From patchwork Mon Jan 15 20:03:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10165307 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EC167602C2 for ; Mon, 15 Jan 2018 20:04:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DEACF1FF2D for ; Mon, 15 Jan 2018 20:04:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D1327223A7; Mon, 15 Jan 2018 20:04:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 384911FF2D for ; Mon, 15 Jan 2018 20:04:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750716AbeAOUD6 (ORCPT ); Mon, 15 Jan 2018 15:03:58 -0500 Received: from aserp2130.oracle.com ([141.146.126.79]:56996 "EHLO aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750714AbeAOUD4 (ORCPT ); Mon, 15 Jan 2018 15:03:56 -0500 Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w0FK1oBh135815; Mon, 15 Jan 2018 20:03:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=corp-2017-10-26; bh=P+NCEAtpd8RXf8dDt9KjdOWs5GV5vr29pCXKVr8zV2c=; b=bRXDOilBNFdzKPEDS7BcRlxcc3u8sz8UNqNjrcgiw3BGWyE0XipMPwBAIqif920khhe/ PA22zjErNjr3c4TmNgutID2RLQrTTjy5IBTsTPNMZujP5mnRBKlORl1GMK9FhEejPI/v jaic0I6HJbxye+wVJi6kNPgVm5SdIdgLFnr1LvhLjIroi1ugoJZZ2xUXtIClTMAfGnn5 NANP9gBJw1+X5CPeH5t5bex5UF3/gfXi7a4vsFaMIYmTkSrWB4UgCQFUFw8kfb/enPYM wctqeLvw7eDjKesK3OYU0qS+Q9RMQW4E6bcqI3/EYCIDbhcco38NAbCOxzAOwwAQXaJF cg== Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp2130.oracle.com with ESMTP id 2fh2xwr0bv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 15 Jan 2018 20:03:16 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w0FK3F1e026899 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 15 Jan 2018 20:03:15 GMT Received: from abhmp0011.oracle.com (abhmp0011.oracle.com [141.146.116.17]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w0FK3EGI009580; Mon, 15 Jan 2018 20:03:14 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 15 Jan 2018 12:03:14 -0800 Date: Mon, 15 Jan 2018 12:03:13 -0800 From: "Darrick J. Wong" To: linux-xfs@vger.kernel.org Cc: Brian Foster Subject: [PATCH v2 1/5] xfs: check sb_agblocks and sb_agblklog when validating superblock Message-ID: <20180115200313.GC5602@magnolia> References: <151579463950.8694.320025813242574491.stgit@magnolia> <151579464601.8694.5478076755339350941.stgit@magnolia> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <151579464601.8694.5478076755339350941.stgit@magnolia> User-Agent: Mutt/1.5.24 (2015-08-30) X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8775 signatures=668652 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=897 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801150282 Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Darrick J. Wong Currently, we don't check sb_agblocks or sb_agblklog when we validate the superblock, which means that we can fuzz garbage values into those values and the mount succeeds. This leads to all sorts of UBSAN warnings in xfs/350 since we can then coerce other parts of xfs into shifting by ridiculously large values. Signed-off-by: Darrick J. Wong --- v2: simplify ag min/max size definitions --- fs/xfs/libxfs/xfs_fs.h | 7 +++++++ fs/xfs/libxfs/xfs_sb.c | 3 +++ 2 files changed, 10 insertions(+) -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/fs/xfs/libxfs/xfs_fs.h b/fs/xfs/libxfs/xfs_fs.h index fc4386a..3ab1870 100644 --- a/fs/xfs/libxfs/xfs_fs.h +++ b/fs/xfs/libxfs/xfs_fs.h @@ -233,6 +233,13 @@ typedef struct xfs_fsop_resblks { #define XFS_MAX_LOG_BLOCKS (1024 * 1024ULL) #define XFS_MIN_LOG_BYTES (10 * 1024 * 1024ULL) +/* + * Limits on sb_agblocks/sb_agblklog -- mkfs won't format AGs smaller than + * 16MB or larger than 1TB. + */ +#define XFS_AG_MIN_BYTES (1ULL << 24) /* 16 MB */ +#define XFS_AG_MAX_BYTES (1ULL << 40) /* 1 TB */ + /* keep the maximum size under 2^31 by a small amount */ #define XFS_MAX_LOG_BYTES \ ((2 * 1024 * 1024 * 1024ULL) - XFS_MIN_LOG_BYTES) diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c index 08e44a0..bdb4f74 100644 --- a/fs/xfs/libxfs/xfs_sb.c +++ b/fs/xfs/libxfs/xfs_sb.c @@ -253,6 +253,9 @@ xfs_mount_validate_sb( sbp->sb_inodesize != (1 << sbp->sb_inodelog) || sbp->sb_logsunit > XLOG_MAX_RECORD_BSIZE || sbp->sb_inopblock != howmany(sbp->sb_blocksize,sbp->sb_inodesize) || + XFS_FSB_TO_B(mp, sbp->sb_agblocks) < XFS_AG_MIN_BYTES || + XFS_FSB_TO_B(mp, sbp->sb_agblocks) > XFS_AG_MAX_BYTES || + sbp->sb_agblklog != xfs_highbit32(sbp->sb_agblocks - 1) + 1 || (sbp->sb_blocklog - sbp->sb_inodelog != sbp->sb_inopblog) || (sbp->sb_rextsize * sbp->sb_blocksize > XFS_MAX_RTEXTSIZE) || (sbp->sb_rextsize * sbp->sb_blocksize < XFS_MIN_RTEXTSIZE) ||