rpms / xfsprogs

Clone
Source Code
GIT

Blame SOURCES/xfsprogs-5.7.0-xfs_repair-check-for-AG-btree-records-that-would-wra.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c8
  2.   SOURCES
  3.   xfsprogs-5.7.0-xfs_repair-check-for-AG-btree-records-that-would-wra.patch
Blob History Raw
48cf7c 
From cae4fd291266c32441c6a7fcca49929fe11c391c Mon Sep 17 00:00:00 2001
48cf7c 
From: "Darrick J. Wong" <darrick.wong@oracle.com>
48cf7c 
Date: Fri, 10 Jul 2020 15:35:44 -0400
48cf7c 
Subject: [PATCH] xfs_repair: check for AG btree records that would wrap around
48cf7c
48cf7c 
For AG btree types, make sure that each record's length is not so huge
48cf7c 
that integer wraparound would happen.
48cf7c
48cf7c 
Found via xfs/358 fuzzing recs[1].blockcount = ones.
48cf7c
48cf7c 
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
48cf7c 
Reviewed-by: Christoph Hellwig <hch@lst.de>
48cf7c 
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
48cf7c 
---
48cf7c 
 repair/scan.c | 9 ++++++---
48cf7c 
 1 file changed, 6 insertions(+), 3 deletions(-)
48cf7c
48cf7c 
diff --git a/repair/scan.c b/repair/scan.c
48cf7c 
index 5c8d8b23..1ddb5763 100644
48cf7c 
--- a/repair/scan.c
48cf7c 
+++ b/repair/scan.c
48cf7c 
@@ -684,7 +684,8 @@ _("%s freespace btree block claimed (state %d), agno %d, bno %d, suspect %d\n"),
48cf7c 
 					b, i, name, agno, bno);
48cf7c 
 				continue;
48cf7c 
 			}
48cf7c 
-			if (len == 0 || !verify_agbno(mp, agno, end - 1)) {
48cf7c 
+			if (len == 0 || end <= b ||
48cf7c 
+			    !verify_agbno(mp, agno, end - 1)) {
48cf7c 
 				do_warn(
48cf7c 
 	_("invalid length %u in record %u of %s btree block %u/%u\n"),
48cf7c 
 					len, i, name, agno, bno);
48cf7c 
@@ -1066,7 +1067,8 @@ _("%s rmap btree block claimed (state %d), agno %d, bno %d, suspect %d\n"),
48cf7c 
 					b, i, name, agno, bno);
48cf7c 
 				continue;
48cf7c 
 			}
48cf7c 
-			if (len == 0 || !verify_agbno(mp, agno, end - 1)) {
48cf7c 
+			if (len == 0 || end <= b ||
48cf7c 
+			    !verify_agbno(mp, agno, end - 1)) {
48cf7c 
 				do_warn(
48cf7c 
 	_("invalid length %u in record %u of %s btree block %u/%u\n"),
48cf7c 
 					len, i, name, agno, bno);
48cf7c 
@@ -1353,7 +1355,8 @@ _("leftover CoW extent has invalid startblock in record %u of %s btree block %u/
48cf7c 
 					b, i, name, agno, bno);
48cf7c 
 				continue;
48cf7c 
 			}
48cf7c 
-			if (len == 0 || !verify_agbno(mp, agno, end - 1)) {
48cf7c 
+			if (len == 0 || end <= agb ||
48cf7c 
+			    !verify_agbno(mp, agno, end - 1)) {
48cf7c 
 				do_warn(
48cf7c 
 	_("invalid length %u in record %u of %s btree block %u/%u\n"),
48cf7c 
 					len, i, name, agno, bno);
48cf7c 
--
48cf7c 
2.29.2
48cf7c

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation