|
 |
1569e6 |
From cae4fd291266c32441c6a7fcca49929fe11c391c Mon Sep 17 00:00:00 2001
|
|
|
1569e6 |
From: "Darrick J. Wong" <darrick.wong@oracle.com>
|
|
|
1569e6 |
Date: Fri, 10 Jul 2020 15:35:44 -0400
|
|
|
1569e6 |
Subject: [PATCH] xfs_repair: check for AG btree records that would wrap around
|
|
|
1569e6 |
|
|
|
1569e6 |
For AG btree types, make sure that each record's length is not so huge
|
|
|
1569e6 |
that integer wraparound would happen.
|
|
|
1569e6 |
|
|
|
1569e6 |
Found via xfs/358 fuzzing recs[1].blockcount = ones.
|
|
|
1569e6 |
|
|
|
1569e6 |
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
|
|
|
1569e6 |
Reviewed-by: Christoph Hellwig <hch@lst.de>
|
|
|
1569e6 |
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
|
|
|
1569e6 |
---
|
|
|
1569e6 |
repair/scan.c | 9 ++++++---
|
|
|
1569e6 |
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
1569e6 |
|
|
|
1569e6 |
diff --git a/repair/scan.c b/repair/scan.c
|
|
|
1569e6 |
index 5c8d8b23..1ddb5763 100644
|
|
|
1569e6 |
--- a/repair/scan.c
|
|
|
1569e6 |
+++ b/repair/scan.c
|
|
|
1569e6 |
@@ -684,7 +684,8 @@ _("%s freespace btree block claimed (state %d), agno %d, bno %d, suspect %d\n"),
|
|
|
1569e6 |
b, i, name, agno, bno);
|
|
|
1569e6 |
continue;
|
|
|
1569e6 |
}
|
|
|
1569e6 |
- if (len == 0 || !verify_agbno(mp, agno, end - 1)) {
|
|
|
1569e6 |
+ if (len == 0 || end <= b ||
|
|
|
1569e6 |
+ !verify_agbno(mp, agno, end - 1)) {
|
|
|
1569e6 |
do_warn(
|
|
|
1569e6 |
_("invalid length %u in record %u of %s btree block %u/%u\n"),
|
|
|
1569e6 |
len, i, name, agno, bno);
|
|
|
1569e6 |
@@ -1066,7 +1067,8 @@ _("%s rmap btree block claimed (state %d), agno %d, bno %d, suspect %d\n"),
|
|
|
1569e6 |
b, i, name, agno, bno);
|
|
|
1569e6 |
continue;
|
|
|
1569e6 |
}
|
|
|
1569e6 |
- if (len == 0 || !verify_agbno(mp, agno, end - 1)) {
|
|
|
1569e6 |
+ if (len == 0 || end <= b ||
|
|
|
1569e6 |
+ !verify_agbno(mp, agno, end - 1)) {
|
|
|
1569e6 |
do_warn(
|
|
|
1569e6 |
_("invalid length %u in record %u of %s btree block %u/%u\n"),
|
|
|
1569e6 |
len, i, name, agno, bno);
|
|
|
1569e6 |
@@ -1353,7 +1355,8 @@ _("leftover CoW extent has invalid startblock in record %u of %s btree block %u/
|
|
|
1569e6 |
b, i, name, agno, bno);
|
|
|
1569e6 |
continue;
|
|
|
1569e6 |
}
|
|
|
1569e6 |
- if (len == 0 || !verify_agbno(mp, agno, end - 1)) {
|
|
|
1569e6 |
+ if (len == 0 || end <= agb ||
|
|
|
1569e6 |
+ !verify_agbno(mp, agno, end - 1)) {
|
|
|
1569e6 |
do_warn(
|
|
|
1569e6 |
_("invalid length %u in record %u of %s btree block %u/%u\n"),
|
|
|
1569e6 |
len, i, name, agno, bno);
|
|
|
1569e6 |
--
|
|
|
1569e6 |
2.29.2
|
|
|
1569e6 |
|