From patchwork Wed Apr 24 03:09:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 98E78BE4D for ; Wed, 24 Apr 2024 03:09:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928152; cv=none; b=MV8gu8oqG4Osy5Xpx/wlIAB3yEqwi8Yl+8ZTQpFcYaSyvVifIcyObJ81aqyKjK+rdeQVzpetxOv7b0DZA4dXowrRdf9QUAgItIOs2QvgMxVurivWBcav/fqlenHdF2i1AcDfeeOeAvGSNK3YR6aU6yLqn9QRnMSXm5CcNKsexLs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928152; c=relaxed/simple; bh=pEWgFwOQznNFKVshRvEHWvxwcgrts8UsI08I+TG001I=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=fMPZvRUzA7ec5CYs6x2meP2vMZQoA8ZfkeRYxWMWIbktZFfLdm+BFMRLY0ir8wUekQNhd151eY4hjHp4kjQ4nujyZ3jwss4jjoQ5qZ+zJZNOeScx8+a6X3vtHEED0BA+jetR6pR4XBcJPs4BFF2+auGUZAuptq7I5zVA2OBnnzM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FUbRiHpT; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FUbRiHpT" Received: by smtp.kernel.org (Postfix) with ESMTPSA id F104CC116B1; Wed, 24 Apr 2024 03:09:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928152; bh=pEWgFwOQznNFKVshRvEHWvxwcgrts8UsI08I+TG001I=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=FUbRiHpTX/aJggTsEDwU2RILMbUD8xoRK7B0uzujEO2kirSLCVfLY5F9jpIMQokAE I0tHBvfVNtE2VQEGJ0ObqLrUO2RuB6PO6Snan5yL83158tNiGP3Fggy/OoadTGQuOL eJtXbmXKGPG9eD4N49rPvsfqGtAIz+TJKFxng1okcr0+Inf2U2LNvMBoZAQbSz8pqd /VaxBiS1ZMVUA1vOIm/hQEep5MXLpuIdPhG39e4YsvHAW7omxjQJnN366ieBcBAMQC OLHRjpQWw5Ag7HX98Mg4F/YvFnm9ELZPSoqddWf+5bqv7wfbbTTTkF3Eqij9XXuuWv n8YjGiq3+O0ag== Date: Tue, 23 Apr 2024 20:09:11 -0700 Subject: [PATCH 01/14] xfs: attr fork iext must be loaded before calling xfs_attr_is_leaf From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782589.1904599.6951240791853219510.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Christoph noticed that the xfs_attr_is_leaf in xfs_attr_get_ilocked can access the incore extent tree of the attr fork, but nothing in the xfs_attr_get path guarantees that the incore tree is actually loaded. Most of the time it is, but seeing as xfs_attr_is_leaf ignores the return value of xfs_iext_get_extent I guess we've been making choices based on random stack contents and nobody's complained? Reported-by: Christoph Hellwig Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/libxfs/xfs_attr.c | 17 +++++++++++++++++ fs/xfs/xfs_attr_item.c | 42 ++++++++++++++++++++++++++++++++++++------ fs/xfs/xfs_attr_list.c | 7 +++++++ 3 files changed, 60 insertions(+), 6 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index f8f7445b063c..54edc690ac1e 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -87,6 +87,8 @@ xfs_attr_is_leaf( struct xfs_iext_cursor icur; struct xfs_bmbt_irec imap; + ASSERT(!xfs_need_iread_extents(ifp)); + if (ifp->if_nextents != 1 || ifp->if_format != XFS_DINODE_FMT_EXTENTS) return false; @@ -224,11 +226,21 @@ int xfs_attr_get_ilocked( struct xfs_da_args *args) { + int error; + xfs_assert_ilocked(args->dp, XFS_ILOCK_SHARED | XFS_ILOCK_EXCL); if (!xfs_inode_hasattr(args->dp)) return -ENOATTR; + /* + * The incore attr fork iext tree must be loaded for xfs_attr_is_leaf + * to work correctly. + */ + error = xfs_iread_extents(args->trans, args->dp, XFS_ATTR_FORK); + if (error) + return error; + if (args->dp->i_af.if_format == XFS_DINODE_FMT_LOCAL) return xfs_attr_shortform_getvalue(args); if (xfs_attr_is_leaf(args->dp)) @@ -870,6 +882,11 @@ xfs_attr_lookup( return -ENOATTR; } + /* Prerequisite for xfs_attr_is_leaf */ + error = xfs_iread_extents(args->trans, args->dp, XFS_ATTR_FORK); + if (error) + return error; + if (xfs_attr_is_leaf(dp)) { error = xfs_attr_leaf_hasname(args, &bp); diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index d46034705694..541455731618 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -498,6 +498,25 @@ xfs_attri_validate( return xfs_verify_ino(mp, attrp->alfi_ino); } +static int +xfs_attri_iread_extents( + struct xfs_inode *ip) +{ + struct xfs_trans *tp; + int error; + + error = xfs_trans_alloc_empty(ip->i_mount, &tp); + if (error) + return error; + + xfs_ilock(ip, XFS_ILOCK_EXCL); + error = xfs_iread_extents(tp, ip, XFS_ATTR_FORK); + xfs_iunlock(ip, XFS_ILOCK_EXCL); + xfs_trans_cancel(tp); + + return error; +} + static inline struct xfs_attr_intent * xfs_attri_recover_work( struct xfs_mount *mp, @@ -508,13 +527,22 @@ xfs_attri_recover_work( { struct xfs_attr_intent *attr; struct xfs_da_args *args; + struct xfs_inode *ip; int local; int error; - error = xlog_recover_iget(mp, attrp->alfi_ino, ipp); + error = xlog_recover_iget(mp, attrp->alfi_ino, &ip); if (error) return ERR_PTR(error); + if (xfs_inode_has_attr_fork(ip)) { + error = xfs_attri_iread_extents(ip); + if (error) { + xfs_irele(ip); + return ERR_PTR(error); + } + } + attr = kzalloc(sizeof(struct xfs_attr_intent) + sizeof(struct xfs_da_args), GFP_KERNEL | __GFP_NOFAIL); args = (struct xfs_da_args *)(attr + 1); @@ -531,7 +559,7 @@ xfs_attri_recover_work( attr->xattri_nameval = xfs_attri_log_nameval_get(nv); ASSERT(attr->xattri_nameval); - args->dp = *ipp; + args->dp = ip; args->geo = mp->m_attr_geo; args->whichfork = XFS_ATTR_FORK; args->name = nv->name.i_addr; @@ -561,6 +589,7 @@ xfs_attri_recover_work( } xfs_defer_add_item(dfp, &attr->xattri_list); + *ipp = ip; return attr; } @@ -615,16 +644,17 @@ xfs_attr_recover_work( XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, &attrip->attri_format, sizeof(attrip->attri_format)); - if (error) { - xfs_trans_cancel(tp); - goto out_unlock; - } + if (error) + goto out_cancel; error = xfs_defer_ops_capture_and_commit(tp, capture_list); out_unlock: xfs_iunlock(ip, XFS_ILOCK_EXCL); xfs_irele(ip); return error; +out_cancel: + xfs_trans_cancel(tp); + goto out_unlock; } /* Re-log an intent item to push the log tail forward. */ diff --git a/fs/xfs/xfs_attr_list.c b/fs/xfs/xfs_attr_list.c index 6a621f016f04..97c8f3dcfb89 100644 --- a/fs/xfs/xfs_attr_list.c +++ b/fs/xfs/xfs_attr_list.c @@ -544,6 +544,7 @@ xfs_attr_list_ilocked( struct xfs_attr_list_context *context) { struct xfs_inode *dp = context->dp; + int error; xfs_assert_ilocked(dp, XFS_ILOCK_SHARED | XFS_ILOCK_EXCL); @@ -554,6 +555,12 @@ xfs_attr_list_ilocked( return 0; if (dp->i_af.if_format == XFS_DINODE_FMT_LOCAL) return xfs_attr_shortform_list(context); + + /* Prerequisite for xfs_attr_is_leaf */ + error = xfs_iread_extents(NULL, dp, XFS_ATTR_FORK); + if (error) + return error; + if (xfs_attr_is_leaf(dp)) return xfs_attr_leaf_list(context); return xfs_attr_node_list(context); From patchwork Wed Apr 24 03:09:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641027 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA5C7BE4D for ; Wed, 24 Apr 2024 03:09:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928167; cv=none; b=ksFGVFdq/RR9IKOs7VnTFR11uCc6PTtAj9+Rn+x6CksRAS2b0XKuHMY+BK6wQGciIukOyNNU2yiXe93x/fQNKzRw2yBhdP8Rv6R8NP25mo798AqABAwrV0Xori9TsVE7iaE65q4MgJzajBKblHEkO/0cLXwSARJqQsliJ06+2eY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928167; c=relaxed/simple; bh=vWN/ijRkLcPRrO7VQ1ryD+3nkebvQZh7L6xqrl82czQ=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=CqBGNRQ4Bv6p/s4kP0imDl+PiDmsgr0Hu9KkT0BW5nIV06SEpUo/1ovGl9QIMGBx992fNQVweUhvjZIaboxmHk992PU1U0DkWVy0n5zbOIFeEUxwFfUFF93rx0gd2MtzSH2tKIrwY+4Ppscx4H7hzeUj5uLisfr8+EIEpQj1DDA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=AW3x7P++; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="AW3x7P++" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9D0AFC116B1; Wed, 24 Apr 2024 03:09:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928167; bh=vWN/ijRkLcPRrO7VQ1ryD+3nkebvQZh7L6xqrl82czQ=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=AW3x7P++wAPMpX2MHgHinKXb5q8sWCquJ5sy4uCJZP4iRRWmanVfwL0tLn18e2dhr qUHjn1UBRiD5w63/99hhKUJZzOMFPV0PgL4X2CUo6znscVAmNH4regiNvSV/ppyf6n l4xpPtv+/1DikXT0HqY3GFc8tQMCycQvruMNOnrdoS9DguWLtXoX467ZVwzMXQbJTl trvhTvY4INQxwJEtl6DLymIkzrIiypGgRqiAb9XFKVjpzw6wjCxNjmmoVPST2tA4xc 4Gy2l5BOCidXlJTO62qOLgbe+MWGYHsWOgWKrauS/xubm/d1RwCeKc4m+ZZjzH1kbb Gk8UTNWn3/fqA== Date: Tue, 23 Apr 2024 20:09:27 -0700 Subject: [PATCH 02/14] xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782607.1904599.6411799293904787575.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong The XFS_SB_FEAT_INCOMPAT_LOG_XATTRS feature bit protects a filesystem from old kernels that do not know how to recover extended attribute log intent items. Make this check mandatory instead of a debugging assert. Fixes: fd920008784ea ("xfs: Set up infrastructure for log attribute replay") Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 541455731618..dfe7039dac98 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -469,6 +469,9 @@ xfs_attri_validate( unsigned int op = attrp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; + if (!xfs_sb_version_haslogxattrs(&mp->m_sb)) + return false; + if (attrp->__pad != 0) return false; @@ -570,8 +573,6 @@ xfs_attri_recover_work( XFS_DA_OP_LOGGED; args->owner = args->dp->i_ino; - ASSERT(xfs_sb_version_haslogxattrs(&mp->m_sb)); - switch (attr->xattri_op_flags) { case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: From patchwork Wed Apr 24 03:09:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641028 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 75822BE4D for ; Wed, 24 Apr 2024 03:09:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928183; cv=none; b=JYZRg44Ku54gLJ1hw9bIkIvB1yvOq5eeifQYYINqpf/2aeCGMrplkFT32qgom1iNZrsOrbbdztk/QXhOgEAHQMJARNWLnZ+GXmgKDglZoHN2dGK7+dyGMf/GYuTvNsgOCHOO/TPDC7DzxxbS4FDlKKmZaFIgi3z4Saes1le/ADY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928183; c=relaxed/simple; bh=yCSw1XKoz4YampMrk/L/blUWodrLnoK+22p9hXpSIjw=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gB5C5o5kT3YVs9AjgUSnoUSi0uumljHgzDVv12gVebwB8CH+QXFjDC1tWw/ChpHQUKuS19vXuqagfVbDjk8jUxFFXiKQwt9qr2t5Gq9QFu6xQ7y3DWJbCNfkjIK50rgRARNOl+bCfb8BkSI065uTF0nBACdZSBxidZPzkpyrufI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=TAJe7wbx; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="TAJe7wbx" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4BA7CC116B1; Wed, 24 Apr 2024 03:09:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928183; bh=yCSw1XKoz4YampMrk/L/blUWodrLnoK+22p9hXpSIjw=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=TAJe7wbxMgtTv7RwMZs2j3stWOjYE0XQ1LghOkmcuNpqmQ8iw7q6YbWiTBmU41VX0 zAebkdUBnmCOz9ONu6Xm2d2xbodSSIGBZ6+jm0VcI/uJWsyEHi+Mcy00Agw/hCSzbd ihXhmFbl5i4YeEWPGztwCfJJ+aA2WOxo3hnA2EONUyl6XE5O95KBmVmNerb3x51e/k TFFuOyCukSK9XaAQ9+xysWVHKPCDslEnurGHaE6xv8Ca62tu/vMp0RNmsANVcmhUAi NAFoVob7Cpx85j+VBQ1arEntFMwq2GT7kJyDhUJI5l0yjne0TXYK4PhWdDj6FhZdM7 f9LwcobR0t0tA== Date: Tue, 23 Apr 2024 20:09:42 -0700 Subject: [PATCH 03/14] xfs: use an XFS_OPSTATE_ flag for detecting if logged xattrs are available From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782623.1904599.14923341489093242321.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Per reviewer request, use an OPSTATE flag (+ helpers) to decide if logged xattrs are enabled, instead of querying the xfs_sb. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 2 +- fs/xfs/xfs_mount.c | 16 ++++++++++++++++ fs/xfs/xfs_mount.h | 6 +++++- fs/xfs/xfs_xattr.c | 3 ++- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index dfe7039dac98..e5e7ddbc594b 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -469,7 +469,7 @@ xfs_attri_validate( unsigned int op = attrp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; - if (!xfs_sb_version_haslogxattrs(&mp->m_sb)) + if (!xfs_is_using_logged_xattrs(mp)) return false; if (attrp->__pad != 0) diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c index b2e5653b5200..09eef1721ef4 100644 --- a/fs/xfs/xfs_mount.c +++ b/fs/xfs/xfs_mount.c @@ -231,6 +231,13 @@ xfs_readsb( mp->m_features |= xfs_sb_version_to_features(sbp); xfs_reinit_percpu_counters(mp); + /* + * If logged xattrs are enabled after log recovery finishes, then set + * the opstate so that log recovery will work properly. + */ + if (xfs_sb_version_haslogxattrs(&mp->m_sb)) + xfs_set_using_logged_xattrs(mp); + /* no need to be quiet anymore, so reset the buf ops */ bp->b_ops = &xfs_sb_buf_ops; @@ -829,6 +836,15 @@ xfs_mountfs( goto out_inodegc_shrinker; } + /* + * If logged xattrs are still enabled after log recovery finishes, then + * they'll be available until unmount. Otherwise, turn them off. + */ + if (xfs_sb_version_haslogxattrs(&mp->m_sb)) + xfs_set_using_logged_xattrs(mp); + else + xfs_clear_using_logged_xattrs(mp); + /* Enable background inode inactivation workers. */ xfs_inodegc_start(mp); xfs_blockgc_start(mp); diff --git a/fs/xfs/xfs_mount.h b/fs/xfs/xfs_mount.h index ca6f105990a2..d0567dfbc036 100644 --- a/fs/xfs/xfs_mount.h +++ b/fs/xfs/xfs_mount.h @@ -444,6 +444,8 @@ __XFS_HAS_FEAT(nouuid, NOUUID) #define XFS_OPSTATE_QUOTACHECK_RUNNING 10 /* Do we want to clear log incompat flags? */ #define XFS_OPSTATE_UNSET_LOG_INCOMPAT 11 +/* Filesystem can use logged extended attributes */ +#define XFS_OPSTATE_USE_LARP 12 #define __XFS_IS_OPSTATE(name, NAME) \ static inline bool xfs_is_ ## name (struct xfs_mount *mp) \ @@ -472,6 +474,7 @@ __XFS_IS_OPSTATE(quotacheck_running, QUOTACHECK_RUNNING) # define xfs_is_quotacheck_running(mp) (false) #endif __XFS_IS_OPSTATE(done_with_log_incompat, UNSET_LOG_INCOMPAT) +__XFS_IS_OPSTATE(using_logged_xattrs, USE_LARP) static inline bool xfs_should_warn(struct xfs_mount *mp, long nr) @@ -491,7 +494,8 @@ xfs_should_warn(struct xfs_mount *mp, long nr) { (1UL << XFS_OPSTATE_WARNED_SHRINK), "wshrink" }, \ { (1UL << XFS_OPSTATE_WARNED_LARP), "wlarp" }, \ { (1UL << XFS_OPSTATE_QUOTACHECK_RUNNING), "quotacheck" }, \ - { (1UL << XFS_OPSTATE_UNSET_LOG_INCOMPAT), "unset_log_incompat" } + { (1UL << XFS_OPSTATE_UNSET_LOG_INCOMPAT), "unset_log_incompat" }, \ + { (1UL << XFS_OPSTATE_USE_LARP), "logged_xattrs" } /* * Max and min values for mount-option defined I/O diff --git a/fs/xfs/xfs_xattr.c b/fs/xfs/xfs_xattr.c index 0cbb93cf2869..ba56a9e73144 100644 --- a/fs/xfs/xfs_xattr.c +++ b/fs/xfs/xfs_xattr.c @@ -31,7 +31,7 @@ xfs_attr_grab_log_assist( int error = 0; /* xattr update log intent items are already enabled */ - if (xfs_sb_version_haslogxattrs(&mp->m_sb)) + if (xfs_is_using_logged_xattrs(mp)) return 0; /* @@ -48,6 +48,7 @@ xfs_attr_grab_log_assist( XFS_SB_FEAT_INCOMPAT_LOG_XATTRS); if (error) return error; + xfs_set_using_logged_xattrs(mp); xfs_warn_mount(mp, XFS_OPSTATE_WARNED_LARP, "EXPERIMENTAL logged extended attributes feature in use. Use at your own risk!"); From patchwork Wed Apr 24 03:09:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641029 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 123F4BE4D for ; Wed, 24 Apr 2024 03:09:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928199; cv=none; b=GFpHORwwgUvAAzNtKsfbuhqtoSk2EuND9UtVXq5ARD9j0djwb6kBKzz6ea/w0zo25VVOfJF2lEdnm/fN7Gv+X98556zV8lbQC8gX8jNBetlbzCvPZwMEICl7IqNuiHk5NhjgboTqu3NIYtT4WzFkoFPyLIy+sNLVk3KmokW5hm4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928199; c=relaxed/simple; bh=HEyCRW7J3P9E8BOO6r8u/bcnKFnS04bARQTL/ZI0VYQ=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=EoEX8lusbm7ci5GOJQ0TNQxvlpFGg4keQ0QhjKJUXoIjM/bjYRctNr/9fOfGS94gNgaUoyNsUKyC11es7Fnh2X6GUiK4VIZxS5X/avhbT/9+o4Z/yHWv2nAqBu8AjIkdOpxfjTgEJXFn7iZURPluwIQR2GLPJIrkixxUZuWvgT8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=PjL4IPKi; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="PjL4IPKi" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E306EC2BD10; Wed, 24 Apr 2024 03:09:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928198; bh=HEyCRW7J3P9E8BOO6r8u/bcnKFnS04bARQTL/ZI0VYQ=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=PjL4IPKi1kT+3YW4U6FJ1ERH4Nk3wZBfvZ/yaciNryH3Nq/vjXzlaMY4f8CgVGBSV 2edArSonhzeprDxHtId23XlbJKN4JROR4F27UFleKkldNAsXGxXMT9Ojsu4i0tPyBL 72Jkfxz2UoCIbYoGhzuywVK7EwYTOoEkOrn6CqEsZNTshgI0OQH0TElRNaKbBk6RxM DqWyFj9YUTCWmzUyiNDAlKqyiEnG0GJ8m0Jsfn8BqF9hXBFEw0XDb/cCsjfbGgvn1U ZFpdH8T6mN210Nq6o9Lj183Sb3KJ9/CEw2tJEbRY+ozKdI2Yv31HYwUf15Kb5eWvqg tPeDGC9xndOyw== Date: Tue, 23 Apr 2024 20:09:58 -0700 Subject: [PATCH 04/14] xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782640.1904599.15360184000286406971.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Check that the number of recovered log iovecs is what is expected for the xattri opcode is expecting. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index e5e7ddbc594b..d3559e6b24b7 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -737,6 +737,7 @@ xlog_recover_attri_commit_pass2( const void *attr_value = NULL; const void *attr_name; size_t len; + unsigned int op; attri_formatp = item->ri_buf[0].i_addr; attr_name = item->ri_buf[1].i_addr; @@ -755,6 +756,32 @@ xlog_recover_attri_commit_pass2( return -EFSCORRUPTED; } + /* Check the number of log iovecs makes sense for the op code. */ + op = attri_formatp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; + switch (op) { + case XFS_ATTRI_OP_FLAGS_SET: + case XFS_ATTRI_OP_FLAGS_REPLACE: + /* Log item, attr name, attr value */ + if (item->ri_total != 3) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + break; + case XFS_ATTRI_OP_FLAGS_REMOVE: + /* Log item, attr name */ + if (item->ri_total != 2) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + break; + default: + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + /* Validate the attr name */ if (item->ri_buf[1].i_len != xlog_calc_iovec_len(attri_formatp->alfi_name_len)) { From patchwork Wed Apr 24 03:10:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641030 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0A900BE4D for ; Wed, 24 Apr 2024 03:10:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928215; cv=none; b=AdBaBy9BzdJSJqoOmofSEQHgFxQwXe6aYpHnlE8aXyys89XjjIyLuwrYwiE6gSvl8/eM7MbDH8GOE7J1sBhRoHAumbiAbYigjfPb3bcFA3IkHDbd8bVGBlU1zS9DbTub1TD876ZLrAr30lOToh5RFAnoIRWp01PxdY/IrP7GcE0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928215; c=relaxed/simple; bh=P7chQrSVH0LzzkX2fhH0RmSCmEBQT3DBFCsSrckCNCg=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=KpF9lDToekZurZhZNzc3ZxwdYq5xXCMZRVdOtuSSImJFxn6Oi7B8SrCHyp38ZZPwgwFZZysHDELhSggFMn+jeoLsKaw/zVHbw2ZTC3/a66Ry1o6o3qroxuWL1w/M8Ju86VByjoNRY5mb5hL1ye7r7hSP/TJo3Lj0QY9m4DbFxpc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=UolWrwJq; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="UolWrwJq" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 81AC6C116B1; Wed, 24 Apr 2024 03:10:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928214; bh=P7chQrSVH0LzzkX2fhH0RmSCmEBQT3DBFCsSrckCNCg=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=UolWrwJqGtc6wFiw7XXvDGUXC8ZT8RRm5AUYGRvEeJx8rCi7S3ABi8YJXpAtTKqx6 n4fd+vsdPZmFIYgVz3FQD1HUJBULQvjhIA3WxqCQfiN6eBfVqs47MWJ49mQ2SuBf01 0qFWnX0Vrf1CnPhAZkskFHn1fwuLsnQw7WeKjq5Hofu2qFf4lVUB+EMKhUrqFX2FO1 1eRtu8fdJhIXpe7SGIIcdC0X3lHAa5RpHMd5eeqK7uXwCyEHxvNrGvxrWxMPhxG3Jq ZrSxAtSp17UBgYX1VkiP8CsVkM5mEspe8H2MK4IOOJvRePwQR3f+VjE+ont1HlrQ8j PYX8cJE/A/6eg== Date: Tue, 23 Apr 2024 20:10:14 -0700 Subject: [PATCH 05/14] xfs: fix missing check for invalid attr flags From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782657.1904599.12358922838678709826.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong The xattr scrubber doesn't check for undefined flags in shortform attr entries. Therefore, define a mask XFS_ATTR_ONDISK_MASK that has all possible XFS_ATTR_* flags in it, and use that to check for unknown bits in xchk_xattr_actor. Refactor the check in the dabtree scanner function to use the new mask as well. The redundant checks need to be in place because the dabtree check examines the hash mappings and therefore needs to decode the attr leaf entries to compute the namehash. This happens before the walk of the xattr entries themselves. Fixes: ae0506eba78fd ("xfs: check used space of shortform xattr structures") Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/libxfs/xfs_da_format.h | 5 +++++ fs/xfs/scrub/attr.c | 13 +++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_da_format.h b/fs/xfs/libxfs/xfs_da_format.h index aac3fe039614..ecd0616f5776 100644 --- a/fs/xfs/libxfs/xfs_da_format.h +++ b/fs/xfs/libxfs/xfs_da_format.h @@ -719,8 +719,13 @@ struct xfs_attr3_leafblock { #define XFS_ATTR_ROOT (1u << XFS_ATTR_ROOT_BIT) #define XFS_ATTR_SECURE (1u << XFS_ATTR_SECURE_BIT) #define XFS_ATTR_INCOMPLETE (1u << XFS_ATTR_INCOMPLETE_BIT) + #define XFS_ATTR_NSP_ONDISK_MASK (XFS_ATTR_ROOT | XFS_ATTR_SECURE) +#define XFS_ATTR_ONDISK_MASK (XFS_ATTR_NSP_ONDISK_MASK | \ + XFS_ATTR_LOCAL | \ + XFS_ATTR_INCOMPLETE) + #define XFS_ATTR_NAMESPACE_STR \ { XFS_ATTR_LOCAL, "local" }, \ { XFS_ATTR_ROOT, "root" }, \ diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index 5b855d7c9821..5ca79af47e81 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -192,6 +192,11 @@ xchk_xattr_actor( if (xchk_should_terminate(sc, &error)) return error; + if (attr_flags & ~XFS_ATTR_ONDISK_MASK) { + xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, args.blkno); + return -ECANCELED; + } + if (attr_flags & XFS_ATTR_INCOMPLETE) { /* Incomplete attr key, just mark the inode for preening. */ xchk_ino_set_preen(sc, ip->i_ino); @@ -481,7 +486,6 @@ xchk_xattr_rec( xfs_dahash_t hash; int nameidx; int hdrsize; - unsigned int badflags; int error; ASSERT(blk->magic == XFS_ATTR_LEAF_MAGIC); @@ -511,10 +515,11 @@ xchk_xattr_rec( /* Retrieve the entry and check it. */ hash = be32_to_cpu(ent->hashval); - badflags = ~(XFS_ATTR_LOCAL | XFS_ATTR_ROOT | XFS_ATTR_SECURE | - XFS_ATTR_INCOMPLETE); - if ((ent->flags & badflags) != 0) + if (ent->flags & ~XFS_ATTR_ONDISK_MASK) { xchk_da_set_corrupt(ds, level); + return 0; + } + if (ent->flags & XFS_ATTR_LOCAL) { lentry = (struct xfs_attr_leaf_name_local *) (((char *)bp->b_addr) + nameidx); From patchwork Wed Apr 24 03:10:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641031 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8FD5E339A1 for ; Wed, 24 Apr 2024 03:10:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928230; cv=none; b=L4H5fUV51y0zJYH7EIjkI1SSnOEjZj3/exkFOjzw3k+1r15mjz+BF159Ho0ZI8awHUAhCTiM6t20RjAHqykGQAte1l0HoME2TH7cIJRoAH+94adUzVqhgGLAHYH4mhgZaG8nIdiAlB/0w/UYFU+SbAzsECC77IDEFW8f0vh4SJw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928230; c=relaxed/simple; bh=D77+ipp5kDfxhmQUHAv6umpm6b5r6ZykV04sO2IRzbE=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=so7S/ItdUkFzyPqxuMzJqSBgIW8YYVhiqfw1vOUuD7Lv69AOvTkPRwWfl4RKxUYCSY6S1TE5vxz7cLpJN7hs9JJcWwxwyTC3iRoV/IYHLlutCNq3NZuk01jFV5QHfOc7nNoBHBHMzitRx8GBefxYgzMqYcohW4C2qNZlbLpG5xY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Ps6jv1mS; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Ps6jv1mS" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 28006C116B1; Wed, 24 Apr 2024 03:10:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928230; bh=D77+ipp5kDfxhmQUHAv6umpm6b5r6ZykV04sO2IRzbE=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=Ps6jv1mSECoX3dMEKuod0txqsaTTjch8VAaEpiI1pRLd9zqJmZ10r+5bSLo9WoXzz /sBGWpcnicwm53eQZp9bHPylH3BnnjWw/KET5z1hTz+pF/Czh980VX2ew2gaVmVy56 Xf7ojpSgykBO0IxpAOufe6Pe3rPYQWccLI3cJd4lwxIMJXtn8mIVR/AwFKexwWh97+ 4Utpet5BDsFG3OalzGIezUwKasyctjv/EpMEEhGlrZ0K92+t0Z4ZDlvZ+EjSdQIiJs 2oPfVR7mVAgABFwMWv65mLxPBeF/CPe4B9JRvI0Cpc2TltD8TAm4rYghPLSO3oteC1 a8teFafQb1Cfw== Date: Tue, 23 Apr 2024 20:10:29 -0700 Subject: [PATCH 06/14] xfs: check shortform attr entry flags specifically From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782674.1904599.2878438845396319181.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong While reviewing flag checking in the attr scrub functions, we noticed that the shortform attr scanner didn't catch entries that have the LOCAL or INCOMPLETE bits set. Neither of these flags can ever be set on a shortform attr, so we need to check this narrower set of valid flags. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/scrub/attr.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index 5ca79af47e81..fd22d652a63a 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -579,6 +579,15 @@ xchk_xattr_check_sf( break; } + /* + * Shortform entries do not set LOCAL or INCOMPLETE, so the + * only valid flag bits here are for namespaces. + */ + if (sfe->flags & ~XFS_ATTR_NSP_ONDISK_MASK) { + xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, 0); + break; + } + if (!xchk_xattr_set_map(sc, ab->usedmap, (char *)sfe - (char *)sf, sizeof(struct xfs_attr_sf_entry))) { From patchwork Wed Apr 24 03:10:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641037 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E6FA339A1 for ; Wed, 24 Apr 2024 03:10:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928246; cv=none; b=DKhYLXwGIv+Ws3SwRB+y8ehH9WQ97IXvGX6LLGDcpEx/heSLNa6ca34Wu2gNLSe+LWnXKB0tHCphdOdnoGDeSSd90bCMrdU0PfzlDQK2xjGpSVzwzXNjt6NQqbfeEsASbj0Shqs5KKd6ySE5BH8E6eL2E+mPslbfktfG7okMDqw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928246; c=relaxed/simple; bh=xydwm07Me73I1YhH3FKOGP2l2kC/x2dpMO9jHZjygac=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=n38OuNwMleU4BbCwyc1pmTfmje+oDwQsim6z3BLK272Saatu2/ZlRl5ULgmQSNyUtpheCPQYj3WWNHGHuyQ5NlVEssGut4geopD0lNi8nOHfevXBNLw+A53vIea1tbrIevp+yznQ4lCEeQq26abiet0NHQma/VZwiCmV8e4iQbw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rdlz3cKn; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rdlz3cKn" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B663DC116B1; Wed, 24 Apr 2024 03:10:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928245; bh=xydwm07Me73I1YhH3FKOGP2l2kC/x2dpMO9jHZjygac=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=rdlz3cKnzRtY4igVgo5h2DNNU3OzwaOYGuNZK5BQVDztVU6NKQtY/pagURqB6dViO 2KX9VIiuYFJYy+OF1qUxsOgdr6pg4AijWiVneksDgs3QWqpl4I/yDuOrtdyc/4CfX2 nFRSCr+8o1B9QrldvYOLsuD1HqSgBxCxVqGhwIetvuUMOW1f6p5VSK0TvVXEpJj+8p cKaaL98CAWmd/hwQ48L8OLGA/RA3otZf+QvrLpAlNheBGKHDv0MOyAFGBozCAsivgi 9kMOQzTKopMhiQIz8BOd0faQW27efzvC0vlRhazo7qeC+8TLV5IjUYcUHDqUbYbVDY s8c9qTYFHuFCg== Date: Tue, 23 Apr 2024 20:10:45 -0700 Subject: [PATCH 07/14] xfs: restructure xfs_attr_complete_op a bit From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782691.1904599.8730318255511116177.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Eliminate the local variable from this function so that we can streamline things a bit later when we add the PPTR_REPLACE op code. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/libxfs/xfs_attr.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index 54edc690ac1e..ba59dab6c56d 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -432,14 +432,13 @@ xfs_attr_complete_op( enum xfs_delattr_state replace_state) { struct xfs_da_args *args = attr->xattri_da_args; - bool do_replace = args->op_flags & XFS_DA_OP_REPLACE; + + if (!(args->op_flags & XFS_DA_OP_REPLACE)) + replace_state = XFS_DAS_DONE; args->op_flags &= ~XFS_DA_OP_REPLACE; args->attr_filter &= ~XFS_ATTR_INCOMPLETE; - if (do_replace) - return replace_state; - - return XFS_DAS_DONE; + return replace_state; } static int From patchwork Wed Apr 24 03:11:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641038 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7E474339A1 for ; Wed, 24 Apr 2024 03:11:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928261; cv=none; b=WHDRRMjJ18F8PvJD0oiz+TmEGMDd7pGkAHuHCMiHXhAVo0QbxDqjElKT9az2QBIOA9xX0qL2O14OxEJlgVSJlOOnL88UBw1wV6cdtLBe5xE9cTmDw5W03AUJu2o6ploKh/TDgbtEnvni0iUSL9XwLW6BGBbW3AyKLX9cOl4RyVM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928261; c=relaxed/simple; bh=7DR4/lZrYd5SRuD1KQzBjImYkvUT2tlUeO/boeuzSf8=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Gbo1bTrTCDLXYsGNgqDSAXR4mtPcNGj5RwLpJ39E/O/Yqczed1m79QimGdcjuXZlXWrH0eBh+lzJnEerRE5AmjOU/iz44l07U6/T0KHTm/pTf/K1DxaMKaKcRz11M2knFielXoQOis6buNR2mTkT0LU+ckNdn9D1qwfhcAUtgLs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=slfiisZ8; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="slfiisZ8" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 57BA7C116B1; Wed, 24 Apr 2024 03:11:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928261; bh=7DR4/lZrYd5SRuD1KQzBjImYkvUT2tlUeO/boeuzSf8=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=slfiisZ8Q7fYEzr6gk1wpn5gsvJacFqG2S1fInWnrWlXVTzhoYgpZVvYtNM6Ti4rR EoHLyF8qOEs+zTBpjMWIysowcWVHDreLv33GvHmFUBsNnbkmrIks12/XWFt5UlbGsi dCOTw2ZUFnI6hJ7W9rRx/2bx4tMLGn7nDBaSKkGQRLIghoMxqI69b9GXSlEGgkWf4d rhWqwCreFffdFjM++PKQrJKn1dPz+IZBhJyXKOas9bjhZVg6zV2tdkwScQQY4pweM6 zenzJvPAoZYhY/DPR+oUh/E+ROR0+ryfPMCJFtOjVJy9jBsOkRAwvI3R59n4e4sjB7 T/qYR0RhbQALw== Date: Tue, 23 Apr 2024 20:11:00 -0700 Subject: [PATCH 08/14] xfs: use helpers to extract xattr op from opflags From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782708.1904599.6393068733927151899.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Create helper functions to extract the xattr op from the ondisk xattri log item and the incore attr intent item. These will get more use in the patches that follow. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/libxfs/xfs_attr.h | 5 +++++ fs/xfs/xfs_attr_item.c | 16 ++++++++++------ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.h b/fs/xfs/libxfs/xfs_attr.h index c8005f52102a..79b457adb7bd 100644 --- a/fs/xfs/libxfs/xfs_attr.h +++ b/fs/xfs/libxfs/xfs_attr.h @@ -529,6 +529,11 @@ struct xfs_attr_intent { struct xfs_bmbt_irec xattri_map; }; +static inline unsigned int +xfs_attr_intent_op(const struct xfs_attr_intent *attr) +{ + return attr->xattri_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; +} /*======================================================================== * Function prototypes for the kernel. diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index d3559e6b24b7..b4c2dcb4581b 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -308,6 +308,12 @@ xfs_attrd_item_intent( return &ATTRD_ITEM(lip)->attrd_attrip->attri_item; } +static inline unsigned int +xfs_attr_log_item_op(const struct xfs_attri_log_format *attrp) +{ + return attrp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; +} + /* Log an attr to the intent item. */ STATIC void xfs_attr_log_item( @@ -466,8 +472,7 @@ xfs_attri_validate( struct xfs_mount *mp, struct xfs_attri_log_format *attrp) { - unsigned int op = attrp->alfi_op_flags & - XFS_ATTRI_OP_FLAGS_TYPE_MASK; + unsigned int op = xfs_attr_log_item_op(attrp); if (!xfs_is_using_logged_xattrs(mp)) return false; @@ -551,8 +556,7 @@ xfs_attri_recover_work( args = (struct xfs_da_args *)(attr + 1); attr->xattri_da_args = args; - attr->xattri_op_flags = attrp->alfi_op_flags & - XFS_ATTRI_OP_FLAGS_TYPE_MASK; + attr->xattri_op_flags = xfs_attr_log_item_op(attrp); /* * We're reconstructing the deferred work state structure from the @@ -573,7 +577,7 @@ xfs_attri_recover_work( XFS_DA_OP_LOGGED; args->owner = args->dp->i_ino; - switch (attr->xattri_op_flags) { + switch (xfs_attr_intent_op(attr)) { case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: args->value = nv->value.i_addr; @@ -757,7 +761,7 @@ xlog_recover_attri_commit_pass2( } /* Check the number of log iovecs makes sense for the op code. */ - op = attri_formatp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK; + op = xfs_attr_log_item_op(attri_formatp); switch (op) { case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: From patchwork Wed Apr 24 03:11:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641039 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3420E339A1 for ; Wed, 24 Apr 2024 03:11:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928277; cv=none; b=G7dhIx53MMjlpRUAM/0u5FOe6kB37ThGhgSJbfb+zZ+uh0H7btWn+D1Xkrut1TsY1WXw7QPA3OZNVmlA+Wt0q/p2R5z7r8bDR5jaZK5zjFHxIMz11DHN5fUiuH7P46RG9utQRFCDMq+8AP+V+gvH/TtSZ0m8CFboJDa0j8qOoTU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928277; c=relaxed/simple; bh=ApYjPvHOcplrufj1sb+Slh0meYpfLnBnjHkxTB0zy2s=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=j2fMfcpS6m4YD9V2oBbwncUjTThKhOf+aqBNmOPvqPIdVRnaRi2xFSJWKKJbKjDtC+derCCP10W64JUyURlOan86wE+hQ5TpjfDBTB08++8464HS5dIWM3bLyo/Oqg+Ao+HQ4h3rg9W4xt3I/Q19C0nCeYKK5OjZzVarEipjAwo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=e+6YCjM4; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="e+6YCjM4" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1006FC116B1; Wed, 24 Apr 2024 03:11:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928277; bh=ApYjPvHOcplrufj1sb+Slh0meYpfLnBnjHkxTB0zy2s=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=e+6YCjM4K6gkFU0whrHmoq6FN4+exNPqXV1lWeGRcMTgLW83f9a7qeRHI4nL2L4Wf 8noyEoCxjO2Jtxj7CIQYKIeoa28Xjc1ZwuQuPQwodO0BzGygeH7N2wqMBy7em63KIP xNiIK/uApgvdJBEOML+3u53C7OAowvh35KXn6QPVwSONsYocpDSYqK0tWArZD6XvBb C+Q+nHEKQmYyp0jPZ23GhgH1wefYAWpN6+3OtofV3PR9Q9cKvllQxmaqzKYSQowPVZ HiDPIdjlH0GWjK8cs2E9+BwvECCQR7vfxNhkJ+hPWSgTlxukaFIOB+Ycjb5SCV7PJ3 xeFGql+Miuw6w== Date: Tue, 23 Apr 2024 20:11:16 -0700 Subject: [PATCH 09/14] xfs: validate recovered name buffers when recovering xattr items From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782725.1904599.5660142370086907204.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Strengthen the xattri log item recovery code by checking that we actually have the required name and newname buffers for whatever operation we're replaying. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 58 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 47 insertions(+), 11 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index b4c2dcb4581b..ebd6e98d9c66 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -741,22 +741,20 @@ xlog_recover_attri_commit_pass2( const void *attr_value = NULL; const void *attr_name; size_t len; - unsigned int op; - - attri_formatp = item->ri_buf[0].i_addr; - attr_name = item->ri_buf[1].i_addr; + unsigned int op, i = 0; /* Validate xfs_attri_log_format before the large memory allocation */ len = sizeof(struct xfs_attri_log_format); - if (item->ri_buf[0].i_len != len) { + if (item->ri_buf[i].i_len != len) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, item->ri_buf[0].i_addr, item->ri_buf[0].i_len); return -EFSCORRUPTED; } + attri_formatp = item->ri_buf[i].i_addr; if (!xfs_attri_validate(mp, attri_formatp)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - item->ri_buf[0].i_addr, item->ri_buf[0].i_len); + attri_formatp, len); return -EFSCORRUPTED; } @@ -785,31 +783,69 @@ xlog_recover_attri_commit_pass2( attri_formatp, len); return -EFSCORRUPTED; } + i++; /* Validate the attr name */ - if (item->ri_buf[1].i_len != + if (item->ri_buf[i].i_len != xlog_calc_iovec_len(attri_formatp->alfi_name_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - item->ri_buf[0].i_addr, item->ri_buf[0].i_len); + attri_formatp, len); return -EFSCORRUPTED; } + attr_name = item->ri_buf[i].i_addr; if (!xfs_attr_namecheck(attr_name, attri_formatp->alfi_name_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - item->ri_buf[1].i_addr, item->ri_buf[1].i_len); + attri_formatp, len); return -EFSCORRUPTED; } + i++; /* Validate the attr value, if present */ if (attri_formatp->alfi_value_len != 0) { - if (item->ri_buf[2].i_len != xlog_calc_iovec_len(attri_formatp->alfi_value_len)) { + if (item->ri_buf[i].i_len != xlog_calc_iovec_len(attri_formatp->alfi_value_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, item->ri_buf[0].i_addr, item->ri_buf[0].i_len); return -EFSCORRUPTED; } - attr_value = item->ri_buf[2].i_addr; + attr_value = item->ri_buf[i].i_addr; + i++; + } + + /* + * Make sure we got the correct number of buffers for the operation + * that we just loaded. + */ + if (i != item->ri_total) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + + switch (op) { + case XFS_ATTRI_OP_FLAGS_REMOVE: + /* Regular remove operations operate only on names. */ + if (attr_value != NULL || attri_formatp->alfi_value_len != 0) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + fallthrough; + case XFS_ATTRI_OP_FLAGS_SET: + case XFS_ATTRI_OP_FLAGS_REPLACE: + /* + * Regular xattr set/remove/replace operations require a name + * and do not take a newname. Values are optional for set and + * replace. + */ + if (attr_name == NULL || attri_formatp->alfi_name_len == 0) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, len); + return -EFSCORRUPTED; + } + break; } /* From patchwork Wed Apr 24 03:11:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641040 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA024339A1 for ; Wed, 24 Apr 2024 03:11:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928292; cv=none; b=eJr0oLvj8va9PE6+o4IgYuZc7DU3KoEbigoTAYIlTEOvOXl5anAQ9kG6ldZsg/98J/GKg0186xKzmUqEN7b7pwcd35k7PI4RhYy/w4+NVCkmqiblwsHy+8pgZcbFawShYc+DTIv+cNcJa2B7+6K+fItKRD2omsvsIBJmfKIMB8U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928292; c=relaxed/simple; bh=c/sQlu1U0TmoQ83cm9fcD+DZn4J4RSYPUn0Sd17J+8E=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=DNf54G0C/YzsYO7b+Ff25tiSM/ti8GyLcXW+FmIOLATW5kuQEwDWHZMzq0Rcyk8mgzF9GnxQRmFTdJ3vK+523CeZtEJME+UxQwXgBEvdC5f/OAmXfLncTiyt1E5AqvRj1ztmxdrMg/INb8/faUH4+v7AbtK2gtoYdiUtNEgehWs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=YgvHbPk1; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="YgvHbPk1" Received: by smtp.kernel.org (Postfix) with ESMTPSA id AC8EFC3277B; Wed, 24 Apr 2024 03:11:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928292; bh=c/sQlu1U0TmoQ83cm9fcD+DZn4J4RSYPUn0Sd17J+8E=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=YgvHbPk1HDE+EO/eSdy2RmIh6xdo3VTwgJO4caUPqIrIKg7AjdRyJ3dVj8w/+pUZF L6gwNni7FMA0AmtdXddVWwDOVTnRdh8X5qKGnuX+z3bIaxX60g+1Py1dgdzLraKoBf 0a1qyrCd32NvCZ8j8rwnO7TKjrXSGfBjKL20R+BjIuANmhe3va7oSUI5cx7lslSwYL soi7lhE87LvqCPAgFlj3iQb694Nv8u6SwQD+tUZbkuSiTitDbdkPhrN6n4w/YCISyu tq02umZIvEaOXtox7xUCVKNii8cRgi7c/X/AHn8v4MbtBmSJSyPa6zaDm+stwz6Qin 2/afnpGti0PBg== Date: Tue, 23 Apr 2024 20:11:32 -0700 Subject: [PATCH 10/14] xfs: always set args->value in xfs_attri_item_recover From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782741.1904599.13209325759933716829.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Always set args->value to the recovered value buffer. This reduces the amount of code in the switch statement, and hence the amount of thinking that I have to do. We validated the recovered buffers, supposedly. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index ebd6e98d9c66..8a13e2840692 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -572,6 +572,8 @@ xfs_attri_recover_work( args->name = nv->name.i_addr; args->namelen = nv->name.i_len; args->hashval = xfs_da_hashname(args->name, args->namelen); + args->value = nv->value.i_addr; + args->valuelen = nv->value.i_len; args->attr_filter = attrp->alfi_attr_filter & XFS_ATTRI_FILTER_MASK; args->op_flags = XFS_DA_OP_RECOVERY | XFS_DA_OP_OKNOENT | XFS_DA_OP_LOGGED; @@ -580,8 +582,6 @@ xfs_attri_recover_work( switch (xfs_attr_intent_op(attr)) { case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: - args->value = nv->value.i_addr; - args->valuelen = nv->value.i_len; args->total = xfs_attr_calc_size(args, &local); if (xfs_inode_hasattr(args->dp)) attr->xattri_dela_state = xfs_attr_init_replace_state(args); From patchwork Wed Apr 24 03:11:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641041 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8BA0A85925 for ; Wed, 24 Apr 2024 03:11:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928308; cv=none; b=QqU3CFq8cpFKfmnFLkbe6BCEsZVdw047U3Trmwwo7c+3PFRoMt6xFxuGUqR/j27nxzpytE9I8/jxn1AxRppgbsUISG81ROqeEgJHcepmvZmlqVdZHAJOKUTsJsl3S2fmVG3ILwQOh3ujuiabH7deLD6lGjD3RHAIq3Vxpy8jo30= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928308; c=relaxed/simple; bh=hg81GAHKMLjk31tTyOQR7lFZlAWT0coYEdkkR8hryLI=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=bo85J7IIgHoYyzylgqgst1fTCcbiCDhAQxVbMeDJjhO+kJkOAA2tvVc1UHAFBcfgR/5lK0yu3HYJZ47GuNZZfXBk5Skho9beuZKgOI1uCatwQ8xr2Zfk7lK6ezmac68oBzcH4bWzpVk3BoCLuCh4u3x2TbUEdukZsYB5A/aaIms= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qb6YEhuP; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qb6YEhuP" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 62213C2BD10; Wed, 24 Apr 2024 03:11:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928308; bh=hg81GAHKMLjk31tTyOQR7lFZlAWT0coYEdkkR8hryLI=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=qb6YEhuPTTHm6GvpneB1ECbXYnSDvu8vFeez2+oH60LnNWlpCZrkYTglCI5B5UcFi CfQU83ez+S29JH/Kdnoeqj9AFBHNgMyM+rC6V8794LC+FZq+4V6+zYRqvV5YW0oIT9 2kvAexM2gSGiHBkL3AbUzUhV9isAw1NPQmtUyPU04t1mtvRnbmA6JXWeH4Aa1quLyr IigoUKwOgFlCTGlV/evXwHfrBAMOXWvDXiuGaBz9m/XJNpz/FP082JGKp/jpcyaSYP Vv7N/a7aGQgMIFl6ABacSiW8YYlaqJCKyQg14RP0b9MTOK2ndJ3Nf4bTScG/lHrM6c kgeBkQl4prJaA== Date: Tue, 23 Apr 2024 20:11:47 -0700 Subject: [PATCH 11/14] xfs: use local variables for name and value length in _attri_commit_pass2 From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782758.1904599.15252200321854261490.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong We're about to start using tagged unions in the xattr log format, so create a bunch of local variables in the recovery function so we only have to decode the log item fields once. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 8a13e2840692..59723e5f483e 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -738,9 +738,11 @@ xlog_recover_attri_commit_pass2( struct xfs_attri_log_item *attrip; struct xfs_attri_log_format *attri_formatp; struct xfs_attri_log_nameval *nv; - const void *attr_value = NULL; const void *attr_name; + const void *attr_value = NULL; size_t len; + unsigned int name_len = 0; + unsigned int value_len = 0; unsigned int op, i = 0; /* Validate xfs_attri_log_format before the large memory allocation */ @@ -769,6 +771,8 @@ xlog_recover_attri_commit_pass2( attri_formatp, len); return -EFSCORRUPTED; } + name_len = attri_formatp->alfi_name_len; + value_len = attri_formatp->alfi_value_len; break; case XFS_ATTRI_OP_FLAGS_REMOVE: /* Log item, attr name */ @@ -777,6 +781,7 @@ xlog_recover_attri_commit_pass2( attri_formatp, len); return -EFSCORRUPTED; } + name_len = attri_formatp->alfi_name_len; break; default: XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, @@ -786,15 +791,14 @@ xlog_recover_attri_commit_pass2( i++; /* Validate the attr name */ - if (item->ri_buf[i].i_len != - xlog_calc_iovec_len(attri_formatp->alfi_name_len)) { + if (item->ri_buf[i].i_len != xlog_calc_iovec_len(name_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, attri_formatp, len); return -EFSCORRUPTED; } attr_name = item->ri_buf[i].i_addr; - if (!xfs_attr_namecheck(attr_name, attri_formatp->alfi_name_len)) { + if (!xfs_attr_namecheck(attr_name, name_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, attri_formatp, len); return -EFSCORRUPTED; @@ -802,8 +806,8 @@ xlog_recover_attri_commit_pass2( i++; /* Validate the attr value, if present */ - if (attri_formatp->alfi_value_len != 0) { - if (item->ri_buf[i].i_len != xlog_calc_iovec_len(attri_formatp->alfi_value_len)) { + if (value_len != 0) { + if (item->ri_buf[i].i_len != xlog_calc_iovec_len(value_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, item->ri_buf[0].i_addr, item->ri_buf[0].i_len); @@ -827,7 +831,7 @@ xlog_recover_attri_commit_pass2( switch (op) { case XFS_ATTRI_OP_FLAGS_REMOVE: /* Regular remove operations operate only on names. */ - if (attr_value != NULL || attri_formatp->alfi_value_len != 0) { + if (attr_value != NULL || value_len != 0) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, attri_formatp, len); return -EFSCORRUPTED; @@ -840,7 +844,7 @@ xlog_recover_attri_commit_pass2( * and do not take a newname. Values are optional for set and * replace. */ - if (attr_name == NULL || attri_formatp->alfi_name_len == 0) { + if (attr_name == NULL || name_len == 0) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, attri_formatp, len); return -EFSCORRUPTED; @@ -853,9 +857,8 @@ xlog_recover_attri_commit_pass2( * name/value buffer to the recovered incore log item and drop our * reference. */ - nv = xfs_attri_log_nameval_alloc(attr_name, - attri_formatp->alfi_name_len, attr_value, - attri_formatp->alfi_value_len); + nv = xfs_attri_log_nameval_alloc(attr_name, name_len, + attr_value, value_len); attrip = xfs_attri_init(mp, nv); memcpy(&attrip->attri_format, attri_formatp, len); From patchwork Wed Apr 24 03:12:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641042 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 948A013340B for ; Wed, 24 Apr 2024 03:12:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928324; cv=none; b=L2yUP1CRvH95XBLpsxKXT2B6+31iL8ohDU+n8te1LyfU51vHwtwP3ySVBjDdWSPA2JhQPr77VhtD+9xL3BdK0eVLGYSmHagmZdQT/vAJqfC3HcOkesOQCyZ9gRmVxn8YiZbkPRMimog95Dm5s24ZdMYPgYmzHXZdmpKZaMvnn4I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928324; c=relaxed/simple; bh=oU1mg7wgAGqRTRADN9170IDfgIv7yYRwqtLOvaGm3sY=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=AyrqYFHRXTGxkyRr2r11m8FGfucNWacrrjc4Cz3gA7a3cYuj1mHRfakJTnbAgalmJ0fnWJ2gSIYvMBuxBGSCEbPge7m+cvrezJxCT2FjgCgsrs72geRrSJ7ddclcDCX6JDbfrULRUBmCnSp5SoSMVxdnLl9Abjf/J2WqtQ/4b+4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rrfyz9/T; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rrfyz9/T" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 10C0AC2BD10; Wed, 24 Apr 2024 03:12:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928324; bh=oU1mg7wgAGqRTRADN9170IDfgIv7yYRwqtLOvaGm3sY=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=rrfyz9/TEBsbexdWwtQM9x9idibVMZapG74me+YC/zGjhok84cVkqR1dSNlM1/aqR BC7V9fICF5BkEyyLRZDYoBR5S/36yBJ629kSYIWnQGwZXoli4Y2JGeetqL/U2updNY O0HqT113WdYt0SpajhR8SBcRKqsPL9mRidXHyTSxYbgaOvQI697+JB7Mn0Rrh0vPEe 2JonijvIpyyn1YpI9CkFRE/uX0DkhJF7WPCsWaeyq2xCF/yMaxIziaEulZhaLBpprn BnNoDXKVemFPRPG5gwO3R0glqJGGJU5lSp5n/JL4Ra/i855x0zb0AFoTTL2ewOhuqR 0x7c4xjE8kPyA== Date: Tue, 23 Apr 2024 20:12:03 -0700 Subject: [PATCH 12/14] xfs: refactor name/length checks in xfs_attri_validate From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782775.1904599.5336276739826774234.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Move the name and length checks into the attr op switch statement so that we can perform more specific checks of the value length. Over the next few patches we're going to add new attr op flags with different validation requirements. While we're at it, remove the incorrect comment. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 59723e5f483e..c8f92166b9ad 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -466,6 +466,12 @@ xfs_attri_item_match( return ATTRI_ITEM(lip)->attri_format.alfi_id == intent_id; } +static inline bool +xfs_attri_validate_namelen(unsigned int namelen) +{ + return namelen > 0 && namelen <= XATTR_NAME_MAX; +} + /* Is this recovered ATTRI format ok? */ static inline bool xfs_attri_validate( @@ -486,23 +492,24 @@ xfs_attri_validate( if (attrp->alfi_attr_filter & ~XFS_ATTRI_FILTER_MASK) return false; - /* alfi_op_flags should be either a set or remove */ switch (op) { case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: + if (attrp->alfi_value_len > XATTR_SIZE_MAX) + return false; + if (!xfs_attri_validate_namelen(attrp->alfi_name_len)) + return false; + break; case XFS_ATTRI_OP_FLAGS_REMOVE: + if (attrp->alfi_value_len != 0) + return false; + if (!xfs_attri_validate_namelen(attrp->alfi_name_len)) + return false; break; default: return false; } - if (attrp->alfi_value_len > XATTR_SIZE_MAX) - return false; - - if ((attrp->alfi_name_len > XATTR_NAME_MAX) || - (attrp->alfi_name_len == 0)) - return false; - return xfs_verify_ino(mp, attrp->alfi_ino); } From patchwork Wed Apr 24 03:12:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641043 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3297339A1 for ; Wed, 24 Apr 2024 03:12:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928339; cv=none; b=bGKikGcsxxbXRRgkbeNHSeLEFTlr+dj/Djtlk96VZllFvnKB1lRvQIwuR/NZRqsTrNp3MJU652k/Ak+14HdunY2z3vH/zqUMClMily1l/4YbQaQPJJRJY23YfuCNZ9Mk9LGkQ4pJ76PpfZj7asajs7AkKOdQg+ysvhdj5XfDp1w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928339; c=relaxed/simple; bh=PCtTIwLnxDkXm6FIE2ExMLIzBfbY+2iQ3krSJ+1RRZ8=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=lv8/05zpczlCMhIrGFeSkbGrRfeB49wyKBvaaYIAI7qG3NZfF201nZnv0rXLOQKrcHCkqEsNFzvgO0JM3wHtySRCEDTI0cvGZunUG3YolRXkdEBFPZwe1vgyv1We3ItoKdLAONcehZg+AQRNqio+V/rZ3nt+V12JnTsfK43/h+s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Ul765sUH; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Ul765sUH" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A99CDC116B1; Wed, 24 Apr 2024 03:12:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928339; bh=PCtTIwLnxDkXm6FIE2ExMLIzBfbY+2iQ3krSJ+1RRZ8=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=Ul765sUHR5ZY8SDl/5GjMGllIIh2p7d5KromSq4U4p0vR86UE3J04+eKBhKDwVJHx 42NhSkqWsu83F8c+90xrw+IWemaMZb3sbiICREphrk+9UKV/r5xmL7Gs1UrQmw5kdN Spryur5MfGAjzNlbnzghytJYQ0dv9062KXiVynruLYt4SilxluLqM7RNtFcHu5M8U3 iwuPeJaZNV0C8nkcjhy7Du5ghi1oLduuN4IQp+HsQmoxJT5VBnNS3jJZHLs4Shq4PQ EJHKGepSNB3O6rbiiF9IBxjBLfqeZc6RQi4vramdn+enWxzLgq+nmINFU7l6gOmxZu qgdLkmoIC/khw== Date: Tue, 23 Apr 2024 20:12:19 -0700 Subject: [PATCH 13/14] xfs: refactor name/value iovec validation in xlog_recover_attri_commit_pass2 From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782792.1904599.18060284396967997117.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Hoist the code that checks the attr name and value iovecs into separate helpers so that we can add more callsites for the new parent pointer attr intent items. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/xfs_attr_item.c | 64 +++++++++++++++++++++++++++++++++++------------- 1 file changed, 46 insertions(+), 18 deletions(-) diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index c8f92166b9ad..39536303a7b6 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -734,6 +734,46 @@ const struct xfs_defer_op_type xfs_attr_defer_type = { .relog_intent = xfs_attr_relog_intent, }; +static inline void * +xfs_attri_validate_name_iovec( + struct xfs_mount *mp, + struct xfs_attri_log_format *attri_formatp, + const struct xfs_log_iovec *iovec, + unsigned int name_len) +{ + if (iovec->i_len != xlog_calc_iovec_len(name_len)) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, sizeof(*attri_formatp)); + return NULL; + } + + if (!xfs_attr_namecheck(iovec->i_addr, name_len)) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, sizeof(*attri_formatp)); + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + iovec->i_addr, iovec->i_len); + return NULL; + } + + return iovec->i_addr; +} + +static inline void * +xfs_attri_validate_value_iovec( + struct xfs_mount *mp, + struct xfs_attri_log_format *attri_formatp, + const struct xfs_log_iovec *iovec, + unsigned int value_len) +{ + if (iovec->i_len != xlog_calc_iovec_len(value_len)) { + XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, + attri_formatp, sizeof(*attri_formatp)); + return NULL; + } + + return iovec->i_addr; +} + STATIC int xlog_recover_attri_commit_pass2( struct xlog *log, @@ -798,30 +838,18 @@ xlog_recover_attri_commit_pass2( i++; /* Validate the attr name */ - if (item->ri_buf[i].i_len != xlog_calc_iovec_len(name_len)) { - XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - attri_formatp, len); + attr_name = xfs_attri_validate_name_iovec(mp, attri_formatp, + &item->ri_buf[i], name_len); + if (!attr_name) return -EFSCORRUPTED; - } - - attr_name = item->ri_buf[i].i_addr; - if (!xfs_attr_namecheck(attr_name, name_len)) { - XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - attri_formatp, len); - return -EFSCORRUPTED; - } i++; /* Validate the attr value, if present */ if (value_len != 0) { - if (item->ri_buf[i].i_len != xlog_calc_iovec_len(value_len)) { - XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, - item->ri_buf[0].i_addr, - item->ri_buf[0].i_len); + attr_value = xfs_attri_validate_value_iovec(mp, attri_formatp, + &item->ri_buf[i], value_len); + if (!attr_value) return -EFSCORRUPTED; - } - - attr_value = item->ri_buf[i].i_addr; i++; } From patchwork Wed Apr 24 03:12:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 13641044 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6E23A1C6BE for ; Wed, 24 Apr 2024 03:12:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928355; cv=none; b=Of28Q3ZGxKR4gVTt0md8f+WVTKIJvMTxz5ucey4dk37Ay7dPpjkL4aFakT0+Hfdsje3huyG4or5X1IcTFWxnH9Lw3GzbTruMFFEz4lG6PrQ5T1xkfW/FkdBGDsyKs6qy7Re/ZeJrT4NnhcYUEKqtPoBZQthgipQopSRgvXeAlfM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713928355; c=relaxed/simple; bh=5V1VZXeTuSqW0j2hjGrTW2Hxd75t8sO9pNh8CT+mSgM=; h=Date:Subject:From:To:Cc:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WIageIDV5nkmzvGFG590KZBQlAt/3CAOfTuHzGgHW1Vdv487SJqcSsXzoHt3DzGLTSWdOeKYxevfA0zWsqxXlTJsZ7IerwBHsFxF7XTIB/A60Ux/31AQxD8SMfW8YQY8tJFg2zpW0VxUrJ8D4f2xJNPTdiK9+R/fkywZWovisj4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FD1qIMt0; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FD1qIMt0" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 47A17C116B1; Wed, 24 Apr 2024 03:12:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713928355; bh=5V1VZXeTuSqW0j2hjGrTW2Hxd75t8sO9pNh8CT+mSgM=; h=Date:Subject:From:To:Cc:In-Reply-To:References:From; b=FD1qIMt01nptiBB5oyLbar/Lso1fSJeufJ2advKV2K2vDicBWQr4hlPbLFMQmMWgB f625d5WT7/eEHJRdvNth1Y2mWXkApPE7azbfMCDb7hClk8vPCq0WANJDJn4RtQqfpO u/mUCUY6Fnwnhog3FngaXj4IlTMcc4xu74Ufo/SuUbsI08GLasenNjpgs7rzo+V8yu InZZHECpnn+jdje+nrBjXoBYeErGDtX1SRCtjrQxcTyluI/lG7MT9BRObHiFR4/dDa MEG1DXiYh8hIVTGb6VrRkVEEGxW3QTZ50/Lhax6naIAFCLlgnam/+TXY6E5YmHrdpr uQa8pgDP9uSXA== Date: Tue, 23 Apr 2024 20:12:34 -0700 Subject: [PATCH 14/14] xfs: enforce one namespace per attribute From: "Darrick J. Wong" To: djwong@kernel.org, chandanbabu@kernel.org Cc: Christoph Hellwig , hch@lst.de, linux-xfs@vger.kernel.org Message-ID: <171392782809.1904599.10577513322206096359.stgit@frogsfrogsfrogs> In-Reply-To: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> References: <171392782539.1904599.4346314665349138617.stgit@frogsfrogsfrogs> User-Agent: StGit/0.19 Precedence: bulk X-Mailing-List: linux-xfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Darrick J. Wong Create a standardized helper function to enforce one namespace bit per extended attribute, and refactor all the open-coded hweight logic. This function is not a static inline to avoid porting hassles in userspace. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- fs/xfs/libxfs/xfs_attr.c | 11 +++++++++++ fs/xfs/libxfs/xfs_attr.h | 4 +++- fs/xfs/libxfs/xfs_attr_leaf.c | 7 ++++++- fs/xfs/scrub/attr.c | 12 +++++------- fs/xfs/scrub/attr_repair.c | 4 +--- fs/xfs/xfs_attr_item.c | 10 ++++++++-- fs/xfs/xfs_attr_list.c | 11 +++++++---- 7 files changed, 41 insertions(+), 18 deletions(-) diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c index ba59dab6c56d..629fb25d149c 100644 --- a/fs/xfs/libxfs/xfs_attr.c +++ b/fs/xfs/libxfs/xfs_attr.c @@ -1532,12 +1532,23 @@ xfs_attr_node_get( return error; } +/* Enforce that there is at most one namespace bit per attr. */ +inline bool xfs_attr_check_namespace(unsigned int attr_flags) +{ + return hweight32(attr_flags & XFS_ATTR_NSP_ONDISK_MASK) < 2; +} + /* Returns true if the attribute entry name is valid. */ bool xfs_attr_namecheck( + unsigned int attr_flags, const void *name, size_t length) { + /* Only one namespace bit allowed. */ + if (!xfs_attr_check_namespace(attr_flags)) + return false; + /* * MAXNAMELEN includes the trailing null, but (name/length) leave it * out, so use >= for the length check. diff --git a/fs/xfs/libxfs/xfs_attr.h b/fs/xfs/libxfs/xfs_attr.h index 79b457adb7bd..cd106b0a424f 100644 --- a/fs/xfs/libxfs/xfs_attr.h +++ b/fs/xfs/libxfs/xfs_attr.h @@ -560,7 +560,9 @@ enum xfs_attr_update { int xfs_attr_set(struct xfs_da_args *args, enum xfs_attr_update op); int xfs_attr_set_iter(struct xfs_attr_intent *attr); int xfs_attr_remove_iter(struct xfs_attr_intent *attr); -bool xfs_attr_namecheck(const void *name, size_t length); +bool xfs_attr_check_namespace(unsigned int attr_flags); +bool xfs_attr_namecheck(unsigned int attr_flags, const void *name, + size_t length); int xfs_attr_calc_size(struct xfs_da_args *args, int *local); void xfs_init_attr_trans(struct xfs_da_args *args, struct xfs_trans_res *tres, unsigned int *total); diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c index 17ec5ff5a4e3..3b024ab892e6 100644 --- a/fs/xfs/libxfs/xfs_attr_leaf.c +++ b/fs/xfs/libxfs/xfs_attr_leaf.c @@ -950,6 +950,11 @@ xfs_attr_shortform_to_leaf( nargs.hashval = xfs_da_hashname(sfe->nameval, sfe->namelen); nargs.attr_filter = sfe->flags & XFS_ATTR_NSP_ONDISK_MASK; + if (!xfs_attr_check_namespace(sfe->flags)) { + xfs_da_mark_sick(args); + error = -EFSCORRUPTED; + goto out; + } error = xfs_attr3_leaf_lookup_int(bp, &nargs); /* set a->index */ ASSERT(error == -ENOATTR); error = xfs_attr3_leaf_add(bp, &nargs); @@ -1063,7 +1068,7 @@ xfs_attr_shortform_verify( * one namespace flag per xattr, so we can just count the * bits (i.e. hweight) here. */ - if (hweight8(sfep->flags & XFS_ATTR_NSP_ONDISK_MASK) > 1) + if (!xfs_attr_check_namespace(sfep->flags)) return __this_address; sfep = next_sfep; diff --git a/fs/xfs/scrub/attr.c b/fs/xfs/scrub/attr.c index fd22d652a63a..7789bd2f0950 100644 --- a/fs/xfs/scrub/attr.c +++ b/fs/xfs/scrub/attr.c @@ -203,14 +203,8 @@ xchk_xattr_actor( return 0; } - /* Only one namespace bit allowed. */ - if (hweight32(attr_flags & XFS_ATTR_NSP_ONDISK_MASK) > 1) { - xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, args.blkno); - return -ECANCELED; - } - /* Does this name make sense? */ - if (!xfs_attr_namecheck(name, namelen)) { + if (!xfs_attr_namecheck(attr_flags, name, namelen)) { xchk_fblock_set_corrupt(sc, XFS_ATTR_FORK, args.blkno); return -ECANCELED; } @@ -519,6 +513,10 @@ xchk_xattr_rec( xchk_da_set_corrupt(ds, level); return 0; } + if (!xfs_attr_check_namespace(ent->flags)) { + xchk_da_set_corrupt(ds, level); + return 0; + } if (ent->flags & XFS_ATTR_LOCAL) { lentry = (struct xfs_attr_leaf_name_local *) diff --git a/fs/xfs/scrub/attr_repair.c b/fs/xfs/scrub/attr_repair.c index 3066d662ea13..8b89c112c492 100644 --- a/fs/xfs/scrub/attr_repair.c +++ b/fs/xfs/scrub/attr_repair.c @@ -123,12 +123,10 @@ xrep_xattr_want_salvage( return false; if (namelen > XATTR_NAME_MAX || namelen <= 0) return false; - if (!xfs_attr_namecheck(name, namelen)) + if (!xfs_attr_namecheck(attr_flags, name, namelen)) return false; if (valuelen > XATTR_SIZE_MAX || valuelen < 0) return false; - if (hweight32(attr_flags & XFS_ATTR_NSP_ONDISK_MASK) > 1) - return false; return true; } diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c index 39536303a7b6..a65ac7479768 100644 --- a/fs/xfs/xfs_attr_item.c +++ b/fs/xfs/xfs_attr_item.c @@ -492,6 +492,10 @@ xfs_attri_validate( if (attrp->alfi_attr_filter & ~XFS_ATTRI_FILTER_MASK) return false; + if (!xfs_attr_check_namespace(attrp->alfi_attr_filter & + XFS_ATTR_NSP_ONDISK_MASK)) + return false; + switch (op) { case XFS_ATTRI_OP_FLAGS_SET: case XFS_ATTRI_OP_FLAGS_REPLACE: @@ -633,7 +637,8 @@ xfs_attr_recover_work( */ attrp = &attrip->attri_format; if (!xfs_attri_validate(mp, attrp) || - !xfs_attr_namecheck(nv->name.i_addr, nv->name.i_len)) + !xfs_attr_namecheck(attrp->alfi_attr_filter, nv->name.i_addr, + nv->name.i_len)) return -EFSCORRUPTED; attr = xfs_attri_recover_work(mp, dfp, attrp, &ip, nv); @@ -747,7 +752,8 @@ xfs_attri_validate_name_iovec( return NULL; } - if (!xfs_attr_namecheck(iovec->i_addr, name_len)) { + if (!xfs_attr_namecheck(attri_formatp->alfi_attr_filter, iovec->i_addr, + name_len)) { XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, attri_formatp, sizeof(*attri_formatp)); XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp, diff --git a/fs/xfs/xfs_attr_list.c b/fs/xfs/xfs_attr_list.c index 97c8f3dcfb89..903ed46c6887 100644 --- a/fs/xfs/xfs_attr_list.c +++ b/fs/xfs/xfs_attr_list.c @@ -82,7 +82,8 @@ xfs_attr_shortform_list( (dp->i_af.if_bytes + sf->count * 16) < context->bufsize)) { for (i = 0, sfe = xfs_attr_sf_firstentry(sf); i < sf->count; i++) { if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(sfe->nameval, + !xfs_attr_namecheck(sfe->flags, + sfe->nameval, sfe->namelen))) { xfs_dirattr_mark_sick(context->dp, XFS_ATTR_FORK); return -EFSCORRUPTED; @@ -122,7 +123,8 @@ xfs_attr_shortform_list( for (i = 0, sfe = xfs_attr_sf_firstentry(sf); i < sf->count; i++) { if (unlikely( ((char *)sfe < (char *)sf) || - ((char *)sfe >= ((char *)sf + dp->i_af.if_bytes)))) { + ((char *)sfe >= ((char *)sf + dp->i_af.if_bytes)) || + !xfs_attr_check_namespace(sfe->flags))) { XFS_CORRUPTION_ERROR("xfs_attr_shortform_list", XFS_ERRLEVEL_LOW, context->dp->i_mount, sfe, @@ -177,7 +179,7 @@ xfs_attr_shortform_list( cursor->offset = 0; } if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(sbp->name, + !xfs_attr_namecheck(sbp->flags, sbp->name, sbp->namelen))) { xfs_dirattr_mark_sick(context->dp, XFS_ATTR_FORK); error = -EFSCORRUPTED; @@ -502,7 +504,8 @@ xfs_attr3_leaf_list_int( } if (XFS_IS_CORRUPT(context->dp->i_mount, - !xfs_attr_namecheck(name, namelen))) { + !xfs_attr_namecheck(entry->flags, name, + namelen))) { xfs_dirattr_mark_sick(context->dp, XFS_ATTR_FORK); return -EFSCORRUPTED; }