On Tue, Jun 05, 2018 at 04:24:20PM +1000, Dave Chinner wrote: > From: Dave Chinner <dchinner@xxxxxxxxxx> > > There are rules for vald extent size hints. We enforce them when > applications set them, but fuzzers violate those rules and that > screws us over. Validate COW extent size hint rules in the inode > verifier to catch this. > > Signed-off-by: Dave Chinner <dchinner@xxxxxxxxxx> > --- > fs/xfs/libxfs/xfs_inode_buf.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > Reviewed-by: Carlos Maiolino <cmaiolino@xxxxxxxxxx> > diff --git a/fs/xfs/libxfs/xfs_inode_buf.c b/fs/xfs/libxfs/xfs_inode_buf.c > index be197c91307b..ea64be7cbd98 100644 > --- a/fs/xfs/libxfs/xfs_inode_buf.c > +++ b/fs/xfs/libxfs/xfs_inode_buf.c > @@ -504,7 +504,7 @@ xfs_dinode_verify( > > /* extent size hint validation */ > fa = xfs_inode_validate_extsize(mp, be32_to_cpu(dip->di_extsize), > - mode, be32_to_cpu(dip->di_flags)); > + mode, flags); > if (fa) > return fa; > > @@ -516,7 +516,7 @@ xfs_dinode_verify( > > /* don't allow reflink/cowextsize if we don't have reflink */ > if ((flags2 & (XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE)) && > - !xfs_sb_version_hasreflink(&mp->m_sb)) > + !xfs_sb_version_hasreflink(&mp->m_sb)) > return __this_address; > > /* only regular files get reflink */ > @@ -531,6 +531,12 @@ xfs_dinode_verify( > if ((flags2 & XFS_DIFLAG2_REFLINK) && (flags2 & XFS_DIFLAG2_DAX)) > return __this_address; > > + /* COW extent size hint validation */ > + fa = xfs_inode_validate_cowextsize(mp, be32_to_cpu(dip->di_cowextsize), > + mode, flags, flags2); > + if (fa) > + return fa; > + > return NULL; > } > > -- > 2.17.0 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-xfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Carlos -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
