rpms / xfsprogs

Clone
Source Code
GIT

Blame SOURCES/xfsprogs-5.7.0-xfs_repair-check-for-AG-btree-records-that-would-wra.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   d13294890bb9ff43ba64b8921751047732c5df16
  2.   SOURCES
  3.   xfsprogs-5.7.0-xfs_repair-check-for-AG-btree-records-that-would-wra.patch
Blob History Raw
d13294 
From cae4fd291266c32441c6a7fcca49929fe11c391c Mon Sep 17 00:00:00 2001
d13294 
From: "Darrick J. Wong" <darrick.wong@oracle.com>
d13294 
Date: Fri, 10 Jul 2020 15:35:44 -0400
d13294 
Subject: [PATCH] xfs_repair: check for AG btree records that would wrap around
d13294
d13294 
For AG btree types, make sure that each record's length is not so huge
d13294 
that integer wraparound would happen.
d13294
d13294 
Found via xfs/358 fuzzing recs[1].blockcount = ones.
d13294
d13294 
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
d13294 
Reviewed-by: Christoph Hellwig <hch@lst.de>
d13294 
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
d13294 
---
d13294 
 repair/scan.c | 9 ++++++---
d13294 
 1 file changed, 6 insertions(+), 3 deletions(-)
d13294
d13294 
diff --git a/repair/scan.c b/repair/scan.c
d13294 
index 5c8d8b23..1ddb5763 100644
d13294 
--- a/repair/scan.c
d13294 
+++ b/repair/scan.c
d13294 
@@ -684,7 +684,8 @@ _("%s freespace btree block claimed (state %d), agno %d, bno %d, suspect %d\n"),
d13294 
 					b, i, name, agno, bno);
d13294 
 				continue;
d13294 
 			}
d13294 
-			if (len == 0 || !verify_agbno(mp, agno, end - 1)) {
d13294 
+			if (len == 0 || end <= b ||
d13294 
+			    !verify_agbno(mp, agno, end - 1)) {
d13294 
 				do_warn(
d13294 
 	_("invalid length %u in record %u of %s btree block %u/%u\n"),
d13294 
 					len, i, name, agno, bno);
d13294 
@@ -1066,7 +1067,8 @@ _("%s rmap btree block claimed (state %d), agno %d, bno %d, suspect %d\n"),
d13294 
 					b, i, name, agno, bno);
d13294 
 				continue;
d13294 
 			}
d13294 
-			if (len == 0 || !verify_agbno(mp, agno, end - 1)) {
d13294 
+			if (len == 0 || end <= b ||
d13294 
+			    !verify_agbno(mp, agno, end - 1)) {
d13294 
 				do_warn(
d13294 
 	_("invalid length %u in record %u of %s btree block %u/%u\n"),
d13294 
 					len, i, name, agno, bno);
d13294 
@@ -1353,7 +1355,8 @@ _("leftover CoW extent has invalid startblock in record %u of %s btree block %u/
d13294 
 					b, i, name, agno, bno);
d13294 
 				continue;
d13294 
 			}
d13294 
-			if (len == 0 || !verify_agbno(mp, agno, end - 1)) {
d13294 
+			if (len == 0 || end <= agb ||
d13294 
+			    !verify_agbno(mp, agno, end - 1)) {
d13294 
 				do_warn(
d13294 
 	_("invalid length %u in record %u of %s btree block %u/%u\n"),
d13294 
 					len, i, name, agno, bno);
d13294 
--
d13294 
2.29.2
d13294

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation