On 7/30/18 10:56 PM, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
>
> Make sure we never try to write the superblock with unknown feature bits
> set. We checked those at mount time, so if they're set now then memory
> is corrupt.
>
> Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
> ---
> fs/xfs/libxfs/xfs_sb.c | 35 ++++++++++++++++++++++++++++++++++-
> 1 file changed, 34 insertions(+), 1 deletion(-)
Meh, a lot of cut and paste of the tests, but I guess it needs different
messages, behaviors, and error codes. :(
Reviewed-by: Eric Sandeen <sandeen@xxxxxxxxxx>
>
> diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c
> index 05e7ed1b8022..ca1b3a7a9171 100644
> --- a/fs/xfs/libxfs/xfs_sb.c
> +++ b/fs/xfs/libxfs/xfs_sb.c
> @@ -166,7 +166,40 @@ xfs_validate_sb_write(
> if (XFS_SB_VERSION_NUM(sbp) != XFS_SB_VERSION_5)
> return 0;
>
> - /* XXX: For write validation, we don't need to check feature masks?? */
> + /*
> + * Version 5 superblock feature mask validation. Reject combinations
> + * the kernel cannot support since we checked for unsupported bits in
> + * the read verifier, which means that memory is corrupt.
> + */
> + if (xfs_sb_has_compat_feature(sbp, XFS_SB_FEAT_COMPAT_UNKNOWN)) {
> + xfs_warn(mp,
> +"Corruption detected in superblock compatible features (0x%x)!",
> + (sbp->sb_features_compat & XFS_SB_FEAT_COMPAT_UNKNOWN));
> + return -EFSCORRUPTED;
> + }
> +
> + if (xfs_sb_has_ro_compat_feature(sbp, XFS_SB_FEAT_RO_COMPAT_UNKNOWN)) {
> + xfs_alert(mp,
> +"Corruption detected in superblock read-only compatible features (0x%x)!",
> + (sbp->sb_features_ro_compat &
> + XFS_SB_FEAT_RO_COMPAT_UNKNOWN));
> + return -EFSCORRUPTED;
> + }
> + if (xfs_sb_has_incompat_feature(sbp, XFS_SB_FEAT_INCOMPAT_UNKNOWN)) {
> + xfs_warn(mp,
> +"Corruption detected in superblock incompatible features (0x%x)!",
> + (sbp->sb_features_incompat &
> + XFS_SB_FEAT_INCOMPAT_UNKNOWN));
> + return -EFSCORRUPTED;
> + }
> + if (xfs_sb_has_incompat_log_feature(sbp,
> + XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN)) {
> + xfs_warn(mp,
> +"Corruption detected in superblock incompatible log features (0x%x)!",
> + (sbp->sb_features_log_incompat &
> + XFS_SB_FEAT_INCOMPAT_LOG_UNKNOWN));
> + return -EFSCORRUPTED;
> + }
>
> /*
> * We can't read verify the sb LSN because the read verifier is called
>
--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
