On Tue, Mar 10, 2020 at 05:47:52PM -0700, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
>
> Check the owner field of dir3 data block headers. If it's corrupt,
> release the buffer and return EFSCORRUPTED. All callers handle this
> properly.
>
> Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
> ---
> fs/xfs/libxfs/xfs_dir2_data.c | 31 ++++++++++++++++++++++++++++++-
> 1 file changed, 30 insertions(+), 1 deletion(-)
>
>
> diff --git a/fs/xfs/libxfs/xfs_dir2_data.c b/fs/xfs/libxfs/xfs_dir2_data.c
> index b9eba8213180..8de9611387e5 100644
> --- a/fs/xfs/libxfs/xfs_dir2_data.c
> +++ b/fs/xfs/libxfs/xfs_dir2_data.c
> @@ -394,6 +394,22 @@ static const struct xfs_buf_ops xfs_dir3_data_reada_buf_ops = {
> .verify_write = xfs_dir3_data_write_verify,
> };
>
> +static xfs_failaddr_t
> +xfs_dir3_data_header_check(
> + struct xfs_inode *dp,
> + struct xfs_buf *bp)
> +{
> + struct xfs_mount *mp = dp->i_mount;
> +
> + if (xfs_sb_version_hascrc(&mp->m_sb)) {
> + struct xfs_dir3_data_hdr *hdr3 = bp->b_addr;
> +
> + if (be64_to_cpu(hdr3->hdr.owner) != dp->i_ino)
> + return __this_address;
> + }
> +
> + return NULL;
> +}
>
> int
> xfs_dir3_data_read(
> @@ -403,11 +419,24 @@ xfs_dir3_data_read(
> unsigned int flags,
> struct xfs_buf **bpp)
> {
> + xfs_failaddr_t fa;
> int err;
>
> err = xfs_da_read_buf(tp, dp, bno, flags, bpp, XFS_DATA_FORK,
> &xfs_dir3_data_buf_ops);
> - if (!err && tp && *bpp)
> + if (err || !*bpp)
> + return err;
> +
> + /* Check things that we can't do in the verifier. */
> + fa = xfs_dir3_data_header_check(dp, *bpp);
> + if (fa) {
> + __xfs_buf_mark_corrupt(*bpp, fa);
> + xfs_trans_brelse(tp, *bpp);
> + *bpp = NULL;
> + return -EFSCORRUPTED;
> + }
> +
> + if (tp)
> xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_DIR_DATA_BUF);
xfs_trans_buf_set_type() handles a null tp just fine.
Otherwise OK.
Reviewed-by: Dave Chinner <dchinner@xxxxxxxxxx>
--
Dave Chinner
david@xxxxxxxxxxxxx
