Re: [PATCH 3/3] xfs: simplify iovec validation in xlog_recover_attri_commit_pass2

public inbox for linux-xfs@vger.kernel.org
 help / color / mirror / Atom feed

From: Long Li <leo.lilong@huawei.com>
To: "Darrick J. Wong" <djwong@kernel.org>
Cc: <cem@kernel.org>, <linux-xfs@vger.kernel.org>,
	<david@fromorbit.com>, <yi.zhang@huawei.com>,
	<houtao1@huawei.com>, <yangerkun@huawei.com>,
	<lonuxli.64@gmail.com>
Subject: Re: [PATCH 3/3] xfs: simplify iovec validation in xlog_recover_attri_commit_pass2
Date: Tue, 17 Mar 2026 10:33:20 +0800	[thread overview]
Message-ID: <abi9cPp1pfsVhsAD@localhost.localdomain> (raw)
In-Reply-To: <20260316224632.GE1770774@frogsfrogsfrogs>

On Mon, Mar 16, 2026 at 03:46:32PM -0700, Darrick J. Wong wrote:
> On Mon, Mar 16, 2026 at 09:24:16AM +0800, Long Li wrote:
> > Consolidate the per-case ri_total checks into a single comparison by
> > assigning the expected iovec count to a local variable inside each
> > switch arm, removing four nearly identical error blocks.
> > 
> > Remove the redundant post-parse validation switch. By the time that
> > block is reached, xfs_attri_validate() has already guaranteed all name
> > lengths are non-zero via xfs_attri_validate_namelen(), and
> > xfs_attri_validate_name_iovec() has already returned -EFSCORRUPTED for
> > NULL names. For the REMOVE case, attr_value and value_len are
> > structurally guaranteed to be NULL/zero because the parsing loop only
> > populates them when value_len != 0. All checks in that switch are
> > therefore dead code.
> > 
> > Signed-off-by: Long Li <leo.lilong@huawei.com>
> > ---
> >  fs/xfs/xfs_attr_item.c | 79 +++++++-----------------------------------
> >  1 file changed, 12 insertions(+), 67 deletions(-)
> > 
> > diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c
> > index 21da995ba4e7..32236f5008ec 100644
> > --- a/fs/xfs/xfs_attr_item.c
> > +++ b/fs/xfs/xfs_attr_item.c
> > @@ -1016,12 +1016,13 @@ xlog_recover_attri_commit_pass2(
> >  	unsigned int			new_name_len = 0;
> >  	unsigned int			new_value_len = 0;
> >  	unsigned int			op, i = 0;
> > +	unsigned int			expected = 0;
> >  
> >  	/* Validate xfs_attri_log_format before the large memory allocation */
> >  	len = sizeof(struct xfs_attri_log_format);
> >  	if (item->ri_buf[i].iov_len != len) {
> >  		XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
> > -				item->ri_buf[0].iov_base, item->ri_buf[0].iov_len);
> > +				item->ri_buf[i].iov_base, item->ri_buf[i].iov_len);
> >  		return -EFSCORRUPTED;
> >  	}
> >  
> > @@ -1038,32 +1039,20 @@ xlog_recover_attri_commit_pass2(
> >  	case XFS_ATTRI_OP_FLAGS_PPTR_REMOVE:
> >  	case XFS_ATTRI_OP_FLAGS_PPTR_SET:
> >  		/* Log item, attr name, attr value */
> > -		if (item->ri_total != 3) {
> > -			XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
> > -					     attri_formatp, len);
> > -			return -EFSCORRUPTED;
> > -		}
> > +		expected = 3;
> >  		name_len = attri_formatp->alfi_name_len;
> >  		value_len = attri_formatp->alfi_value_len;
> >  		break;
> >  	case XFS_ATTRI_OP_FLAGS_SET:
> >  	case XFS_ATTRI_OP_FLAGS_REPLACE:
> >  		/* Log item, attr name, attr value */
> > -		if (item->ri_total != 2 + !!attri_formatp->alfi_value_len) {
> > -			XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
> > -					     attri_formatp, len);
> > -			return -EFSCORRUPTED;
> > -		}
> > +		expected = 2 + !!attri_formatp->alfi_value_len;
> >  		name_len = attri_formatp->alfi_name_len;
> >  		value_len = attri_formatp->alfi_value_len;
> >  		break;
> >  	case XFS_ATTRI_OP_FLAGS_REMOVE:
> >  		/* Log item, attr name */
> > -		if (item->ri_total != 2) {
> > -			XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
> > -					     attri_formatp, len);
> > -			return -EFSCORRUPTED;
> > -		}
> > +		expected = 2;
> >  		name_len = attri_formatp->alfi_name_len;
> >  		break;
> >  	case XFS_ATTRI_OP_FLAGS_PPTR_REPLACE:
> > @@ -1071,11 +1060,7 @@ xlog_recover_attri_commit_pass2(
> >  		 * Log item, attr name, new attr name, attr value, new attr
> >  		 * value
> >  		 */
> > -		if (item->ri_total != 5) {
> > -			XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
> > -					     attri_formatp, len);
> > -			return -EFSCORRUPTED;
> > -		}
> > +		expected = 5;
> >  		name_len = attri_formatp->alfi_old_name_len;
> >  		new_name_len = attri_formatp->alfi_new_name_len;
> >  		new_value_len = value_len = attri_formatp->alfi_value_len;
> > @@ -1085,6 +1070,12 @@ xlog_recover_attri_commit_pass2(
> >  				     attri_formatp, len);
> >  		return -EFSCORRUPTED;
> >  	}
> > +
> > +	if (item->ri_total != expected) {
> > +		XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
> 
> The downside to this change is that XFS_CORRUPTION_ERROR prints the
> source file and line number, so now anyone looking through the logs
> cannot identify a specific line number.  However...
> 

The corrupted information will output the entire `xfs_attri_log_format`,
from which the operation type can also be inferred. However, the original
code outputs more intuitive information, and thus it might be fine to leave
it unchanged.

Thanks,
Long Li

     prev parent reply	other threads:[~2026-03-17  2:37 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-16  1:24 [PATCH 0/3] xfs: fixes and clean up for attr item Long Li
2026-03-16  1:24 ` [PATCH 1/3] xfs: fix possible null pointer dereference in xfs_attri_recover_work Long Li
2026-03-16 22:33   ` Darrick J. Wong
2026-03-17  2:19     ` Long Li
2026-03-16  1:24 ` [PATCH 2/3] xfs: fix ri_total validation in xlog_recover_attri_commit_pass2 Long Li
2026-03-16 22:39   ` Darrick J. Wong
2026-03-17  2:14     ` Long Li
2026-03-16  1:24 ` [PATCH 3/3] xfs: simplify iovec " Long Li
2026-03-16 22:46   ` Darrick J. Wong
2026-03-17  2:33     ` Long Li [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=abi9cPp1pfsVhsAD@localhost.localdomain \
    --to=leo.lilong@huawei.com \
    --cc=cem@kernel.org \
    --cc=david@fromorbit.com \
    --cc=djwong@kernel.org \
    --cc=houtao1@huawei.com \
    --cc=linux-xfs@vger.kernel.org \
    --cc=lonuxli.64@gmail.com \
    --cc=yangerkun@huawei.com \
    --cc=yi.zhang@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox