From patchwork Wed Apr 10 00:50:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13623369 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A4B6EA5F for ; Wed, 10 Apr 2024 00:50:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710239; cv=none; b=nHbqSZEdY2q8MU8Xn6tyWceBsk+vRw+hKRQKiQzIP7SgdfGtSyqSpW6OG92R+ZfbAgvpRpB3/0IlBia3iQ8GhEXbdI8hIqlKBJOzHW8RtTqMcAPU9ypgvEwexUwRVHI4fBesQoGb/+GIrfuBL7u9nSyAijV+LV5u2Cm1TTXXsLY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710239; c=relaxed/simple; bh=rmT2D9WKKYoeoNgk2c8gGb3ShnF35BlaQNE15K+hoYA=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=PYPVSz0V8YNPVxT4uL1jfDaS/1luVGB44VzuBDih2Qe9D0ZRBOSLjtUQfHRcrdf5z31m1eUpW89KiThOTShUXYM8JY1cjqPyfhq0spvzM1WEmg+EBQpoax3dVbyN5geWHJ+iSgdlO11W7MrLtWuy0pC4TwRzZmRV/thtmRyr+GA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FtgLaNdY; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FtgLaNdY" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2B669C433F1; Wed, 10 Apr 2024 00:50:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712710239; bh=rmT2D9WKKYoeoNgk2c8gGb3ShnF35BlaQNE15K+hoYA=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=FtgLaNdYNhYw814Bd9mvGiRPaVzJRO6XGgnI21wHvROroFZnh0b7SDNKsoPrBJDYV YPyq+/262DwI+twWLFOJuMDx6Tye3yipHUJhkVbGyDzcKDYLZo0lq22sVkOgJQXbsH qSRU/dmwoBMRxB5SLt/rCxpocwwXmqSsid+aefjN+Yu982mkmqj1eayLWyr96PhwKI cOQlco+AaFMh2RH0dqPbvW8aRDraZ/nHXPp6meN6Au9uVhXuXcF46u8IO3Xm6J+0hz itogFT1+TK/yAaFmocjq1+dznxc5C0ZLPjVe4KrisnfgkYmTInFCWbIol69KTdKIYz YGtWhyz/y+q7g== Date: Tue, 09 Apr 2024 17:50:38 -0700 Subject: [PATCH 01/12] xfs: attr fork iext must be loaded before calling xfs_attr_is_leaf From: "Darrick J. Wong" To: djwong@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171270968870.3631545.18232340920205425116.stgit@frogsfrogsfrogs> In-Reply-To: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> References: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Christoph noticed that the xfs_attr_is_leaf in xfs_attr_get_ilocked can access the incore extent tree of the attr fork, but nothing in the xfs_attr_get path guarantees that the incore tree is actually loaded. Most of the time it is, but seeing as xfs_attr_is_leaf ignores the return value of xfs_iext_get_extent I guess we've been making choices based on random stack contents and nobody's complained? Reported-by: Christoph Hellwig Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/libxfs/xfs_attr.c | 17 +++++++++++++++++ fs/xfs/xfs_attr_item.c | 42 ++++++++++++++++++++++++++++++++++++------ fs/xfs/xfs_attr_list.c | 7 +++++++ 3 files changed, 60 insertions(+), 6 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index 5efbbb60f0069..cbc9a1b1c72d3 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -87,6 +87,8 @@ xfs_attr_is_leaf( struct xfs_iext_cursor icur; struct xfs_bmbt_irec imap; + ASSERT(!xfs_need_iread_extents(ifp)); + if (ifp->if_nextents != 1 || ifp->if_format != XFS_DINODE_FMT_EXTENTS) return false; @@ -224,11 +226,21 @@ int xfs_attr_get_ilocked( struct xfs_da_args *args) { + int error; + xfs_assert_ilocked(args->dp, XFS_ILOCK_SHARED | XFS_ILOCK_EXCL); if (!xfs_inode_hasattr(args->dp)) return -ENOATTR; + /* + * The incore attr fork iext tree must be loaded for xfs_attr_is_leaf + * to work correctly. + */ + error = xfs_iread_extents(args->trans, args->dp, XFS_ATTR_FORK); + if (error) + return error; + if (args->dp->i_af.if_format == XFS_DINODE_FMT_LOCAL) return xfs_attr_shortform_getvalue(args); if (xfs_attr_is_leaf(args->dp)) @@ -870,6 +882,11 @@ xfs_attr_lookup( return -ENOATTR; } + /* Prerequisite for xfs_attr_is_leaf */ + error = xfs_iread_extents(args->trans, args->dp, XFS_ATTR_FORK); + if (error) + return error; + if (xfs_attr_is_leaf(dp)) { error = xfs_attr_leaf_hasname(args, &bp); diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index d460347056945..541455731618b 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -498,6 +498,25 @@ xfs_attri_validate( return xfs_verify_ino(mp, attrp->alfi_ino); } +static int +xfs_attri_iread_extents( + struct xfs_inode *ip) +{ + struct xfs_trans *tp; + int error; + + error = xfs_trans_alloc_empty(ip->i_mount, &tp); + if (error) + return error; + + xfs_ilock(ip, XFS_ILOCK_EXCL); + error = xfs_iread_extents(tp, ip, XFS_ATTR_FORK); + xfs_iunlock(ip, XFS_ILOCK_EXCL); + xfs_trans_cancel(tp); + + return error; +} + static inline struct xfs_attr_intent * xfs_attri_recover_work( struct xfs_mount *mp, @@ -508,13 +527,22 @@ xfs_attri_recover_work( { struct xfs_attr_intent *attr; struct xfs_da_args *args; + struct xfs_inode *ip; int local; int error; - error = xlog_recover_iget(mp, attrp->alfi_ino, ipp); + error = xlog_recover_iget(mp, attrp->alfi_ino, &ip); if (error) return ERR_PTR(error); + if (xfs_inode_has_attr_fork(ip)) { + error = xfs_attri_iread_extents(ip); + if (error) { + xfs_irele(ip); + return ERR_PTR(error); + } + } + attr = kzalloc(sizeof(struct xfs_attr_intent) + sizeof(struct xfs_da_args), GFP_KERNEL | __GFP_NOFAIL); args = (struct xfs_da_args *)(attr + 1); @@ -531,7 +559,7 @@ xfs_attri_recover_work( attr->xattri_nameval = xfs_attri_log_nameval_get(nv); ASSERT(attr->xattri_nameval); - args->dp = *ipp; + args->dp = ip; args->geo = mp->m_attr_geo; args->whichfork = XFS_ATTR_FORK; args->name = nv->name.i_addr; @@ -561,6 +589,7 @@ xfs_attri_recover_work( } xfs_defer_add_item(dfp, &attr->xattri_list); + *ipp = ip; return attr; } @@ -615,16 +644,17 @@ xfs_attr_recover_work( XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, &attrip->attri_format, sizeof(attrip->attri_format)); - if (error) { - xfs_trans_cancel(tp); - goto out_unlock; - } + if (error) + goto out_cancel; error = xfs_defer_ops_capture_and_commit(tp, capture_list); out_unlock: xfs_iunlock(ip, XFS_ILOCK_EXCL); xfs_irele(ip); return error; +out_cancel: + xfs_trans_cancel(tp); + goto out_unlock; } /* Re-log an intent item to push the log tail forward. */ diff --git a/fs/xfs/xfs_attr_list.c b/fs/xfs/xfs_attr_list.c index 6a621f016f040..97c8f3dcfb89d 100644 --- a/fs/xfs/xfs_attr_list.c +++ b/fs/xfs/xfs_attr_list.c @@ -544,6 +544,7 @@ xfs_attr_list_ilocked( struct xfs_attr_list_context *context) { struct xfs_inode *dp = context->dp; + int error; xfs_assert_ilocked(dp, XFS_ILOCK_SHARED | XFS_ILOCK_EXCL); @@ -554,6 +555,12 @@ xfs_attr_list_ilocked( return 0; if (dp->i_af.if_format == XFS_DINODE_FMT_LOCAL) return xfs_attr_shortform_list(context); + + /* Prerequisite for xfs_attr_is_leaf */ + error = xfs_iread_extents(NULL, dp, XFS_ATTR_FORK); + if (error) + return error; + if (xfs_attr_is_leaf(dp)) return xfs_attr_leaf_list(context); return xfs_attr_node_list(context); From patchwork Wed Apr 10 00:50:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13623370 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0578D38B for ; Wed, 10 Apr 2024 00:50:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710255; cv=none; b=S4UZwmmBC4olYmH4fsdNuLJn5EZCqBEVTujilbV0x2FXjJdodW+LIMCDxMHICJXKYrj2V4Lh9ZDdM9SBWe30PC949GIlr6BKStI9wE/cogRotRml2tOy8c3dN3GvjqBG2zWrXmmxq0tWBnGdSVSrToHZEtDBwXCjdFJOQUdDSzM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710255; c=relaxed/simple; bh=/b+gwbNlFksUKgepNrtkpkS6a+ACh/tDpVtUdYge2RA=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=p/qyPzMRRDvAVp2Tj7SiYnWwLzs98HxSRjHjMpjItXday7+XwkmkjHRbyjn0gyL8ym/QjX/SrChwJXGi+aUMdUgV3He2uGBSMkA7/wfNW3uzQR2jEo+yiKvHIWV9L6AxXEIknkrBbzWgs4W//0dtGRrGItN8y+rtK+fit8NpjFA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rHe/aj4v; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rHe/aj4v" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C8940C433C7; Wed, 10 Apr 2024 00:50:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712710254; bh=/b+gwbNlFksUKgepNrtkpkS6a+ACh/tDpVtUdYge2RA=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=rHe/aj4vI5FN+Y5wQzppzfXJQvAq24Cxor/f8SGRkXmhKKtyMlczHiN4icb0rG+ZR r9Q4IxiN3T5U6SSOX8yNJKYojhvzE+qU8TtTXyEoVd8/SQqB/PtAo3hbZHhcRLHQ36 sUuCLdYf0i+Y7uA30gkoanWpzEQSxG9spoVZXlz3S2v4s3DNmxcqqKHFc2kgfYEP8D JJ8+UUuSPXN/4LQQfxWRYl/BAIswfjLhuG8ciz6b6exOZn0hgNWWDvBw4+S1hvkyvI 0Qx8R/iowtnhbrCE1FlFH2jvfEQYxegsh51IobF5hfe7MAGzIOpCkf8wnBWEJM7eQT knoVywLA4lRsg== Date: Tue, 09 Apr 2024 17:50:54 -0700 Subject: [PATCH 02/12] xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery From: "Darrick J. Wong" To: djwong@kernel.org Cc: hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171270968886.3631545.13705299860508916040.stgit@frogsfrogsfrogs> In-Reply-To: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> References: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong The XFS_SB_FEAT_INCOMPAT_LOG_XATTRS feature bit protects a filesystem from old kernels that do not know how to recover extended attribute log intent items. Make this check mandatory instead of a debugging assert. Fixes: fd920008784ea ("xfs: Set up infrastructure for log attribute replay") Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 541455731618b..dfe7039dac989 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -469,6 +469,9 @@ xfs_attri_validate( unsigned int op = attrp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; + if (!xfs_sb_version_haslogxattrs(&mp->m_sb)) + return false; + if (attrp->__pad != 0) return false; @@ -570,8 +573,6 @@ xfs_attri_recover_work( XFS_DA_OP_LOGGED; args->owner = args->dp->i_ino; - ASSERT(xfs_sb_version_haslogxattrs(&mp->m_sb)); - switch (attr->xattri_op_flags) { case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: From patchwork Wed Apr 10 00:51:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13623371 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 975AB38B for ; Wed, 10 Apr 2024 00:51:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710270; cv=none; b=dZNB+bnHANnfamcIKa4aKdg7UUnHbckH0zyKF58nXGr/SIvkPJZ+VTxwCWEedk1zEolZ50zny4Z81a+bOQ33+Nvu0zN2or4Opr+UfHBjrqgekvsTsYWfVHI29/EJeQBJur4SASM89xcNDPFceU7Wi1XNbQfDC1aQ4ELGpLBr5fo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710270; c=relaxed/simple; bh=7nDLppW8YbbjLuXGDuF5Bkv4qHHrBe6FnOo3Beb2YN4=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=XkR54wvaoX45CMUZulRfnLWKABzVDYR1Ea+2F8w5sOBpnwJEkmdnnHhZzA5EIz6kJuOFy2GbT1WD9Fv7mMVDndXuw3xMXV0cjyz/H0FUbx7B8OxOVzp33xMjLXs85YoAzyDTDHKfqR+/D0K/uoHpFJSK3ANapbInSAm43fTiPN4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=YN4q+T6S; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="YN4q+T6S" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6EF9BC433C7; Wed, 10 Apr 2024 00:51:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712710270; bh=7nDLppW8YbbjLuXGDuF5Bkv4qHHrBe6FnOo3Beb2YN4=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=YN4q+T6ShVV9mEyyT/lj9twHFJW7RSElyfnWQitptFbUkJcrMKCPGrYqZl3Fpl/+y 0tmk4I3i+rZMf46jJFHfQ9gT7jHSIQF8LhUkoGcBMhDdouJYDGlT1Vxg9jTKP/BTgX /vyoyIRZ8UoK3MH8sbhL43lgVAnsfLKOZ9TYw1h2ImQLeOjyDJ/QkrNue8DrhmS6a7 uiN3dzm5VHpccyBoV6Ws/G1iVUYE/bmN+8DsCr1sfZaOTS9q9Or4W2do05w8y0wSUE 8d1FqFQ22TS7IwpdeiNWySPdh4QyPU4+3IMjOtRlellsY0xMO89UqxF8WsdrOVSV1N kbB04/odCSVGg== Date: Tue, 09 Apr 2024 17:51:09 -0700 Subject: [PATCH 03/12] xfs: use an XFS_OPSTATE_ flag for detecting if logged xattrs are available From: "Darrick J. Wong" To: djwong@kernel.org Cc: hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171270968902.3631545.15407860268151301275.stgit@frogsfrogsfrogs> In-Reply-To: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> References: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Per reviewer request, use an OPSTATE flag (+ helpers) to decide if logged xattrs are enabled, instead of querying the xfs_sb. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 2 +- fs/xfs/xfs_mount.c | 16 ++++++++++++++++ fs/xfs/xfs_mount.h | 6 +++++- fs/xfs/xfs_xattr.c | 3 ++- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index dfe7039dac989..e5e7ddbc594b9 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -469,7 +469,7 @@ xfs_attri_validate( unsigned int op = attrp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; - if (!xfs_sb_version_haslogxattrs(&mp->m_sb)) + if (!xfs_is_using_logged_xattrs(mp)) return false; if (attrp->__pad != 0) diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c index d37ba10f5fa33..a8a4b338985af 100644 --- a/fs/xfs/xfs_mount.c +++ b/fs/xfs/xfs_mount.c @@ -230,6 +230,13 @@ xfs_readsb( mp->m_features |= xfs_sb_version_to_features(sbp); xfs_reinit_percpu_counters(mp); + /* + * If logged xattrs are enabled after log recovery finishes, then set + * the opstate so that log recovery will work properly. + */ + if (xfs_sb_version_haslogxattrs(&mp->m_sb)) + xfs_set_using_logged_xattrs(mp); + /* no need to be quiet anymore, so reset the buf ops */ bp->b_ops = &xfs_sb_buf_ops; @@ -828,6 +835,15 @@ xfs_mountfs( goto out_inodegc_shrinker; } + /* + * If logged xattrs are still enabled after log recovery finishes, then + * they'll be available until unmount. Otherwise, turn them off. + */ + if (xfs_sb_version_haslogxattrs(&mp->m_sb)) + xfs_set_using_logged_xattrs(mp); + else + xfs_clear_using_logged_xattrs(mp); + /* Enable background inode inactivation workers. */ xfs_inodegc_start(mp); xfs_blockgc_start(mp); diff --git a/fs/xfs/xfs_mount.h b/fs/xfs/xfs_mount.h index b022e5120dc42..ffdf354b72437 100644 --- a/fs/xfs/xfs_mount.h +++ b/fs/xfs/xfs_mount.h @@ -416,6 +416,8 @@ __XFS_HAS_FEAT(nouuid, NOUUID) #define XFS_OPSTATE_QUOTACHECK_RUNNING 10 /* Do we want to clear log incompat flags? */ #define XFS_OPSTATE_UNSET_LOG_INCOMPAT 11 +/* Filesystem can use logged extended attributes */ +#define XFS_OPSTATE_USE_LARP 12 #define __XFS_IS_OPSTATE(name, NAME) \ static inline bool xfs_is_ ## name (struct xfs_mount *mp) \ @@ -444,6 +446,7 @@ __XFS_IS_OPSTATE(quotacheck_running, QUOTACHECK_RUNNING) # define xfs_is_quotacheck_running(mp) (false) #endif __XFS_IS_OPSTATE(done_with_log_incompat, UNSET_LOG_INCOMPAT) +__XFS_IS_OPSTATE(using_logged_xattrs, USE_LARP) static inline bool xfs_should_warn(struct xfs_mount *mp, long nr) @@ -463,7 +466,8 @@ xfs_should_warn(struct xfs_mount *mp, long nr) { (1UL << XFS_OPSTATE_WARNED_SHRINK), "wshrink" }, \ { (1UL << XFS_OPSTATE_WARNED_LARP), "wlarp" }, \ { (1UL << XFS_OPSTATE_QUOTACHECK_RUNNING), "quotacheck" }, \ - { (1UL << XFS_OPSTATE_UNSET_LOG_INCOMPAT), "unset_log_incompat" } + { (1UL << XFS_OPSTATE_UNSET_LOG_INCOMPAT), "unset_log_incompat" }, \ + { (1UL << XFS_OPSTATE_USE_LARP), "logged_xattrs" } /* * Max and min values for mount-option defined I/O diff --git a/fs/xfs/xfs_xattr.c b/fs/xfs/xfs_xattr.c index 9b29973424b45..514179a8d2a7f 100644 --- a/fs/xfs/xfs_xattr.c +++ b/fs/xfs/xfs_xattr.c @@ -31,7 +31,7 @@ xfs_attr_grab_log_assist( int error = 0; /* xattr update log intent items are already enabled */ - if (xfs_sb_version_haslogxattrs(&mp->m_sb)) + if (xfs_is_using_logged_xattrs(mp)) return 0; /* @@ -48,6 +48,7 @@ xfs_attr_grab_log_assist( XFS_SB_FEAT_INCOMPAT_LOG_XATTRS); if (error) return error; + xfs_set_using_logged_xattrs(mp); xfs_warn_mount(mp, XFS_OPSTATE_WARNED_LARP, "EXPERIMENTAL logged extended attributes feature in use. Use at your own risk!"); From patchwork Wed Apr 10 00:51:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13623372 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B05B38B for ; Wed, 10 Apr 2024 00:51:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710286; cv=none; b=Zi0ZCXmzj47nTM04u3f7tBnWccgr8l0YeIpnIbl/3FCgB4vzDrfNw7JzXyIErOIj1xQME1RZKGrOmiqLQ/9yiY8bMpzmR4g1t1/euA4rZ8Y1oTw/0bnNuJkZrJebqynGylDiDfZ28gXZ7gFMNL7DHKVyVwSWqFY+BXDhSPtFUQ4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710286; c=relaxed/simple; bh=i7ECNhrBwjjxvcceIr0vfaTLVpMQLOLc1SkVVkZysks=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=grvOr4tUnb2G2n6NwRpdXy4UtAX/v7UrrXgaKQ7HkLRWHeWuYJe3JMTmaIzXHt+8o94o0aJldpostLmTofhLGhX3ECrDbY15+Ll3I3phcmKSgXSobkLL3yME87ulRYKN+zfWkV6B5ou2uOrLhV70AKxCQJ+128/zDw+tVKk2zmg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=kxmCBRe4; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="kxmCBRe4" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 13124C433C7; Wed, 10 Apr 2024 00:51:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712710286; bh=i7ECNhrBwjjxvcceIr0vfaTLVpMQLOLc1SkVVkZysks=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=kxmCBRe40XjySKqTf+fYGqFZO7JEe51fXR7gRmzdwPW2G6111TxHPyn8gwGMVtmLX 8YCEqAsVYheUTpqfG+A8Jo26zKQWABfTwoedGPJaGQlALjP7NKxxUgwsxrfiX4sH5E rbYTFJfa+0YzvnsWvIt28m7ihWynPr6rrOA42XEhd30uys8BbEok8yy8qQ4sOOW9FO gB7dbigPfUbfLUTWvVLUZTYyC1KIJXS7F8r1M0LMfVxVLNy/wLe7Z1W4fm9oqU7d2K 0QVh/m7g2DBB8ksXmhMfHpiPkhRudA3R7dOlAA4X5l3kz92EAXQPGTrHIX33/Ec9Tj ldFfTXCMT+5kg== Date: Tue, 09 Apr 2024 17:51:25 -0700 Subject: [PATCH 04/12] xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 From: "Darrick J. Wong" To: djwong@kernel.org Cc: hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171270968918.3631545.8245038196869543271.stgit@frogsfrogsfrogs> In-Reply-To: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> References: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Check that the number of recovered log iovecs is what is expected for the xattri opcode is expecting. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index e5e7ddbc594b9..d3559e6b24b7d 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -737,6 +737,7 @@ xlog_recover_attri_commit_pass2( const void *attr_value = NULL; const void *attr_name; size_t len; + unsigned int op; attri_formatp = item->ri_buf[0].i_addr; attr_name = item->ri_buf[1].i_addr; @@ -755,6 +756,32 @@ xlog_recover_attri_commit_pass2( return -EFSCORRUPTED; } + /* Check the number of log iovecs makes sense for the op code. */ + op = attri_formatp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; + switch (op) { + case XFS_ATTRI_OP_FLAGS_SET: + case XFS_ATTRI_OP_FLAGS_REPLACE: + /* Log item, attr name, attr value */ + if (item->ri_total != 3) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + break; + case XFS_ATTRI_OP_FLAGS_REMOVE: + /* Log item, attr name */ + if (item->ri_total != 2) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + break; + default: + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + /* Validate the attr name */ if (item->ri_buf[1].i_len != xlog_calc_iovec_len(attri_formatp->alfi_name_len)) { From patchwork Wed Apr 10 00:51:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13623373 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D5709621 for ; Wed, 10 Apr 2024 00:51:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710301; cv=none; b=Nv3m3J/iZ97fC0vYwRoN2odeTpLxvglZOF1OUVaZg4t0pwXnzsEHiXd7FZZY6AQJx04VKCXHkpHHmeMR6IAqy9n9rSnwc+zMnkvBnjf6MBCdn6e02Y/3xRHE2vX+J0JmJwATQQD0MuT+6cPv9RzncwJpi/hX5pQy0pthetKfNx4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710301; c=relaxed/simple; bh=NgezUS+bKR6kKwSMmU+QHZ8P6x5Cf2bfNlDXsrij4ek=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ryYsAlI0JEXQ/PDlY5anHhNJi6raXspG0fNO9l9pFZpqa+/l/HPo5Uu0NKY7Urwd/KRCabX8WSUsgKTCouT/L5QQeeWAMLZvE5kglsS92BbVjb7YXzHZyG8gvOE8xH1qcQbAsVI50cWqrT0qseO9Yei9WM+rtsC6GzvZ14cXvoo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=QgYhRL8Q; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="QgYhRL8Q" Received: by smtp.kernel.org (Postfix) with ESMTPSA id AFC20C433F1; Wed, 10 Apr 2024 00:51:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712710301; bh=NgezUS+bKR6kKwSMmU+QHZ8P6x5Cf2bfNlDXsrij4ek=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=QgYhRL8QF+xX4wb55bUbQ8Wn3WhHf3OF2l5Qj+mEmOK6wEV+/6/MvfdilErxzCoHQ J6xlvthA3VMtuX30qJWEjCFWZHFunNDhrtMc5NHkMuwINnzkfwOBu55x5gztbpY4D3 SGdzV/BMnH89m8tCyvh3Vj5SLXzrvu9kxam2fcBa9dtHp4BTC76NKjdADZrjAkPyOY FBkqF8rSfm4tHBaB9m1Tz5wv4xD35VG5gFUF/n/oQYOBpApGfGEoZ3gyLEJLiEG67W SZVK8r8dyEPIVB33CglXHVjRnxvGieTKBHfCTvBK22uEFOoRvXpg+wsALMnh5Eix4Y t+GDd0jwC6PeQ== Date: Tue, 09 Apr 2024 17:51:41 -0700 Subject: [PATCH 05/12] xfs: fix missing check for invalid attr flags From: "Darrick J. Wong" To: djwong@kernel.org Cc: hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171270968933.3631545.17328111564626328171.stgit@frogsfrogsfrogs> In-Reply-To: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> References: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong The xattr scrubber doesn't check for undefined flags in shortform attr entries. Therefore, define a mask XFS_ATTR_ONDISK_MASK that has all possible XFS_ATTR_* flags in it, and use that to check for unknown bits in xchk_xattr_actor. Refactor the check in the dabtree scanner function to use the new mask as well. The redundant checks need to be in place because the dabtree check examines the hash mappings and therefore needs to decode the attr leaf entries to compute the namehash. This happens before the walk of the xattr entries themselves. Fixes: ae0506eba78fd ("xfs: check used space of shortform xattr structures") Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/libxfs/xfs_da_format.h | 5 +++++ fs/xfs/scrub/attr.c | 13 +++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index aac3fe0396140..ecd0616f5776a 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -719,8 +719,13 @@ struct xfs_attr3_leafblock { #define XFS_ATTR_ROOT (1u << XFS_ATTR_ROOT_BIT) #define XFS_ATTR_SECURE (1u << XFS_ATTR_SECURE_BIT) #define XFS_ATTR_INCOMPLETE (1u << XFS_ATTR_INCOMPLETE_BIT) + #define XFS_ATTR_NSP_ONDISK_MASK (XFS_ATTR_ROOT | XFS_ATTR_SECURE) +#define XFS_ATTR_ONDISK_MASK (XFS_ATTR_NSP_ONDISK_MASK | \ + XFS_ATTR_LOCAL | \ + XFS_ATTR_INCOMPLETE) + #define XFS_ATTR_NAMESPACE_STR \ { XFS_ATTR_LOCAL, "local" }, \ { XFS_ATTR_ROOT, "root" }, \ diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index 5b855d7c98211..5ca79af47e81e 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -192,6 +192,11 @@ xchk_xattr_actor( if (xchk_should_terminate(sc, &error)) return error; + if (attr_flags & ~XFS_ATTR_ONDISK_MASK) { + xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, args.blkno); + return -ECANCELED; + } + if (attr_flags & XFS_ATTR_INCOMPLETE) { /* Incomplete attr key, just mark the inode for preening. */ xchk_ino_set_preen(sc, ip->i_ino); @@ -481,7 +486,6 @@ xchk_xattr_rec( xfs_dahash_t hash; int nameidx; int hdrsize; - unsigned int badflags; int error; ASSERT(blk->magic == XFS_ATTR_LEAF_MAGIC); @@ -511,10 +515,11 @@ xchk_xattr_rec( /* Retrieve the entry and check it. */ hash = be32_to_cpu(ent->hashval); - badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE | - XFS_ATTR_INCOMPLETE); - if ((ent->flags & badflags) != 0) + if (ent->flags & ~XFS_ATTR_ONDISK_MASK) { xchk_da_set_corrupt(ds, level); + return 0; + } + if (ent->flags & XFS_ATTR_LOCAL) { lentry = (struct xfs_attr_leaf_name_local *) (((char *)bp->b_addr) + nameidx); From patchwork Wed Apr 10 00:51:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13623374 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8217E621 for ; Wed, 10 Apr 2024 00:51:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710317; cv=none; b=KHxH3JXjBbpupaJvIXHRPiM+wjrmDqjmxZkAym8eH5S4wR/iaCugYeeYfHyJYnby9BsT8+Yu7dYnLCgZ/CdMleXg7b72mAFmUnDdDV62WDawEA1GzIrXb2iAG2QIn+CJZ3tvnh8mFKDQ3KbfMsYOx+1H0IcZanQmhTV0ZbVA9P4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710317; c=relaxed/simple; bh=1oW6JbfUMrWpedYRrR91RdEog4KMHWYq0V3FqRiPJH8=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=KlNi8+ljM/zPD5BEPZ/p0AgH/bnNXQDK0LsYG8hT1BSGHQbaO25Igwe7rv2qhxwGY8MJYpH8iHlsXZMdJn4ywP3d6+lS/qXS9pqvnUzLZma+9zS5a45aHt4Ts8uK4B20ZJm05b2IU3s9kt9z5VMdYkCGroj9DPajiHVugee+LqI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=B7BHumP2; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="B7BHumP2" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 59563C433C7; Wed, 10 Apr 2024 00:51:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712710317; bh=1oW6JbfUMrWpedYRrR91RdEog4KMHWYq0V3FqRiPJH8=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=B7BHumP2+aIUfNhPhmvwa1qoRSPxYxeYXjyHa/Qnsb40sTHOyTG/dyk78BKflrF3b PwnkSBNSfOkOyhh3z3iuXfq75da1TjsuD/vWQI0ZZfuFDxpyP3hVYueO9In9kF8czM FlgsboXuf6c+t+Raz2brc+BZrOkh1OnQHVLqMi55Mc9Adx7GRne8z+Ne9PENij5Rsa mdnZmgWH/+xiW3ocoK48V3RMRLLSymdlX2/IR6BfaXM23AX6Kss4wz13jUeLJTaElu Mdqb/Nx1qrJ1EL0aXcX28COlm744rqL9pEIWlT1U0fTjf2QDeDRNlBaJGfL1d1u3u2 7CPZux+vVFtag== Date: Tue, 09 Apr 2024 17:51:56 -0700 Subject: [PATCH 06/12] xfs: restructure xfs_attr_complete_op a bit From: "Darrick J. Wong" To: djwong@kernel.org Cc: hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171270968950.3631545.4788373736144068333.stgit@frogsfrogsfrogs> In-Reply-To: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> References: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Eliminate the local variable from this function so that we can streamline things a bit later when we add the PPTR_REPLACE op code. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/libxfs/xfs_attr.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index cbc9a1b1c72d3..fda9acb81585d 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -432,14 +432,13 @@ xfs_attr_complete_op( enum xfs_delattr_state replace_state) { struct xfs_da_args *args = attr->xattri_da_args; - bool do_replace = args->op_flags & XFS_DA_OP_REPLACE; + + if (!(args->op_flags & XFS_DA_OP_REPLACE)) + replace_state = XFS_DAS_DONE; args->op_flags &= ~XFS_DA_OP_REPLACE; args->attr_filter &= ~XFS_ATTR_INCOMPLETE; - if (do_replace) - return replace_state; - - return XFS_DAS_DONE; + return replace_state; } static int From patchwork Wed Apr 10 00:52:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13623375 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B02F621 for ; Wed, 10 Apr 2024 00:52:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710333; cv=none; b=KSwJV1DZy5SQMs6pp/g85J2tcHlfYK1IUCCm3Cb5CJdD5QC6+TJvRxQE6kp7TUw51imMTpeeuQBy5+7Jx2PN1JyhxXOwB3BmKWM1qvp1XXVcTmUcVhhnR91tisup4KJ7uFCtX84DU+0enxT8/K4Se01+/I0169Ol8eHG0n3IM8w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710333; c=relaxed/simple; bh=h7GRCU2J7c+Cu2hyo+tO+3klScn0o+4kg5+KBghTEn8=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=RjIRR+24w3yUZfvUjg91uMSASHCd0lryPACA8eyimvC/XLTiCdeQ2uDTtBK1V3zwopmr8qRC+BPj9rRCXoY864ZZroCplPPE3ywVpGu3G3j9PjqMYNIUJ9mM9wzXNz5jyckRNgZIUNot8hVcn2ML0FOBthBc2OHnzJrgua6XK7k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=uOEKLNM1; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="uOEKLNM1" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0039FC433F1; Wed, 10 Apr 2024 00:52:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712710333; bh=h7GRCU2J7c+Cu2hyo+tO+3klScn0o+4kg5+KBghTEn8=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=uOEKLNM16GzA6dnE8JXSiLsk2OLdUikolf3OtRIZku6YgpAh0CvOEu7fqjwkF8h3r zosHFpFjwHm3iLNXsckGAdYryoOh3+pzaBt7Ejbg8mihPS8g/1CQtAtVyJhL7ikQ1Y 5czMf82Zwnw4XX71KEHvFI39JCLghUA9uAQCvA9Dueif+y20jHcDr2+123OPWjNtZd 5pjpgTkIfzsvIY6QBnKMJHz9UUX8IUzz17I7apgLKsIhxD1zkY0FVOQShSKbTRs5T6 qhJIP/ssTISl2bjQnPciKPngLaN9DGCkvMWfFV/ct4z5cH2/vVj7kUZ6k/ZhdUoSc5 18Jgnh8tRqs/w== Date: Tue, 09 Apr 2024 17:52:12 -0700 Subject: [PATCH 07/12] xfs: use helpers to extract xattr op from opflags From: "Darrick J. Wong" To: djwong@kernel.org Cc: hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171270968966.3631545.12587444590975333070.stgit@frogsfrogsfrogs> In-Reply-To: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> References: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Create helper functions to extract the xattr op from the ondisk xattri log item and the incore attr intent item. These will get more use in the patches that follow. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/libxfs/xfs_attr.h | 5 +++++ fs/xfs/xfs_attr_item.c | 16 ++++++++++------ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.h b/fs/xfs/libxfs/xfs_attr.h index 670ab2a613fc6..04ae01ab9a5d8 100644 --- a/fs/xfs/libxfs/xfs_attr.h +++ b/fs/xfs/libxfs/xfs_attr.h @@ -529,6 +529,11 @@ struct xfs_attr_intent { struct xfs_bmbt_irec xattri_map; }; +static inline unsigned int +xfs_attr_intent_op(const struct xfs_attr_intent *attr) +{ + return attr->xattri_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; +} /*======================================================================== * Function prototypes for the kernel. diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index d3559e6b24b7d..b4c2dcb4581bc 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -308,6 +308,12 @@ xfs_attrd_item_intent( return &ATTRD_ITEM(lip)->attrd_attrip->attri_item; } +static inline unsigned int +xfs_attr_log_item_op(const struct xfs_attri_log_format *attrp) +{ + return attrp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; +} + /* Log an attr to the intent item. */ STATIC void xfs_attr_log_item( @@ -466,8 +472,7 @@ xfs_attri_validate( struct xfs_mount *mp, struct xfs_attri_log_format *attrp) { - unsigned int op = attrp->alfi_op_flags & - XFS_ATTRI_OP_FLAGS_TYPE_MASK; + unsigned int op = xfs_attr_log_item_op(attrp); if (!xfs_is_using_logged_xattrs(mp)) return false; @@ -551,8 +556,7 @@ xfs_attri_recover_work( args = (struct xfs_da_args *)(attr + 1); attr->xattri_da_args = args; - attr->xattri_op_flags = attrp->alfi_op_flags & - XFS_ATTRI_OP_FLAGS_TYPE_MASK; + attr->xattri_op_flags = xfs_attr_log_item_op(attrp); /* * We're reconstructing the deferred work state structure from the @@ -573,7 +577,7 @@ xfs_attri_recover_work( XFS_DA_OP_LOGGED; args->owner = args->dp->i_ino; - switch (attr->xattri_op_flags) { + switch (xfs_attr_intent_op(attr)) { case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: args->value = nv->value.i_addr; @@ -757,7 +761,7 @@ xlog_recover_attri_commit_pass2( } /* Check the number of log iovecs makes sense for the op code. */ - op = attri_formatp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; + op = xfs_attr_log_item_op(attri_formatp); switch (op) { case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: From patchwork Wed Apr 10 00:52:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13623376 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C12CB818 for ; Wed, 10 Apr 2024 00:52:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710348; cv=none; b=WzlNCxl08D2OVYtIjS0ntbyPREt4NQbsjBG5bl/sbgCtu8F2u/RSGlglAd6riHV3conQwhGubxEAAlPDIoqt9ge/0/xwWQ7qT/7iJlCHSjPoOusSDwWhQXDnKAsVil3JFbqn9CJereX3oBuquD86wqrRSAVAdvwxL3ynyHHpkmk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710348; c=relaxed/simple; bh=HUctzT854dGoV9uuck7WpFAo94926i9GlOUKgq9fxnA=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Ls5Yorc3cvWCi72dM9GZP1droyPXdZG5ObwZhrpHlyKX2pX9ZUKNbpgx4pvd2G5U1CtmYbSQzeiILsAxeU9rCBimzpvQqOCneDQSProf2sGsH10JUQ+fHFwk9Mn7l/5o0bUd9IOPTpH5hu9Ioc+g8jq7CRcfGV3AHjZZDYc4WUQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=NPVE/RNI; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="NPVE/RNI" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9E634C433F1; Wed, 10 Apr 2024 00:52:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712710348; bh=HUctzT854dGoV9uuck7WpFAo94926i9GlOUKgq9fxnA=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=NPVE/RNIL+M3vjIm7gWMZ0YScfWKIHyfqs5z1l8kRdwYSJYKFh8kxwZkJrxYRz5fl UBJMVYt0yH91tp+PKlyoT/pVTL/Fb8l8/d9GUIofLPupNCMy0+fRFbK51bhPdu5LUs eS2LepBoAPnepSka+lOU7f5qlTAGsd4awCSTSS+eD4x1dvrg58+4eb+mjWVqKB85+V 8BdBiZagBggoXIYGyifwAvFq5PmsMSMVJT2r/YYNoB7nSAqoeKVNzMRbODREvAwuIM PCZ+QCxrQgMnKfKjmkuYYSYhWkI7ZnJpYN7PLrAKecPvSt6X5LpJNo0OnVRwPz7cPO X1AnyQaNyM59w== Date: Tue, 09 Apr 2024 17:52:28 -0700 Subject: [PATCH 08/12] xfs: validate recovered name buffers when recovering xattr items From: "Darrick J. Wong" To: djwong@kernel.org Cc: hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171270968983.3631545.17258405896513987386.stgit@frogsfrogsfrogs> In-Reply-To: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> References: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Strengthen the xattri log item recovery code by checking that we actually have the required name and newname buffers for whatever operation we're replaying. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 58 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 47 insertions(+), 11 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index b4c2dcb4581bc..ebd6e98d9c661 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -741,22 +741,20 @@ xlog_recover_attri_commit_pass2( const void *attr_value = NULL; const void *attr_name; size_t len; - unsigned int op; - - attri_formatp = item->ri_buf[0].i_addr; - attr_name = item->ri_buf[1].i_addr; + unsigned int op, i = 0; /* Validate xfs_attri_log_format before the large memory allocation */ len = sizeof(struct xfs_attri_log_format); - if (item->ri_buf[0].i_len != len) { + if (item->ri_buf[i].i_len != len) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, item->ri_buf[0].i_addr, item->ri_buf[0].i_len); return -EFSCORRUPTED; } + attri_formatp = item->ri_buf[i].i_addr; if (!xfs_attri_validate(mp, attri_formatp)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - item->ri_buf[0].i_addr, item->ri_buf[0].i_len); + attri_formatp, len); return -EFSCORRUPTED; } @@ -785,31 +783,69 @@ xlog_recover_attri_commit_pass2( attri_formatp, len); return -EFSCORRUPTED; } + i++; /* Validate the attr name */ - if (item->ri_buf[1].i_len != + if (item->ri_buf[i].i_len != xlog_calc_iovec_len(attri_formatp->alfi_name_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - item->ri_buf[0].i_addr, item->ri_buf[0].i_len); + attri_formatp, len); return -EFSCORRUPTED; } + attr_name = item->ri_buf[i].i_addr; if (!xfs_attr_namecheck(attr_name, attri_formatp->alfi_name_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - item->ri_buf[1].i_addr, item->ri_buf[1].i_len); + attri_formatp, len); return -EFSCORRUPTED; } + i++; /* Validate the attr value, if present */ if (attri_formatp->alfi_value_len != 0) { - if (item->ri_buf[2].i_len != xlog_calc_iovec_len(attri_formatp->alfi_value_len)) { + if (item->ri_buf[i].i_len != xlog_calc_iovec_len(attri_formatp->alfi_value_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, item->ri_buf[0].i_addr, item->ri_buf[0].i_len); return -EFSCORRUPTED; } - attr_value = item->ri_buf[2].i_addr; + attr_value = item->ri_buf[i].i_addr; + i++; + } + + /* + * Make sure we got the correct number of buffers for the operation + * that we just loaded. + */ + if (i != item->ri_total) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + + switch (op) { + case XFS_ATTRI_OP_FLAGS_REMOVE: + /* Regular remove operations operate only on names. */ + if (attr_value != NULL || attri_formatp->alfi_value_len != 0) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + fallthrough; + case XFS_ATTRI_OP_FLAGS_SET: + case XFS_ATTRI_OP_FLAGS_REPLACE: + /* + * Regular xattr set/remove/replace operations require a name + * and do not take a newname. Values are optional for set and + * replace. + */ + if (attr_name == NULL || attri_formatp->alfi_name_len == 0) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + break; } /* From patchwork Wed Apr 10 00:52:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13623377 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 67F6EEC2 for ; Wed, 10 Apr 2024 00:52:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710364; cv=none; b=afRIHnM4W7bWmGLXLUha1epvtATZ17HkLQwN+12Q/z1OAhaw/aqU7Zla47lUwYUud7fqywm2oW96fthc5e22aGH1Vvc6rJVb00flDnBcOYUfPC9ouXdVoLcQKVhaw/QHDVwzEHUCxM3c9Y/PpoVwUwIKqDGKx8Uyo+/cIWTDdic= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710364; c=relaxed/simple; bh=OcjrjP9hiR4ne59SrdjR1Nk2Vr4Zmb47RWKZfcYbu/E=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=aV2gzfWkfZxZxKPZUsr0lzcAb1gkn1puhEWJ9/FNl7hmm4wbwhNE2F8F8jT+HVyrJgGMtGgIrBYD4pVqEKXdNUt6svLoBp9uVki3cNQ9KDsey4yN6K9CIE8/WFO7Y0qpXCut2By7jOYgLAlaIRxvuvfTJeEVrir1bH0Yelw4sKc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Kd2/BQI+; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Kd2/BQI+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 43977C433F1; Wed, 10 Apr 2024 00:52:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712710364; bh=OcjrjP9hiR4ne59SrdjR1Nk2Vr4Zmb47RWKZfcYbu/E=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=Kd2/BQI+JdLeBe4JrzqCecEF5jk8Lpw4WOvPUfHsi+Wb82lIxrAgNYVoCtsort66Z qUzq9vbgDAbSuBiN6eWU08TtBBvP32+n4X1DfUM7eRCr8wTRuHhc5lNwhZhw+9RwEv PCpU6J2sDzqGhJQzgapFZKs9JGwLhURdpzrihxn7+5lRslRnoOcNKuKPRohGOcYfv1 hxWFrdm2KDc/rNWvIdIGFzdeXLRVfVk+lhII/MD5KuuQG6ZXmoMkGCkG23nWcQ5Ric Qt4MECmcLDchMJsp9Jyl9Z9tEgEIKl1bxXeIdOMTHUNIlsOF88Mmv97pCYe63PNK2p kBDGI8i8a2fHQ== Date: Tue, 09 Apr 2024 17:52:43 -0700 Subject: [PATCH 09/12] xfs: always set args->value in xfs_attri_item_recover From: "Darrick J. Wong" To: djwong@kernel.org Cc: hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171270968999.3631545.8805460036255507720.stgit@frogsfrogsfrogs> In-Reply-To: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> References: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Always set args->value to the recovered value buffer. This reduces the amount of code in the switch statement, and hence the amount of thinking that I have to do. We validated the recovered buffers, supposedly. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index ebd6e98d9c661..8a13e2840692c 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -572,6 +572,8 @@ xfs_attri_recover_work( args->name = nv->name.i_addr; args->namelen = nv->name.i_len; args->hashval = xfs_da_hashname(args->name, args->namelen); + args->value = nv->value.i_addr; + args->valuelen = nv->value.i_len; args->attr_filter = attrp->alfi_attr_filter & XFS_ATTRI_FILTER_MASK; args->op_flags = XFS_DA_OP_RECOVERY | XFS_DA_OP_OKNOENT | XFS_DA_OP_LOGGED; @@ -580,8 +582,6 @@ xfs_attri_recover_work( switch (xfs_attr_intent_op(attr)) { case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: - args->value = nv->value.i_addr; - args->valuelen = nv->value.i_len; args->total = xfs_attr_calc_size(args, &local); if (xfs_inode_hasattr(args->dp)) attr->xattri_dela_state = xfs_attr_init_replace_state(args); From patchwork Wed Apr 10 00:52:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13623378 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0DF3E10F1 for ; Wed, 10 Apr 2024 00:53:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710380; cv=none; b=hIh2LIX7X1u0JtrzPaSBJbu/xu62fpndWLcWBmCCFAJCiktqiRCRVkDhCGAklf7MM6Je0tRTYntFAlhBaYd6s23uU2KhPmyL+wJrLvNPwagRClegw4kvPfQ/7QIPMrf7alxxxAcbCJnV1tvDco2H8i7VC2Z2N8pprvlluCtgS9U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710380; c=relaxed/simple; bh=iL03dAQ+Rv9WZj7R3zTQJDe+9aZXk/G5hcuYm2wzc6o=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=R6m3NMaue0SzVwy3JqUOVv/vdT0MX9o6WQVKcGK7/tzvYPDzVt447sYP+TkmxObpnwfwgRk0lQKYNokDm488TdN5wVwuhi+04PV9RDDavLER069+Q0Jd6MyZ4kWocdiMt2XQWCv0NuDG52ec/K/LscDPxnPUbPGg92dZhmgN1es= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=c+4+jx2d; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="c+4+jx2d" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D22D1C433F1; Wed, 10 Apr 2024 00:52:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712710379; bh=iL03dAQ+Rv9WZj7R3zTQJDe+9aZXk/G5hcuYm2wzc6o=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=c+4+jx2d+fsboU8J1ipYpLN6cqcVlbQ3fj9A0k6ThhJF4KW6Z5FTdXbmynykmjtPX Iejhxh+GAUGt14mf2RpSnRdOoW16U8/4FFm5ZyckELvhEvzRTWrMkA0vNxjXZ9TUae gY2J10BiRCFaAXXKtal/eRZwZZUIaC4V/BadBmbUXtM3N6QwYgZqIfn1cZvVLmIWjU As9nk7ne2AE3wLHO83Mri1Zu3LkDgYPZ/f/clOWdhKC5fIIT4563ygkUNYSTJcHvBT 7w+6psOG4baY9HEfqIp6lIf2zkDvqwqQETlLV5jOh3kR2b8JjxfcCrzSpCGYfkqFdy sv30W9v3/6+mg== Date: Tue, 09 Apr 2024 17:52:59 -0700 Subject: [PATCH 10/12] xfs: use local variables for name and value length in _attri_commit_pass2 From: "Darrick J. Wong" To: djwong@kernel.org Cc: hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171270969015.3631545.13851851506156175786.stgit@frogsfrogsfrogs> In-Reply-To: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> References: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong We're about to start using tagged unions in the xattr log format, so create a bunch of local variables in the recovery function so we only have to decode the log item fields once. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 8a13e2840692c..59723e5f483e2 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -738,9 +738,11 @@ xlog_recover_attri_commit_pass2( struct xfs_attri_log_item *attrip; struct xfs_attri_log_format *attri_formatp; struct xfs_attri_log_nameval *nv; - const void *attr_value = NULL; const void *attr_name; + const void *attr_value = NULL; size_t len; + unsigned int name_len = 0; + unsigned int value_len = 0; unsigned int op, i = 0; /* Validate xfs_attri_log_format before the large memory allocation */ @@ -769,6 +771,8 @@ xlog_recover_attri_commit_pass2( attri_formatp, len); return -EFSCORRUPTED; } + name_len = attri_formatp->alfi_name_len; + value_len = attri_formatp->alfi_value_len; break; case XFS_ATTRI_OP_FLAGS_REMOVE: /* Log item, attr name */ @@ -777,6 +781,7 @@ xlog_recover_attri_commit_pass2( attri_formatp, len); return -EFSCORRUPTED; } + name_len = attri_formatp->alfi_name_len; break; default: XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, @@ -786,15 +791,14 @@ xlog_recover_attri_commit_pass2( i++; /* Validate the attr name */ - if (item->ri_buf[i].i_len != - xlog_calc_iovec_len(attri_formatp->alfi_name_len)) { + if (item->ri_buf[i].i_len != xlog_calc_iovec_len(name_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, attri_formatp, len); return -EFSCORRUPTED; } attr_name = item->ri_buf[i].i_addr; - if (!xfs_attr_namecheck(attr_name, attri_formatp->alfi_name_len)) { + if (!xfs_attr_namecheck(attr_name, name_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, attri_formatp, len); return -EFSCORRUPTED; @@ -802,8 +806,8 @@ xlog_recover_attri_commit_pass2( i++; /* Validate the attr value, if present */ - if (attri_formatp->alfi_value_len != 0) { - if (item->ri_buf[i].i_len != xlog_calc_iovec_len(attri_formatp->alfi_value_len)) { + if (value_len != 0) { + if (item->ri_buf[i].i_len != xlog_calc_iovec_len(value_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, item->ri_buf[0].i_addr, item->ri_buf[0].i_len); @@ -827,7 +831,7 @@ xlog_recover_attri_commit_pass2( switch (op) { case XFS_ATTRI_OP_FLAGS_REMOVE: /* Regular remove operations operate only on names. */ - if (attr_value != NULL || attri_formatp->alfi_value_len != 0) { + if (attr_value != NULL || value_len != 0) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, attri_formatp, len); return -EFSCORRUPTED; @@ -840,7 +844,7 @@ xlog_recover_attri_commit_pass2( * and do not take a newname. Values are optional for set and * replace. */ - if (attr_name == NULL || attri_formatp->alfi_name_len == 0) { + if (attr_name == NULL || name_len == 0) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, attri_formatp, len); return -EFSCORRUPTED; @@ -853,9 +857,8 @@ xlog_recover_attri_commit_pass2( * name/value buffer to the recovered incore log item and drop our * reference. */ - nv = xfs_attri_log_nameval_alloc(attr_name, - attri_formatp->alfi_name_len, attr_value, - attri_formatp->alfi_value_len); + nv = xfs_attri_log_nameval_alloc(attr_name, name_len, + attr_value, value_len); attrip = xfs_attri_init(mp, nv); memcpy(&attrip->attri_format, attri_formatp, len); From patchwork Wed Apr 10 00:53:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13623379 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9DCD11388 for ; Wed, 10 Apr 2024 00:53:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710395; cv=none; b=OE4ooq7HOxow4qhudieztuehKKiseOBJJ/CqSRI0y8Aj1LSC3S71lCQmLarnHe3IFqVg7TiJWBRnFHQBGmfijTgfQk1IW0mn26+4jVUb1cLm+W01x8Bfvz0V8zxMD2s0In+xy9Bp7aXA+4nn8IyFkkN2Tj5CEwC7k4kBCWZ0grI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710395; c=relaxed/simple; bh=+V9eI/rr6IRnitiAUmopbXyefcqGiQw9qhvaBYJ3mB8=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tCtuvnq2POMTULkFFYZ5Wrmm7qlGZop/7r3nly3J3lUKWvsv3vqxSU1v6q4AK33AaoSPMy9hiAZjBawDTvBGm+Nqub+aJBooDfaDRgbNPKyLOBc+ccjRGGEuQOxm4biHFS6eCLUdbJDUrnMijuwsUJY+rQjieDHgAeHmxsKNUtk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=imui3hRB; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="imui3hRB" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7B3ADC433C7; Wed, 10 Apr 2024 00:53:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712710395; bh=+V9eI/rr6IRnitiAUmopbXyefcqGiQw9qhvaBYJ3mB8=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=imui3hRBaVa0yxJSBRZ4IqXD6W2OwpLFMyvYp/BuhJboBBvuvS5btqfzQM3z7UNI/ duabIgrF0yfMycsJHFeoTe/OvPulcQz8VaW+SP7uVVszA9V2X3aL18l1SERy3fYwTl S/6JT+1IGcxxOK5R9ia3QiWbbh/tEJgpOaaoTcAsOsF5/ErLQ0QYYjbWVdYm4omx+h MkUMDUiLAUxQM+CNgw3PA1CyY5FQ+obAKEvlfCVaajGJJPK3AWjXcMX2mqJh6UISzJ R2bzrwH9y82YzyIJfeKqiBnNHzXg7UCJMjjPPHi4tG8qgK/zKj8uYDG1Bz4o+wjBAL jQ/8xLuOud5bA== Date: Tue, 09 Apr 2024 17:53:15 -0700 Subject: [PATCH 11/12] xfs: refactor name/length checks in xfs_attri_validate From: "Darrick J. Wong" To: djwong@kernel.org Cc: hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171270969031.3631545.9868795270237115582.stgit@frogsfrogsfrogs> In-Reply-To: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> References: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Move the name and length checks into the attr op switch statement so that we can perform more specific checks of the value length. Over the next few patches we're going to add new attr op flags with different validation requirements. While we're at it, remove the incorrect comment. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 59723e5f483e2..5ad14be760adc 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -486,23 +486,26 @@ xfs_attri_validate( if (attrp->alfi_attr_filter & ~XFS_ATTRI_FILTER_MASK) return false; - /* alfi_op_flags should be either a set or remove */ switch (op) { case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: + if (attrp->alfi_value_len > XATTR_SIZE_MAX) + return false; + if (attrp->alfi_name_len == 0 || + attrp->alfi_name_len > XATTR_NAME_MAX) + return false; + break; case XFS_ATTRI_OP_FLAGS_REMOVE: + if (attrp->alfi_value_len != 0) + return false; + if (attrp->alfi_name_len == 0 || + attrp->alfi_name_len > XATTR_NAME_MAX) + return false; break; default: return false; } - if (attrp->alfi_value_len > XATTR_SIZE_MAX) - return false; - - if ((attrp->alfi_name_len > XATTR_NAME_MAX) || - (attrp->alfi_name_len == 0)) - return false; - return xfs_verify_ino(mp, attrp->alfi_ino); } From patchwork Wed Apr 10 00:53:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13623380 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C9B901854 for ; Wed, 10 Apr 2024 00:53:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710411; cv=none; b=dwkIOtSVvCWJirKd9LeYZFiNtxy2hiWjG9tuylEDAGG1fIF58EyLD5+isZzoBJdYw8+rrR+QJFAXWKJkhCa1dLGkRtaTo6VqsDumAjk2fV7huu9IpE+0PZAkW4LXtas/NVncj6ivNSfjebo97otRsEvN4DMMT6cn1rZ/R9Ia9VA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712710411; c=relaxed/simple; bh=6EglNPIYkOVr3QZ6vlpYr8SyHyYETEOBqycnR8uF/aA=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=HLeAsRQSr5bY517gtnx4k4eBVJzNmsCvxa2jAepakZCt32u3h/T0t6il3RQCSkXYoQUZkUONFgCUNREhnNejDmUikAdVYQxNei4VaVPhtpdGfxWAHCwewrlNDE++pJFJOu811Fy7cudI36piQ9EIlcnTTTKoY1rJHTSQ94rsH70= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZXzfQ5Dx; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZXzfQ5Dx" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 15DD7C433C7; Wed, 10 Apr 2024 00:53:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1712710411; bh=6EglNPIYkOVr3QZ6vlpYr8SyHyYETEOBqycnR8uF/aA=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=ZXzfQ5DxY4ElxLjC1kzHvj+pq7hMcSBnPOsPUfftCd5Jb2gtos+VGM2y6vivtkzPM 4M9wA1+oW/M4/sJ6n4Gl3O4FdF8XsKhRHCmzBF+/B06sMV8+R249ltdfyVw55HmerX /o0X/gmpfDnVWFF/sL3wO/CTlxJqwpTYdfwI9/OmrrKj5QdTPvLN7EllWFS5j1OqLa RmptKaCXZbbEKfjH6CLhrh1Lh+CLJKJrsgGg0RC9LJ7aFzgwPK8TevGxUTeODFrefN pbciSf+leoz9eMpFzmLbKbS/5WC+WyETD5IZvfmBvT1x83tjSK1EHOxTWwfzWxLna9 UG77RJguPosKw== Date: Tue, 09 Apr 2024 17:53:30 -0700 Subject: [PATCH 12/12] xfs: enforce one namespace per attribute From: "Darrick J. Wong" To: djwong@kernel.org Cc: hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171270969047.3631545.13061481708392950797.stgit@frogsfrogsfrogs> In-Reply-To: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> References: <171270968824.3631545.9037354951123114569.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Create a standardized helper function to enforce one namespace bit per extended attribute, and refactor all the open-coded hweight logic. This function is not a static inline to avoid porting hassles in userspace. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/libxfs/xfs_attr.c | 15 +++++++++++++++ fs/xfs/libxfs/xfs_attr.h | 4 +++- fs/xfs/libxfs/xfs_attr_leaf.c | 7 ++++++- fs/xfs/scrub/attr.c | 12 +++++------- fs/xfs/scrub/attr_repair.c | 4 +--- fs/xfs/xfs_attr_item.c | 10 ++++++++-- fs/xfs/xfs_attr_list.c | 11 +++++++---- 7 files changed, 45 insertions(+), 18 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index fda9acb81585d..426a41b43f641 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -275,6 +275,8 @@ xfs_attr_get( if (xfs_is_shutdown(args->dp->i_mount)) return -EIO; + if (!xfs_attr_namecheck(args->attr_filter, args->name, args->namelen)) + return -EFSCORRUPTED; if (!args->owner) args->owner = args->dp->i_ino; @@ -950,6 +952,8 @@ xfs_attr_set( if (xfs_is_shutdown(dp->i_mount)) return -EIO; + if (!xfs_attr_namecheck(args->attr_filter, args->name, args->namelen)) + return -EFSCORRUPTED; error = xfs_qm_dqattach(dp); if (error) @@ -1530,12 +1534,23 @@ xfs_attr_node_get( return error; } +/* Enforce that there is at most one namespace bit per attr. */ +inline bool xfs_attr_check_namespace(unsigned int attr_flags) +{ + return hweight32(attr_flags & XFS_ATTR_NSP_ONDISK_MASK) < 2; +} + /* Returns true if the attribute entry name is valid. */ bool xfs_attr_namecheck( + unsigned int attr_flags, const void *name, size_t length) { + /* Only one namespace bit allowed. */ + if (!xfs_attr_check_namespace(attr_flags)) + return false; + /* * MAXNAMELEN includes the trailing null, but (name/length) leave it * out, so use >= for the length check. diff --git a/fs/xfs/libxfs/xfs_attr.h b/fs/xfs/libxfs/xfs_attr.h index 04ae01ab9a5d8..3813f7ae626a2 100644 --- a/fs/xfs/libxfs/xfs_attr.h +++ b/fs/xfs/libxfs/xfs_attr.h @@ -552,7 +552,9 @@ int xfs_attr_get(struct xfs_da_args *args); int xfs_attr_set(struct xfs_da_args *args); int xfs_attr_set_iter(struct xfs_attr_intent *attr); int xfs_attr_remove_iter(struct xfs_attr_intent *attr); -bool xfs_attr_namecheck(const void *name, size_t length); +bool xfs_attr_check_namespace(unsigned int attr_flags); +bool xfs_attr_namecheck(unsigned int attr_flags, const void *name, + size_t length); int xfs_attr_calc_size(struct xfs_da_args *args, int *local); void xfs_init_attr_trans(struct xfs_da_args *args, struct xfs_trans_res *tres, unsigned int *total); diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c index 0e0faa19d4da6..7929caf2052f7 100644 --- a/fs/xfs/libxfs/xfs_attr_leaf.c +++ b/fs/xfs/libxfs/xfs_attr_leaf.c @@ -949,6 +949,11 @@ xfs_attr_shortform_to_leaf( nargs.hashval = xfs_da_hashname(sfe->nameval, sfe->namelen); nargs.attr_filter = sfe->flags & XFS_ATTR_NSP_ONDISK_MASK; + if (!xfs_attr_check_namespace(sfe->flags)) { + xfs_da_mark_sick(args); + error = -EFSCORRUPTED; + goto out; + } error = xfs_attr3_leaf_lookup_int(bp, &nargs); /* set a->index */ ASSERT(error == -ENOATTR); error = xfs_attr3_leaf_add(bp, &nargs); @@ -1062,7 +1067,7 @@ xfs_attr_shortform_verify( * one namespace flag per xattr, so we can just count the * bits (i.e. hweight) here. */ - if (hweight8(sfep->flags & XFS_ATTR_NSP_ONDISK_MASK) > 1) + if (!xfs_attr_check_namespace(sfep->flags)) return __this_address; sfep = next_sfep; diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index 5ca79af47e81e..fdff9be408186 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -203,14 +203,8 @@ xchk_xattr_actor( return 0; } - /* Only one namespace bit allowed. */ - if (hweight32(attr_flags & XFS_ATTR_NSP_ONDISK_MASK) > 1) { - xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, args.blkno); - return -ECANCELED; - } - /* Does this name make sense? */ - if (!xfs_attr_namecheck(name, namelen)) { + if (!xfs_attr_namecheck(attr_flags, name, namelen)) { xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, args.blkno); return -ECANCELED; } @@ -519,6 +513,10 @@ xchk_xattr_rec( xchk_da_set_corrupt(ds, level); return 0; } + if (!xfs_attr_check_namespace(ent->flags)) { + xchk_da_set_corrupt(ds, level); + return 0; + } if (ent->flags & XFS_ATTR_LOCAL) { lentry = (struct xfs_attr_leaf_name_local *) diff --git a/fs/xfs/scrub/attr_repair.c b/fs/xfs/scrub/attr_repair.c index 8192f9044c4a9..7228758c2da1a 100644 --- a/fs/xfs/scrub/attr_repair.c +++ b/fs/xfs/scrub/attr_repair.c @@ -123,12 +123,10 @@ xrep_xattr_want_salvage( return false; if (namelen > XATTR_NAME_MAX || namelen <= 0) return false; - if (!xfs_attr_namecheck(name, namelen)) + if (!xfs_attr_namecheck(attr_flags, name, namelen)) return false; if (valuelen > XATTR_SIZE_MAX || valuelen < 0) return false; - if (hweight32(attr_flags & XFS_ATTR_NSP_ONDISK_MASK) > 1) - return false; return true; } diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 5ad14be760adc..4d4fb804c0016 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -486,6 +486,10 @@ xfs_attri_validate( if (attrp->alfi_attr_filter & ~XFS_ATTRI_FILTER_MASK) return false; + if (!xfs_attr_check_namespace(attrp->alfi_attr_filter & + XFS_ATTR_NSP_ONDISK_MASK)) + return false; + switch (op) { case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: @@ -629,7 +633,8 @@ xfs_attr_recover_work( */ attrp = &attrip->attri_format; if (!xfs_attri_validate(mp, attrp) || - !xfs_attr_namecheck(nv->name.i_addr, nv->name.i_len)) + !xfs_attr_namecheck(attrp->alfi_attr_filter, nv->name.i_addr, + nv->name.i_len)) return -EFSCORRUPTED; attr = xfs_attri_recover_work(mp, dfp, attrp, &ip, nv); @@ -801,7 +806,8 @@ xlog_recover_attri_commit_pass2( } attr_name = item->ri_buf[i].i_addr; - if (!xfs_attr_namecheck(attr_name, name_len)) { + if (!xfs_attr_namecheck(attri_formatp->alfi_attr_filter, attr_name, + name_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, attri_formatp, len); return -EFSCORRUPTED; diff --git a/fs/xfs/xfs_attr_list.c b/fs/xfs/xfs_attr_list.c index 97c8f3dcfb89d..903ed46c68872 100644 --- a/fs/xfs/xfs_attr_list.c +++ b/fs/xfs/xfs_attr_list.c @@ -82,7 +82,8 @@ xfs_attr_shortform_list( (dp->i_af.if_bytes + sf->count * 16) < context->bufsize)) { for (i = 0, sfe = xfs_attr_sf_firstentry(sf); i < sf->count; i++) { if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(sfe->nameval, + !xfs_attr_namecheck(sfe->flags, + sfe->nameval, sfe->namelen))) { xfs_dirattr_mark_sick(context->dp, XFS_ATTR_FORK); return -EFSCORRUPTED; @@ -122,7 +123,8 @@ xfs_attr_shortform_list( for (i = 0, sfe = xfs_attr_sf_firstentry(sf); i < sf->count; i++) { if (unlikely( ((char *)sfe < (char *)sf) || - ((char *)sfe >= ((char *)sf + dp->i_af.if_bytes)))) { + ((char *)sfe >= ((char *)sf + dp->i_af.if_bytes)) || + !xfs_attr_check_namespace(sfe->flags))) { XFS_CORRUPTION_ERROR("xfs_attr_shortform_list", XFS_ERRLEVEL_LOW, context->dp->i_mount, sfe, @@ -177,7 +179,7 @@ xfs_attr_shortform_list( cursor->offset = 0; } if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(sbp->name, + !xfs_attr_namecheck(sbp->flags, sbp->name, sbp->namelen))) { xfs_dirattr_mark_sick(context->dp, XFS_ATTR_FORK); error = -EFSCORRUPTED; @@ -502,7 +504,8 @@ xfs_attr3_leaf_list_int( } if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(name, namelen))) { + !xfs_attr_namecheck(entry->flags, name, + namelen))) { xfs_dirattr_mark_sick(context->dp, XFS_ATTR_FORK); return -EFSCORRUPTED; }