On Wed, Jun 28, 2023 at 08:44:12AM +1000, Dave Chinner wrote:
> From: Dave Chinner <dchinner@xxxxxxxxxx>
>
> Need to happen before we allocate and then leak the xefi. Found by
> coverity via an xfsprogs libxfs scan.
>
> Fixes: 7dfee17b13e5 ("xfs: validate block number being freed before adding to xefi")
> Signed-off-by: Dave Chinner <dchinner@xxxxxxxxxx>
LGTM,
Reviewed-by: Darrick J. Wong <djwong@xxxxxxxxxx>
--D
> ---
> fs/xfs/libxfs/xfs_alloc.c | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/fs/xfs/libxfs/xfs_alloc.c b/fs/xfs/libxfs/xfs_alloc.c
> index 7c86a69354fb..9919fdfe1d7e 100644
> --- a/fs/xfs/libxfs/xfs_alloc.c
> +++ b/fs/xfs/libxfs/xfs_alloc.c
> @@ -2470,25 +2470,26 @@ static int
> xfs_defer_agfl_block(
> struct xfs_trans *tp,
> xfs_agnumber_t agno,
> - xfs_fsblock_t agbno,
> + xfs_agblock_t agbno,
> struct xfs_owner_info *oinfo)
> {
> struct xfs_mount *mp = tp->t_mountp;
> struct xfs_extent_free_item *xefi;
> + xfs_fsblock_t fsbno = XFS_AGB_TO_FSB(mp, agno, agbno);
>
> ASSERT(xfs_extfree_item_cache != NULL);
> ASSERT(oinfo != NULL);
>
> + if (XFS_IS_CORRUPT(mp, !xfs_verify_fsbno(mp, fsbno)))
> + return -EFSCORRUPTED;
> +
> xefi = kmem_cache_zalloc(xfs_extfree_item_cache,
> GFP_KERNEL | __GFP_NOFAIL);
> - xefi->xefi_startblock = XFS_AGB_TO_FSB(mp, agno, agbno);
> + xefi->xefi_startblock = fsbno;
> xefi->xefi_blockcount = 1;
> xefi->xefi_owner = oinfo->oi_owner;
> xefi->xefi_type = XFS_AG_RESV_AGFL;
>
> - if (XFS_IS_CORRUPT(mp, !xfs_verify_fsbno(mp, xefi->xefi_startblock)))
> - return -EFSCORRUPTED;
> -
> trace_xfs_agfl_free_defer(mp, agno, 0, agbno, 1);
>
> xfs_extent_free_get_group(mp, xefi);
> --
> 2.40.1
>
