From patchwork Mon Mar 27 07:43:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Borisov X-Patchwork-Id: 9645479 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2166F602BF for ; Mon, 27 Mar 2017 07:53:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 12C152832D for ; Mon, 27 Mar 2017 07:53:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0762128343; Mon, 27 Mar 2017 07:53:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID, T_TVD_MIME_EPI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2CE442833B for ; Mon, 27 Mar 2017 07:53:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751986AbdC0Hwn (ORCPT ); Mon, 27 Mar 2017 03:52:43 -0400 Received: from mail-wr0-f194.google.com ([209.85.128.194]:32832 "EHLO mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751945AbdC0Hwm (ORCPT ); Mon, 27 Mar 2017 03:52:42 -0400 Received: by mail-wr0-f194.google.com with SMTP id 20so10433274wrx.0; Mon, 27 Mar 2017 00:52:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:cc:from:subject:message-id:date:user-agent:mime-version; bh=WL99nPRI3JjNBbr8TJghyyqTT/axHNiShYBj0OnBP0k=; b=YufTvNkcpV71+G74aBDi01+5RX6v8ybtHMJtaSC6XvKKwLKGU9IKZmxqCKlGiYdYfG 5p6NG4Nd52chUj/khG57pl36JoNSck1S7bxVlg4wcq8jIzBdAKcyk3XU8IEt07udfL1Y qKXwYGpI6jBprjjm6vx1QE0z4ePQhKMh6TGW66Seo1UJI+ElNCVW3j//gBvNo+vKys5X 5viLeUUY+H07tUGvLdsKUzihWdkvCFyDFyPn17E80dgoI18wezWGCuvf7vcGzERiXTqZ Ysmnr87UyGQENcOIsbMDrNVEJmGef6ZdCHs7+QQWM7aKGKaJHPkgLq2djfz4NJPx5Lza bZSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:from:subject:message-id:date:user-agent :mime-version; bh=WL99nPRI3JjNBbr8TJghyyqTT/axHNiShYBj0OnBP0k=; b=qNrkBpoezqqXB/hn/cyfdq+HPMqQxQIl9GafO25hjwk2WGZYPmWFdG0GglDS3zNSOg AvES2gmqgLzsttp6/NSphHefcofAcQCBtvnM/j7Fmk5cute0QRwxAb9DFICPaRDd3rf1 HTqzeAhKxZEL333twAOqjpHrkrlIMEgviZSnZZFkG+Rj1vLr5llnhbg6jVc4Z2jqilSy zVRB0WTQdFZ2uc7QhrHIO6KZhbROXr1aiKMyR4vjsnVhwwzvWMJBKGZYeJYecrM5oVn8 maRdTsBbzgfW4CnENhdYl5jtY4mvpr2ooVWwx+hSyekVMNPbt9eQbc+DCghAUtXNQ8FJ FFCw== X-Gm-Message-State: AFeK/H3vLt16y5Oxop96dhG/dcVp2k50jCq/2oRA7qfcNYiC09faBqOmAAt59lZz79F1NQ== X-Received: by 10.28.133.84 with SMTP id h81mr8007810wmd.23.1490600613778; Mon, 27 Mar 2017 00:43:33 -0700 (PDT) Received: from [10.20.1.207] (ivokamhome.ddns.nbis.net. [87.120.136.31]) by smtp.gmail.com with ESMTPSA id 140sm13280412wmg.18.2017.03.27.00.43.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Mar 2017 00:43:33 -0700 (PDT) To: stable@vger.kernel.org Cc: darrick.wong@oracle.com, linux-xfs@vger.kernel.org, bfoster@redhat.com From: Nikolay Borisov Subject: Consider including ef388e2054fe ("xfs: don't allow di_size with high bit set") into stable releases Message-ID: <53efcbd6-289e-3b71-3d47-73d2b06b98ba@gmail.com> Date: Mon, 27 Mar 2017 10:43:31 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 MIME-Version: 1.0 Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Hello, The patch in the subject applies cleanly on 4.4 and I have attached the backport for 3.12. This causes hangs in both xfs/133 and xfs/134. As is customary - a battery of xfstests have been run to ensure no regressions were introduced. Regards, Nikolay From a8581aae46a02f329fce5678a5932d99e1c188e0 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" Date: Mon, 5 Dec 2016 12:38:38 +1100 Subject: [PATCH] xfs: don't allow di_size with high bit set The on-disk field di_size is used to set i_size, which is a signed integer of loff_t. If the high bit of di_size is set, we'll end up with a negative i_size, which will cause all sorts of problems. Since the VFS won't let us create a file with such length, we should catch them here in the verifier too. [nborisov: Backported to 3.12] Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner Signed-off-by: Nikolay Borisov --- fs/xfs/xfs_inode_buf.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/xfs/xfs_inode_buf.c b/fs/xfs/xfs_inode_buf.c index 4b1447b3a9e4..8cc193ab434a 100644 --- a/fs/xfs/xfs_inode_buf.c +++ b/fs/xfs/xfs_inode_buf.c @@ -301,6 +301,14 @@ xfs_dinode_verify( if (dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC)) return false; + /* don't allow invalid i_size */ + if (be64_to_cpu(dip->di_size) & (1ULL << 63)) + return false; + + /* No zero-length symlinks. */ + if (S_ISLNK(be16_to_cpu(dip->di_mode)) && dip->di_size == 0) + return false; + /* only version 3 or greater inodes are extensively verified here */ if (dip->di_version < 3) return true; -- 2.7.4