[PATH,5.10,1/4] xfs: detect overflows in bmbt records

Message ID	20220525111715.2769700-2-amir73il@gmail.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <fstests-owner@kernel.org> From: Amir Goldstein <amir73il@gmail.com> To: Dave Chinner <david@fromorbit.com>, "Darrick J . Wong" <darrick.wong@oracle.com> Cc: Luis Chamberlain <mcgrof@kernel.org>, Theodore Ts'o <tytso@mit.edu>, Adam Manzanares <a.manzanares@samsung.com>, Tyler Hicks <code@tyhicks.com>, linux-xfs@vger.kernel.org, fstests@vger.kernel.org, Christoph Hellwig <hch@lst.de> Subject: [PATH 5.10 1/4] xfs: detect overflows in bmbt records Date: Wed, 25 May 2022 14:17:12 +0300 Message-Id: <20220525111715.2769700-2-amir73il@gmail.com> In-Reply-To: <20220525111715.2769700-1-amir73il@gmail.com> References: <20220525111715.2769700-1-amir73il@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	xfs stable candidate patches for 5.10.y (part 1) \| expand [PATH,5.10,0/4] xfs stable candidate patches for 5.10.y (part 1) [PATH,5.10,1/4] xfs: detect overflows in bmbt records [PATH,5.10,2/4] xfs: show the proper user quota options [PATH,5.10,3/4] xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks [PATH,5.10,4/4] xfs: fix an ABBA deadlock in xfs_rename

Message ID

20220525111715.2769700-2-amir73il@gmail.com (mailing list archive)

State

New, archived

Headers

From: Amir Goldstein <amir73il@gmail.com>
To: Dave Chinner <david@fromorbit.com>,
        "Darrick J . Wong" <darrick.wong@oracle.com>
Cc: Luis Chamberlain <mcgrof@kernel.org>,
        Theodore Ts'o <tytso@mit.edu>,
        Adam Manzanares <a.manzanares@samsung.com>,
        Tyler Hicks <code@tyhicks.com>, linux-xfs@vger.kernel.org,
        fstests@vger.kernel.org, Christoph Hellwig <hch@lst.de>
Subject: [PATH 5.10 1/4] xfs: detect overflows in bmbt records
Date: Wed, 25 May 2022 14:17:12 +0300
Message-Id: <20220525111715.2769700-2-amir73il@gmail.com>
In-Reply-To: <20220525111715.2769700-1-amir73il@gmail.com>
References: <20220525111715.2769700-1-amir73il@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

xfs stable candidate patches for 5.10.y (part 1) | expand

Commit Message

Amir Goldstein May 25, 2022, 11:17 a.m. UTC

From: "Darrick J. Wong" <darrick.wong@oracle.com>

commit acf104c2331c1ba2a667e65dd36139d1555b1432 upstream.

Detect file block mappings with a blockcount that's either so large that
integer overflows occur or are zero, because neither are valid in the
filesystem.  Worse yet, attempting directory modifications causes the
iext code to trip over the bmbt key handling and takes the filesystem
down.  We can fix most of this by preventing the bad metadata from
entering the incore structures in the first place.

Found by setting blockcount=0 in a directory data fork mapping and
watching the fireworks.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
 fs/xfs/libxfs/xfs_bmap.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c
index d9a692484eae..de9c27ef68d8 100644
--- a/fs/xfs/libxfs/xfs_bmap.c
+++ b/fs/xfs/libxfs/xfs_bmap.c
@@ -6229,6 +6229,11 @@  xfs_bmap_validate_extent(
 	xfs_fsblock_t		endfsb;
 	bool			isrt;
 
+	if (irec->br_startblock + irec->br_blockcount <= irec->br_startblock)
+		return __this_address;
+	if (irec->br_startoff + irec->br_blockcount <= irec->br_startoff)
+		return __this_address;
+
 	isrt = XFS_IS_REALTIME_INODE(ip);
 	endfsb = irec->br_startblock + irec->br_blockcount - 1;
 	if (isrt && whichfork == XFS_DATA_FORK) {

[PATH,5.10,1/4] xfs: detect overflows in bmbt records

Commit Message

Patch