diff mbox series

[05/10] xfs: hoist recovered refcount intent checks out of xfs_cui_item_recover

Message ID 160704432626.734470.12800460361201622389.stgit@magnolia (mailing list archive)
State Superseded
Headers show
Series xfs: strengthen log intent validation | expand

Commit Message

Darrick J. Wong Dec. 4, 2020, 1:12 a.m. UTC 
From: Darrick J. Wong <darrick.wong@oracle.com>

When we recover a refcount intent from the log, we need to validate its
contents before we try to replay them.  Hoist the checking code into a
separate function in preparation to refactor this code to use validation
helpers.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
---
 fs/xfs/xfs_refcount_item.c |   57 ++++++++++++++++++++++++++++----------------
 1 file changed, 36 insertions(+), 21 deletions(-)

Comments

Brian Foster Dec. 4, 2020, 2 p.m. UTC | #1 
On Fri, Dec 04, 2020 at 01:12:06AM +0000, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@oracle.com>
> 
> When we recover a refcount intent from the log, we need to validate its
> contents before we try to replay them.  Hoist the checking code into a
> separate function in preparation to refactor this code to use validation
> helpers.
> 
> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> Reviewed-by: Christoph Hellwig <hch@lst.de>
> ---

Reviewed-by: Brian Foster <bfoster@redhat.com>

>  fs/xfs/xfs_refcount_item.c |   57 ++++++++++++++++++++++++++++----------------
>  1 file changed, 36 insertions(+), 21 deletions(-)
> 
> 
> diff --git a/fs/xfs/xfs_refcount_item.c b/fs/xfs/xfs_refcount_item.c
> index 7529eb63ce94..a456a2fb794c 100644
> --- a/fs/xfs/xfs_refcount_item.c
> +++ b/fs/xfs/xfs_refcount_item.c
> @@ -417,6 +417,38 @@ const struct xfs_defer_op_type xfs_refcount_update_defer_type = {
>  	.cancel_item	= xfs_refcount_update_cancel_item,
>  };
>  
> +/* Is this recovered CUI ok? */
> +static inline bool
> +xfs_cui_validate_phys(
> +	struct xfs_mount		*mp,
> +	struct xfs_phys_extent		*refc)
> +{
> +	xfs_fsblock_t			startblock_fsb;
> +	bool				op_ok;
> +
> +	startblock_fsb = XFS_BB_TO_FSB(mp,
> +			   XFS_FSB_TO_DADDR(mp, refc->pe_startblock));
> +	switch (refc->pe_flags & XFS_REFCOUNT_EXTENT_TYPE_MASK) {
> +	case XFS_REFCOUNT_INCREASE:
> +	case XFS_REFCOUNT_DECREASE:
> +	case XFS_REFCOUNT_ALLOC_COW:
> +	case XFS_REFCOUNT_FREE_COW:
> +		op_ok = true;
> +		break;
> +	default:
> +		op_ok = false;
> +		break;
> +	}
> +	if (!op_ok || startblock_fsb == 0 ||
> +	    refc->pe_len == 0 ||
> +	    startblock_fsb >= mp->m_sb.sb_dblocks ||
> +	    refc->pe_len >= mp->m_sb.sb_agblocks ||
> +	    (refc->pe_flags & ~XFS_REFCOUNT_EXTENT_FLAGS))
> +		return false;
> +
> +	return true;
> +}
> +
>  /*
>   * Process a refcount update intent item that was recovered from the log.
>   * We need to update the refcountbt.
> @@ -433,11 +465,9 @@ xfs_cui_item_recover(
>  	struct xfs_trans		*tp;
>  	struct xfs_btree_cur		*rcur = NULL;
>  	struct xfs_mount		*mp = lip->li_mountp;
> -	xfs_fsblock_t			startblock_fsb;
>  	xfs_fsblock_t			new_fsb;
>  	xfs_extlen_t			new_len;
>  	unsigned int			refc_type;
> -	bool				op_ok;
>  	bool				requeue_only = false;
>  	enum xfs_refcount_intent_type	type;
>  	int				i;
> @@ -449,26 +479,11 @@ xfs_cui_item_recover(
>  	 * just toss the CUI.
>  	 */
>  	for (i = 0; i < cuip->cui_format.cui_nextents; i++) {
> -		refc = &cuip->cui_format.cui_extents[i];
> -		startblock_fsb = XFS_BB_TO_FSB(mp,
> -				   XFS_FSB_TO_DADDR(mp, refc->pe_startblock));
> -		switch (refc->pe_flags & XFS_REFCOUNT_EXTENT_TYPE_MASK) {
> -		case XFS_REFCOUNT_INCREASE:
> -		case XFS_REFCOUNT_DECREASE:
> -		case XFS_REFCOUNT_ALLOC_COW:
> -		case XFS_REFCOUNT_FREE_COW:
> -			op_ok = true;
> -			break;
> -		default:
> -			op_ok = false;
> -			break;
> -		}
> -		if (!op_ok || startblock_fsb == 0 ||
> -		    refc->pe_len == 0 ||
> -		    startblock_fsb >= mp->m_sb.sb_dblocks ||
> -		    refc->pe_len >= mp->m_sb.sb_agblocks ||
> -		    (refc->pe_flags & ~XFS_REFCOUNT_EXTENT_FLAGS))
> +		if (!xfs_cui_validate_phys(mp,
> +					&cuip->cui_format.cui_extents[i])) {
> +			XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW, mp);
>  			return -EFSCORRUPTED;
> +		}
>  	}
>  
>  	/*
>
diff mbox series

Patch

diff --git a/fs/xfs/xfs_refcount_item.c b/fs/xfs/xfs_refcount_item.c
index 7529eb63ce94..a456a2fb794c 100644
--- a/fs/xfs/xfs_refcount_item.c
+++ b/fs/xfs/xfs_refcount_item.c
@@ -417,6 +417,38 @@  const struct xfs_defer_op_type xfs_refcount_update_defer_type = {
 	.cancel_item	= xfs_refcount_update_cancel_item,
 };
 
+/* Is this recovered CUI ok? */
+static inline bool
+xfs_cui_validate_phys(
+	struct xfs_mount		*mp,
+	struct xfs_phys_extent		*refc)
+{
+	xfs_fsblock_t			startblock_fsb;
+	bool				op_ok;
+
+	startblock_fsb = XFS_BB_TO_FSB(mp,
+			   XFS_FSB_TO_DADDR(mp, refc->pe_startblock));
+	switch (refc->pe_flags & XFS_REFCOUNT_EXTENT_TYPE_MASK) {
+	case XFS_REFCOUNT_INCREASE:
+	case XFS_REFCOUNT_DECREASE:
+	case XFS_REFCOUNT_ALLOC_COW:
+	case XFS_REFCOUNT_FREE_COW:
+		op_ok = true;
+		break;
+	default:
+		op_ok = false;
+		break;
+	}
+	if (!op_ok || startblock_fsb == 0 ||
+	    refc->pe_len == 0 ||
+	    startblock_fsb >= mp->m_sb.sb_dblocks ||
+	    refc->pe_len >= mp->m_sb.sb_agblocks ||
+	    (refc->pe_flags & ~XFS_REFCOUNT_EXTENT_FLAGS))
+		return false;
+
+	return true;
+}
+
 /*
  * Process a refcount update intent item that was recovered from the log.
  * We need to update the refcountbt.
@@ -433,11 +465,9 @@  xfs_cui_item_recover(
 	struct xfs_trans		*tp;
 	struct xfs_btree_cur		*rcur = NULL;
 	struct xfs_mount		*mp = lip->li_mountp;
-	xfs_fsblock_t			startblock_fsb;
 	xfs_fsblock_t			new_fsb;
 	xfs_extlen_t			new_len;
 	unsigned int			refc_type;
-	bool				op_ok;
 	bool				requeue_only = false;
 	enum xfs_refcount_intent_type	type;
 	int				i;
@@ -449,26 +479,11 @@  xfs_cui_item_recover(
 	 * just toss the CUI.
 	 */
 	for (i = 0; i < cuip->cui_format.cui_nextents; i++) {
-		refc = &cuip->cui_format.cui_extents[i];
-		startblock_fsb = XFS_BB_TO_FSB(mp,
-				   XFS_FSB_TO_DADDR(mp, refc->pe_startblock));
-		switch (refc->pe_flags & XFS_REFCOUNT_EXTENT_TYPE_MASK) {
-		case XFS_REFCOUNT_INCREASE:
-		case XFS_REFCOUNT_DECREASE:
-		case XFS_REFCOUNT_ALLOC_COW:
-		case XFS_REFCOUNT_FREE_COW:
-			op_ok = true;
-			break;
-		default:
-			op_ok = false;
-			break;
-		}
-		if (!op_ok || startblock_fsb == 0 ||
-		    refc->pe_len == 0 ||
-		    startblock_fsb >= mp->m_sb.sb_dblocks ||
-		    refc->pe_len >= mp->m_sb.sb_agblocks ||
-		    (refc->pe_flags & ~XFS_REFCOUNT_EXTENT_FLAGS))
+		if (!xfs_cui_validate_phys(mp,
+					&cuip->cui_format.cui_extents[i])) {
+			XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW, mp);
 			return -EFSCORRUPTED;
+		}
 	}
 
 	/*