| Message ID | 160704430659.734470.2948483798298982986.stgit@magnolia (mailing list archive) |
|---|---|
| State | Superseded, archived |
| Headers | show |
| Series | xfs: strengthen log intent validation | expand |
On Thu, Dec 03, 2020 at 05:11:46PM -0800, Darrick J. Wong wrote: > From: Darrick J. Wong <darrick.wong@oracle.com> > > The code that validates recovered bmap intent items is kind of a mess -- > it doesn't use the standard xfs type validators, and it doesn't check > for things that it should. Fix the validator function to use the > standard validation helpers and look for more types of obvious errors. > > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> > Reviewed-by: Christoph Hellwig <hch@lst.de> > --- > fs/xfs/xfs_bmap_item.c | 26 +++++++++++++------------- > 1 file changed, 13 insertions(+), 13 deletions(-) > > > diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c > index 555453d0e080..78346d47564b 100644 > --- a/fs/xfs/xfs_bmap_item.c > +++ b/fs/xfs/xfs_bmap_item.c ... > @@ -448,13 +442,19 @@ xfs_bui_validate( > return false; > } > > - if (startblock_fsb == 0 || > - bmap->me_len == 0 || > - inode_fsb == 0 || > - startblock_fsb >= mp->m_sb.sb_dblocks || > - bmap->me_len >= mp->m_sb.sb_agblocks || > - inode_fsb >= mp->m_sb.sb_dblocks || > - (bmap->me_flags & ~XFS_BMAP_EXTENT_FLAGS)) > + if (!xfs_verify_ino(mp, bmap->me_owner)) > + return false; > + > + if (bmap->me_startoff + bmap->me_len <= bmap->me_startoff) > + return false; > + > + if (bmap->me_startblock + bmap->me_len <= bmap->me_startblock) > + return false; > + > + if (!xfs_verify_fsbno(mp, bmap->me_startblock)) > + return false; > + > + if (!xfs_verify_fsbno(mp, bmap->me_startblock + bmap->me_len - 1)) > return false; If this is going to be a common pattern, I wonder if an xfs_verify_extent() or some such helper that covers the above range checks would be helpful. Regardless: Reviewed-by: Brian Foster <bfoster@redhat.com> > > return true; >
On Fri, Dec 04, 2020 at 08:56:38AM -0500, Brian Foster wrote: > On Thu, Dec 03, 2020 at 05:11:46PM -0800, Darrick J. Wong wrote: > > From: Darrick J. Wong <darrick.wong@oracle.com> > > > > The code that validates recovered bmap intent items is kind of a mess -- > > it doesn't use the standard xfs type validators, and it doesn't check > > for things that it should. Fix the validator function to use the > > standard validation helpers and look for more types of obvious errors. > > > > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> > > Reviewed-by: Christoph Hellwig <hch@lst.de> > > --- > > fs/xfs/xfs_bmap_item.c | 26 +++++++++++++------------- > > 1 file changed, 13 insertions(+), 13 deletions(-) > > > > > > diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c > > index 555453d0e080..78346d47564b 100644 > > --- a/fs/xfs/xfs_bmap_item.c > > +++ b/fs/xfs/xfs_bmap_item.c > ... > > @@ -448,13 +442,19 @@ xfs_bui_validate( > > return false; > > } > > > > - if (startblock_fsb == 0 || > > - bmap->me_len == 0 || > > - inode_fsb == 0 || > > - startblock_fsb >= mp->m_sb.sb_dblocks || > > - bmap->me_len >= mp->m_sb.sb_agblocks || > > - inode_fsb >= mp->m_sb.sb_dblocks || > > - (bmap->me_flags & ~XFS_BMAP_EXTENT_FLAGS)) > > + if (!xfs_verify_ino(mp, bmap->me_owner)) > > + return false; > > + > > + if (bmap->me_startoff + bmap->me_len <= bmap->me_startoff) > > + return false; > > + > > + if (bmap->me_startblock + bmap->me_len <= bmap->me_startblock) > > + return false; > > + > > + if (!xfs_verify_fsbno(mp, bmap->me_startblock)) > > + return false; > > + > > + if (!xfs_verify_fsbno(mp, bmap->me_startblock + bmap->me_len - 1)) > > return false; > > If this is going to be a common pattern, I wonder if an > xfs_verify_extent() or some such helper that covers the above range > checks would be helpful. Regardless: Yes. I'll add a new patch to refactor all the bmap extent validators at the end. --D > Reviewed-by: Brian Foster <bfoster@redhat.com> > > > > > return true; > > >
diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c index 555453d0e080..78346d47564b 100644 --- a/fs/xfs/xfs_bmap_item.c +++ b/fs/xfs/xfs_bmap_item.c @@ -424,18 +424,12 @@ xfs_bui_validate( struct xfs_bui_log_item *buip) { struct xfs_map_extent *bmap; - xfs_fsblock_t startblock_fsb; - xfs_fsblock_t inode_fsb; /* Only one mapping operation per BUI... */ if (buip->bui_format.bui_nextents != XFS_BUI_MAX_FAST_EXTENTS) return false; bmap = &buip->bui_format.bui_extents[0]; - startblock_fsb = XFS_BB_TO_FSB(mp, - XFS_FSB_TO_DADDR(mp, bmap->me_startblock)); - inode_fsb = XFS_BB_TO_FSB(mp, XFS_FSB_TO_DADDR(mp, - XFS_INO_TO_FSB(mp, bmap->me_owner))); if (bmap->me_flags & ~XFS_BMAP_EXTENT_FLAGS) return false; @@ -448,13 +442,19 @@ xfs_bui_validate( return false; } - if (startblock_fsb == 0 || - bmap->me_len == 0 || - inode_fsb == 0 || - startblock_fsb >= mp->m_sb.sb_dblocks || - bmap->me_len >= mp->m_sb.sb_agblocks || - inode_fsb >= mp->m_sb.sb_dblocks || - (bmap->me_flags & ~XFS_BMAP_EXTENT_FLAGS)) + if (!xfs_verify_ino(mp, bmap->me_owner)) + return false; + + if (bmap->me_startoff + bmap->me_len <= bmap->me_startoff) + return false; + + if (bmap->me_startblock + bmap->me_len <= bmap->me_startblock) + return false; + + if (!xfs_verify_fsbno(mp, bmap->me_startblock)) + return false; + + if (!xfs_verify_fsbno(mp, bmap->me_startblock + bmap->me_len - 1)) return false; return true;