mirror of https://gitee.com/openkylin/linux.git
xfs: sanity check directory inode di_size
This changes fixes an assertion hit when fuzzing on-disk i_mode values. The easy case to fix is when changing an empty file i_mode to S_IFDIR. In this case, xfs_dinode_verify() detects an illegal zero size for directory and fails to load the inode structure from disk. For the case of non empty file whose i_mode is changed to S_IFDIR, the ASSERT() statement in xfs_dir2_isblock() is replaced with return -EFSCORRUPTED, to avoid interacting with corrupted jusk also when XFS_DEBUG is disabled. Suggested-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
This commit is contained in:
parent
bf46ecc3d8
commit
3c6f46eacd
|
@ -631,7 +631,8 @@ xfs_dir2_isblock(
|
||||||
if ((rval = xfs_bmap_last_offset(args->dp, &last, XFS_DATA_FORK)))
|
if ((rval = xfs_bmap_last_offset(args->dp, &last, XFS_DATA_FORK)))
|
||||||
return rval;
|
return rval;
|
||||||
rval = XFS_FSB_TO_B(args->dp->i_mount, last) == args->geo->blksize;
|
rval = XFS_FSB_TO_B(args->dp->i_mount, last) == args->geo->blksize;
|
||||||
ASSERT(rval == 0 || args->dp->i_d.di_size == args->geo->blksize);
|
if (rval != 0 && args->dp->i_d.di_size != args->geo->blksize)
|
||||||
|
return -EFSCORRUPTED;
|
||||||
*vp = rval;
|
*vp = rval;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -386,6 +386,7 @@ xfs_dinode_verify(
|
||||||
xfs_ino_t ino,
|
xfs_ino_t ino,
|
||||||
struct xfs_dinode *dip)
|
struct xfs_dinode *dip)
|
||||||
{
|
{
|
||||||
|
uint16_t mode;
|
||||||
uint16_t flags;
|
uint16_t flags;
|
||||||
uint64_t flags2;
|
uint64_t flags2;
|
||||||
|
|
||||||
|
@ -396,8 +397,10 @@ xfs_dinode_verify(
|
||||||
if (be64_to_cpu(dip->di_size) & (1ULL << 63))
|
if (be64_to_cpu(dip->di_size) & (1ULL << 63))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
/* No zero-length symlinks. */
|
mode = be16_to_cpu(dip->di_mode);
|
||||||
if (S_ISLNK(be16_to_cpu(dip->di_mode)) && dip->di_size == 0)
|
|
||||||
|
/* No zero-length symlinks/dirs. */
|
||||||
|
if ((S_ISLNK(mode) || S_ISDIR(mode)) && dip->di_size == 0)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
/* only version 3 or greater inodes are extensively verified here */
|
/* only version 3 or greater inodes are extensively verified here */
|
||||||
|
|
Loading…
Reference in New Issue