From patchwork Fri Jan 11 23:12:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Sandeen X-Patchwork-Id: 10760795 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 804661515 for ; Fri, 11 Jan 2019 23:12:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6788029FC2 for ; Fri, 11 Jan 2019 23:12:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 59CD229FE5; Fri, 11 Jan 2019 23:12:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 88C4F29FC2 for ; Fri, 11 Jan 2019 23:12:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725927AbfAKXMQ (ORCPT ); Fri, 11 Jan 2019 18:12:16 -0500 Received: from sandeen.net ([63.231.237.45]:50442 "EHLO sandeen.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725846AbfAKXMQ (ORCPT ); Fri, 11 Jan 2019 18:12:16 -0500 Received: from [10.0.0.4] (liberator [10.0.0.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by sandeen.net (Postfix) with ESMTPSA id B454978A8; Fri, 11 Jan 2019 17:11:26 -0600 (CST) Subject: [PATCH V2] xfs_repair: allow '/' in attribute names To: Eric Sandeen , linux-xfs References: <1c673348-0244-89ff-5b3c-545ee3e458e4@redhat.com> From: Eric Sandeen Openpgp: preference=signencrypt Autocrypt: addr=sandeen@sandeen.net; prefer-encrypt=mutual; keydata= mQINBE6x99QBEADMR+yNFBc1Y5avoUhzI/sdR9ANwznsNpiCtZlaO4pIWvqQJCjBzp96cpCs nQZV32nqJBYnDpBDITBqTa/EF+IrHx8gKq8TaSBLHUq2ju2gJJLfBoL7V3807PQcI18YzkF+ WL05ODFQ2cemDhx5uLghHEeOxuGj+1AI+kh/FCzMedHc6k87Yu2ZuaWF+Gh1W2ix6hikRJmQ vj5BEeAx7xKkyBhzdbNIbbjV/iGi9b26B/dNcyd5w2My2gxMtxaiP7q5b6GM2rsQklHP8FtW ZiYO7jsg/qIppR1C6Zr5jK1GQlMUIclYFeBbKggJ9mSwXJH7MIftilGQ8KDvNuV5AbkronGC sEEHj2khs7GfVv4pmUUHf1MRIvV0x3WJkpmhuZaYg8AdJlyGKgp+TQ7B+wCjNTdVqMI1vDk2 BS6Rg851ay7AypbCPx2w4d8jIkQEgNjACHVDU89PNKAjScK1aTnW+HNUqg9BliCvuX5g4z2j gJBs57loTWAGe2Ve3cMy3VoQ40Wt3yKK0Eno8jfgzgb48wyycINZgnseMRhxc2c8hd51tftK LKhPj4c7uqjnBjrgOVaVBupGUmvLiePlnW56zJZ51BR5igWnILeOJ1ZIcf7KsaHyE6B1mG+X dmYtjDhjf3NAcoBWJuj8euxMB6TcQN2MrSXy5wSKaw40evooGwARAQABtCVFcmljIFIuIFNh bmRlZW4gPHNhbmRlZW5Ac2FuZGVlbi5uZXQ+iQI7BBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsE FgIDAQIeAQIXgAUCUzMzbAIZAQAKCRAgrhaS4T3e4Fr7D/wO+fenqVvHjq21SCjDCrt8HdVj aJ28B1SqSU2toxyg5I160GllAxEHpLFGdbFAhQfBtnmlY9eMjwmJb0sCIrkrB6XNPSPA/B2B UPISh0z2odJv35/euJF71qIFgWzp2czJHkHWwVZaZpMWWNvsLIroXoR+uA9c2V1hQFVAJZyk EE4xzfm1+oVtjIC12B9tTCuS00pY3AUy21yzNowT6SSk7HAzmtG/PJ/uSB5wEkwldB6jVs2A sjOg1wMwVvh/JHilsQg4HSmDfObmZj1d0RWlMWcUE7csRnCE0ZWBMp/ttTn+oosioGa09HAS 9jAnauznmYg43oQ5Akd8iQRxz5I58F/+JsdKvWiyrPDfYZtFS+UIgWD7x+mHBZ53Qjazszox gjwO9ehZpwUQxBm4I0lPDAKw3HJA+GwwiubTSlq5PS3P7QoCjaV8llH1bNFZMz2o8wPANiDx 5FHgpRVgwLHakoCU1Gc+LXHXBzDXt7Cj02WYHdFzMm2hXaslRdhNGowLo1SXZFXa41KGTlNe 4di53y9CK5ynV0z+YUa+5LR6RdHrHtgywdKnjeWdqhoVpsWIeORtwWGX8evNOiKJ7j0RsHha WrePTubr5nuYTDsQqgc2r4aBIOpeSRR2brlT/UE3wGgy9LY78L4EwPR0MzzecfE1Ws60iSqw Pu3vhb7h3bkCDQROsffUARAA0DrUifTrXQzqxO8aiQOC5p9Tz25Np/Tfpv1rofOwL8VPBMvJ X4P5l1V2yd70MZRUVgjmCydEyxLJ6G2YyHO2IZTEajUY0Up+b3ErOpLpZwhvgWatjifpj6bB SKuDXeThqFdkphF5kAmgfVAIkan5SxWK3+S0V2F/oxstIViBhMhDwI6XsRlnVBoLLYcEilxA 2FlRUS7MOZGmRJkRtdGD5koVZSM6xVZQSmfEBaYQ/WJBGJQdPy94nnlAVn3lH3+N7pXvNUuC GV+t4YUt3tLcRuIpYBCOWlc7bpgeCps5Xa0dIZgJ8Louu6OBJ5vVXjPxTlkFdT0S0/uerCG5 1u8p6sGRLnUeAUGkQfIUqGUjW2rHaXgWNvzOV6i3tf9YaiXKl3avFaNW1kKBs0T5M1cnlWZU Utl6k04lz5OjoNY9J/bGyV3DSlkblXRMK87iLYQSrcV6cFz9PRl4vW1LGff3xRQHngeN5fPx ze8X5NE3hb+SSwyMSEqJxhVTXJVfQWWW0dQxP7HNwqmOWYF/6m+1gK/Y2gY3jAQnsWTru4RV TZGnKwEPmOCpSUvsTRXsVHgsWJ70qd0yOSjWuiv4b8vmD3+QFgyvCBxPMdP3xsxN5etheLMO gRwWpLn6yNFq/xtgs+ECgG+gR78yXQyA7iCs5tFs2OrMqV5juSMGmn0kxJUAEQEAAYkCHwQY AQIACQUCTrH31AIbDAAKCRAgrhaS4T3e4BKwD/0ZOOmUNOZCSOLAMjZx3mtYtjYgfUNKi0ki YPveGoRWTqbis8UitPtNrG4XxgzLOijSdOEzQwkdOIp/QnZhGNssMejCnsluK0GQd+RkFVWN mcQT78hBeGcnEMAXZKq7bkIKzvc06GFmkMbX/gAl6DiNGv0UNAX+5FYh+ucCJZSyAp3sA+9/ LKjxnTedX0aygXA6rkpX0Y0FvN/9dfm47+LGq7WAqBOyYTU3E6/+Z72bZoG/cG7ANLxcPool LOrU43oqFnD8QwcN56y4VfFj3/jDF2MX3xu4v2OjglVjMEYHTCxP3mpxesGHuqOit/FR+mF0 MP9JGfj6x+bj/9JMBtCW1bY/aPeMdPGTJvXjGtOVYblGZrSjXRn5++Uuy36CvkcrjuziSDG+ JEexGxczWwN4mrOQWhMT5Jyb+18CO+CWxJfHaYXiLEW7dI1AynL4jjn4W0MSiXpWDUw+fsBO Pk6ah10C4+R1Jc7dyUsKksMfvvhRX1hTIXhth85H16706bneTayZBhlZ/hK18uqTX+s0onG/ m1F3vYvdlE4p2ts1mmixMF7KajN9/E5RQtiSArvKTbfsB6Two4MthIuLuf+M0mI4gPl9SPlf fWCYVPhaU9o83y1KFbD/+lh1pjP7bEu/YudBvz7F2Myjh4/9GUAijrCTNeDTDAgvIJDjXuLX pA== Message-ID: <95c0c4ef-2a5b-656d-243d-f7a1cea516f6@sandeen.net> Date: Fri, 11 Jan 2019 17:12:15 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.3.3 MIME-Version: 1.0 In-Reply-To: <1c673348-0244-89ff-5b3c-545ee3e458e4@redhat.com> Content-Language: en-US Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP For some reason, since the earliest days of XFS, a '/' character in an extended attribute name has been treated as corruption by xfs_repair. This despite nothing in other userspace tools or the kernel having this restriction. My best guess is that this was an unintentional leftover from common code between dirs & attrs in the "da" code, and there has never been a good reason for it. Since userspace and kernelspace allow such a name to be set, listed, and read, it seems wrong to flag it as corruption. So, make this test conditional on whether we're validating a name in a dir, as opposed to the name of an attr. Signed-off-by: Eric Sandeen Reviewed-by: Darrick J. Wong --- V2: refactor per dave's suggestion djwong has new helpers in libxfs for this now, I'll pick them up and switch to them in... ... drumroll ... ...xfsprogs-5.0 -Eric diff --git a/repair/attr_repair.c b/repair/attr_repair.c index 1d04500..5ad81c0 100644 --- a/repair/attr_repair.c +++ b/repair/attr_repair.c @@ -122,6 +122,14 @@ set_da_freemap(xfs_mount_t *mp, da_freemap_t *map, int start, int stop) * fork being emptied and put in shortform format. */ +static int +attr_namecheck( + uint8_t *name, + int length) +{ + return namecheck((char *)name, length, false); +} + /* * This routine just checks what security needs are for attribute values * only called when root flag is set, otherwise these names could exist in @@ -292,11 +300,9 @@ process_shortform_attr( } } - /* namecheck checks for / and null terminated for file names. - * attributes names currently follow the same rules. - */ - if (namecheck((char *)¤tentry->nameval[0], - currententry->namelen)) { + /* namecheck checks for null chars in attr names. */ + if (attr_namecheck(currententry->nameval, + currententry->namelen)) { do_warn( _("entry contains illegal character in shortform attribute name\n")); junkit = 1; @@ -458,7 +464,7 @@ process_leaf_attr_local( xfs_attr_leaf_name_local_t *local; local = xfs_attr3_leaf_name_local(leaf, i); - if (local->namelen == 0 || namecheck((char *)&local->nameval[0], + if (local->namelen == 0 || attr_namecheck(local->nameval, local->namelen)) { do_warn( _("attribute entry %d in attr block %u, inode %" PRIu64 " has bad name (namelen = %d)\n"), @@ -513,7 +519,7 @@ process_leaf_attr_remote( remotep = xfs_attr3_leaf_name_remote(leaf, i); - if (remotep->namelen == 0 || namecheck((char *)&remotep->name[0], + if (remotep->namelen == 0 || attr_namecheck(remotep->name, remotep->namelen) || be32_to_cpu(entry->hashval) != libxfs_da_hashname((unsigned char *)&remotep->name[0], diff --git a/repair/da_util.c b/repair/da_util.c index 1450767..1f6568e 100644 --- a/repair/da_util.c +++ b/repair/da_util.c @@ -13,20 +13,25 @@ #include "da_util.h" /* - * takes a name and length (name need not be null-terminated) - * and returns 1 if the name contains a '/' or a \0, returns 0 - * otherwise + * takes a name and length (name need not be null-terminated) and whether + * we are checking a dir (vs an attr), and returns 1 if the direntry contains + * a '/', or anything contains a \0, returns 0 otherwise */ int -namecheck(char *name, int length) +namecheck( + char *name, + int length, + bool isadir) { - char *c; - int i; + char *c; + int i; ASSERT(length < MAXNAMELEN); for (c = name, i = 0; i < length; i++, c++) { - if (*c == '/' || *c == '\0') + if (isadir && *c == '/') + return 0; + if (*c == '\0') return 1; } diff --git a/repair/da_util.h b/repair/da_util.h index d36dfd0..041dff7 100644 --- a/repair/da_util.h +++ b/repair/da_util.h @@ -27,7 +27,8 @@ typedef struct da_bt_cursor { int namecheck( char *name, - int length); + int length, + bool isadir); struct xfs_buf * da_read_buf( diff --git a/repair/dir2.c b/repair/dir2.c index ba5763e..a6ab21b 100644 --- a/repair/dir2.c +++ b/repair/dir2.c @@ -44,6 +44,14 @@ _("malloc failed (%zu bytes) dir2_add_badlist:ino %" PRIu64 "\n"), l->ino = ino; } +static int +dir_namecheck( + uint8_t *name, + int length) +{ + return namecheck((char *)name, length, true); +} + int dir2_is_badino( xfs_ino_t ino) @@ -310,7 +318,7 @@ _("entry #%d %s in shortform dir %" PRIu64), * the length value is stored in a byte * so it can't be too big, it can only wrap */ - if (namecheck((char *)&sfep->name[0], namelen)) { + if (dir_namecheck(sfep->name, namelen)) { /* * junk entry */ @@ -781,7 +789,7 @@ _("\twould clear inode number in entry at offset %" PRIdPTR "...\n"), * during phase 4. */ junkit = dep->name[0] == '/'; - nm_illegal = namecheck((char *)dep->name, dep->namelen); + nm_illegal = dir_namecheck(dep->name, dep->namelen); if (ino_discovery && nm_illegal) { do_warn( _("entry at block %u offset %" PRIdPTR " in directory inode %" PRIu64 " has illegal name \"%*.*s\": "),