Re: [PATCH 6/7] libext2fs: check for cyclic loops in the extent tree

Lukas Czerner <lczerner@xxxxxxxxxx> · Tue, 7 Jun 2022 16:11:26 +0200

On Tue, Jun 07, 2022 at 12:24:43AM -0400, Theodore Ts'o wrote:
> In the extent tree handling code in libext2fs, when we go move down
> the extent tree, if a cyclic loop is detected, return an error.

Looks good.

Reviewed-by: Lukas Czerner <lczerner@xxxxxxxxxx>

> 
> Reported-by: Nils Bars <nils.bars@xxxxxx>
> Reported-by: Moritz Schlögel <moritz.schloegel@xxxxxx>
> Reported-by: Nico Schiller <nico.schiller@xxxxxx>
> Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
> ---
>  lib/ext2fs/ext2_err.et.in |  3 +++
>  lib/ext2fs/extent.c       | 11 +++++++++--
>  2 files changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/ext2fs/ext2_err.et.in b/lib/ext2fs/ext2_err.et.in
> index cf0e00ea..bb1dcf14 100644
> --- a/lib/ext2fs/ext2_err.et.in
> +++ b/lib/ext2fs/ext2_err.et.in
> @@ -551,4 +551,7 @@ ec	EXT2_ET_NO_GDESC,
>  ec	EXT2_FILSYS_CORRUPTED,
>  	"The internal ext2_filsys data structure appears to be corrupted"
>  
> +ec	EXT2_ET_EXTENT_CYCLE,
> +	"Found cyclic loop in extent tree"
> +
>  	end
> diff --git a/lib/ext2fs/extent.c b/lib/ext2fs/extent.c
> index 1a206a16..82e75ccd 100644
> --- a/lib/ext2fs/extent.c
> +++ b/lib/ext2fs/extent.c
> @@ -47,6 +47,7 @@ struct extent_path {
>  	int		visit_num;
>  	int		flags;
>  	blk64_t		end_blk;
> +	blk64_t		blk;
>  	void		*curr;
>  };
>  
> @@ -286,6 +287,7 @@ errcode_t ext2fs_extent_open2(ext2_filsys fs, ext2_ino_t ino,
>  	handle->path[0].end_blk =
>  		(EXT2_I_SIZE(handle->inode) + fs->blocksize - 1) >>
>  		 EXT2_BLOCK_SIZE_BITS(fs->super);
> +	handle->path[0].blk = 0;
>  	handle->path[0].visit_num = 1;
>  	handle->level = 0;
>  	handle->magic = EXT2_ET_MAGIC_EXTENT_HANDLE;
> @@ -305,14 +307,14 @@ errout:
>  errcode_t ext2fs_extent_get(ext2_extent_handle_t handle,
>  			    int flags, struct ext2fs_extent *extent)
>  {
> -	struct extent_path	*path, *newpath;
> +	struct extent_path	*path, *newpath, *tp;
>  	struct ext3_extent_header	*eh;
>  	struct ext3_extent_idx		*ix = 0;
>  	struct ext3_extent		*ex;
>  	errcode_t			retval;
>  	blk64_t				blk;
>  	blk64_t				end_blk;
> -	int				orig_op, op;
> +	int				orig_op, op, l;
>  	int				failed_csum = 0;
>  
>  	EXT2_CHECK_MAGIC(handle, EXT2_ET_MAGIC_EXTENT_HANDLE);
> @@ -467,6 +469,11 @@ retry:
>  		}
>  		blk = ext2fs_le32_to_cpu(ix->ei_leaf) +
>  			((__u64) ext2fs_le16_to_cpu(ix->ei_leaf_hi) << 32);
> +		for (l = handle->level, tp = path; l > 0; l--, tp--) {
> +			if (blk == tp->blk)
> +				return EXT2_ET_EXTENT_CYCLE;
> +		}
> +		newpath->blk = blk;
>  		if ((handle->fs->flags & EXT2_FLAG_IMAGE_FILE) &&
>  		    (handle->fs->io != handle->fs->image_io))
>  			memset(newpath->buf, 0, handle->fs->blocksize);
> -- 
> 2.31.0
> 