
> * optimization.
> */
> if (agbno == 0)
> return 0;
>
> /*
> * An invalid AG number is never okay.
> */
> if (agno > last_agno)
> return 0;
>
> if (agno == last_agno) {
> nblocks = mp->m_sb.sb_dblocks -
> ((xfs_drfsbno_t)mp->m_sb.sb_agblocks *
> (mp->m_sb.sb_agcount - 1));
> } else {
> nblocks = mp->m_sb.sb_agblocks);
> }
>
> if (agbno > nblocks)
> return 0;
> return 1;
> }
>
> and with that form I wonder if we don't still have an off-by-one
> in the last if clause - shouldn't the agblocks be the count of blocks
> while agbno is an indes and thus 0-based?
>
> Btw, do you have a testcase for this?
no testcase here, though could craft one. I discovered it on Jesse's
corruptd fs (very big metadump image)
-Eric
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-07-02 19:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-07-02 17:03 [PATCH] xfs_metadump: agcount*agblocks overflow Eric Sandeen
2009-07-02 19:29 ` Christoph Hellwig
2009-07-02 19:56 ` Eric Sandeen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox