diff mbox series

[02/10] xfs: improve the code that checks recovered bmap intent items

Message ID 160704430659.734470.2948483798298982986.stgit@magnolia (mailing list archive)
State Superseded, archived
Headers show
Series xfs: strengthen log intent validation | expand

Commit Message

Darrick J. Wong Dec. 4, 2020, 1:11 a.m. UTC
From: Darrick J. Wong <darrick.wong@oracle.com>

The code that validates recovered bmap intent items is kind of a mess --
it doesn't use the standard xfs type validators, and it doesn't check
for things that it should.  Fix the validator function to use the
standard validation helpers and look for more types of obvious errors.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
---
 fs/xfs/xfs_bmap_item.c |   26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

Comments

Brian Foster Dec. 4, 2020, 1:56 p.m. UTC | #1
On Thu, Dec 03, 2020 at 05:11:46PM -0800, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@oracle.com>
> 
> The code that validates recovered bmap intent items is kind of a mess --
> it doesn't use the standard xfs type validators, and it doesn't check
> for things that it should.  Fix the validator function to use the
> standard validation helpers and look for more types of obvious errors.
> 
> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> Reviewed-by: Christoph Hellwig <hch@lst.de>
> ---
>  fs/xfs/xfs_bmap_item.c |   26 +++++++++++++-------------
>  1 file changed, 13 insertions(+), 13 deletions(-)
> 
> 
> diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c
> index 555453d0e080..78346d47564b 100644
> --- a/fs/xfs/xfs_bmap_item.c
> +++ b/fs/xfs/xfs_bmap_item.c
...
> @@ -448,13 +442,19 @@ xfs_bui_validate(
>  		return false;
>  	}
>  
> -	if (startblock_fsb == 0 ||
> -	    bmap->me_len == 0 ||
> -	    inode_fsb == 0 ||
> -	    startblock_fsb >= mp->m_sb.sb_dblocks ||
> -	    bmap->me_len >= mp->m_sb.sb_agblocks ||
> -	    inode_fsb >= mp->m_sb.sb_dblocks ||
> -	    (bmap->me_flags & ~XFS_BMAP_EXTENT_FLAGS))
> +	if (!xfs_verify_ino(mp, bmap->me_owner))
> +		return false;
> +
> +	if (bmap->me_startoff + bmap->me_len <= bmap->me_startoff)
> +		return false;
> +
> +	if (bmap->me_startblock + bmap->me_len <= bmap->me_startblock)
> +		return false;
> +
> +	if (!xfs_verify_fsbno(mp, bmap->me_startblock))
> +		return false;
> +
> +	if (!xfs_verify_fsbno(mp, bmap->me_startblock + bmap->me_len - 1))
>  		return false;

If this is going to be a common pattern, I wonder if an
xfs_verify_extent() or some such helper that covers the above range
checks would be helpful. Regardless:

Reviewed-by: Brian Foster <bfoster@redhat.com>

>  
>  	return true;
>
Darrick J. Wong Dec. 4, 2020, 7:54 p.m. UTC | #2
On Fri, Dec 04, 2020 at 08:56:38AM -0500, Brian Foster wrote:
> On Thu, Dec 03, 2020 at 05:11:46PM -0800, Darrick J. Wong wrote:
> > From: Darrick J. Wong <darrick.wong@oracle.com>
> > 
> > The code that validates recovered bmap intent items is kind of a mess --
> > it doesn't use the standard xfs type validators, and it doesn't check
> > for things that it should.  Fix the validator function to use the
> > standard validation helpers and look for more types of obvious errors.
> > 
> > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> > Reviewed-by: Christoph Hellwig <hch@lst.de>
> > ---
> >  fs/xfs/xfs_bmap_item.c |   26 +++++++++++++-------------
> >  1 file changed, 13 insertions(+), 13 deletions(-)
> > 
> > 
> > diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c
> > index 555453d0e080..78346d47564b 100644
> > --- a/fs/xfs/xfs_bmap_item.c
> > +++ b/fs/xfs/xfs_bmap_item.c
> ...
> > @@ -448,13 +442,19 @@ xfs_bui_validate(
> >  		return false;
> >  	}
> >  
> > -	if (startblock_fsb == 0 ||
> > -	    bmap->me_len == 0 ||
> > -	    inode_fsb == 0 ||
> > -	    startblock_fsb >= mp->m_sb.sb_dblocks ||
> > -	    bmap->me_len >= mp->m_sb.sb_agblocks ||
> > -	    inode_fsb >= mp->m_sb.sb_dblocks ||
> > -	    (bmap->me_flags & ~XFS_BMAP_EXTENT_FLAGS))
> > +	if (!xfs_verify_ino(mp, bmap->me_owner))
> > +		return false;
> > +
> > +	if (bmap->me_startoff + bmap->me_len <= bmap->me_startoff)
> > +		return false;
> > +
> > +	if (bmap->me_startblock + bmap->me_len <= bmap->me_startblock)
> > +		return false;
> > +
> > +	if (!xfs_verify_fsbno(mp, bmap->me_startblock))
> > +		return false;
> > +
> > +	if (!xfs_verify_fsbno(mp, bmap->me_startblock + bmap->me_len - 1))
> >  		return false;
> 
> If this is going to be a common pattern, I wonder if an
> xfs_verify_extent() or some such helper that covers the above range
> checks would be helpful. Regardless:

Yes.  I'll add a new patch to refactor all the bmap extent validators at
the end.

--D

> Reviewed-by: Brian Foster <bfoster@redhat.com>
> 
> >  
> >  	return true;
> > 
>
diff mbox series

Patch

diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c
index 555453d0e080..78346d47564b 100644
--- a/fs/xfs/xfs_bmap_item.c
+++ b/fs/xfs/xfs_bmap_item.c
@@ -424,18 +424,12 @@  xfs_bui_validate(
 	struct xfs_bui_log_item		*buip)
 {
 	struct xfs_map_extent		*bmap;
-	xfs_fsblock_t			startblock_fsb;
-	xfs_fsblock_t			inode_fsb;
 
 	/* Only one mapping operation per BUI... */
 	if (buip->bui_format.bui_nextents != XFS_BUI_MAX_FAST_EXTENTS)
 		return false;
 
 	bmap = &buip->bui_format.bui_extents[0];
-	startblock_fsb = XFS_BB_TO_FSB(mp,
-			XFS_FSB_TO_DADDR(mp, bmap->me_startblock));
-	inode_fsb = XFS_BB_TO_FSB(mp, XFS_FSB_TO_DADDR(mp,
-			XFS_INO_TO_FSB(mp, bmap->me_owner)));
 
 	if (bmap->me_flags & ~XFS_BMAP_EXTENT_FLAGS)
 		return false;
@@ -448,13 +442,19 @@  xfs_bui_validate(
 		return false;
 	}
 
-	if (startblock_fsb == 0 ||
-	    bmap->me_len == 0 ||
-	    inode_fsb == 0 ||
-	    startblock_fsb >= mp->m_sb.sb_dblocks ||
-	    bmap->me_len >= mp->m_sb.sb_agblocks ||
-	    inode_fsb >= mp->m_sb.sb_dblocks ||
-	    (bmap->me_flags & ~XFS_BMAP_EXTENT_FLAGS))
+	if (!xfs_verify_ino(mp, bmap->me_owner))
+		return false;
+
+	if (bmap->me_startoff + bmap->me_len <= bmap->me_startoff)
+		return false;
+
+	if (bmap->me_startblock + bmap->me_len <= bmap->me_startblock)
+		return false;
+
+	if (!xfs_verify_fsbno(mp, bmap->me_startblock))
+		return false;
+
+	if (!xfs_verify_fsbno(mp, bmap->me_startblock + bmap->me_len - 1))
 		return false;
 
 	return true;