On Sun, Jul 02, 2023 at 09:25:55AM -0700, Darrick J. Wong wrote: > From: Darrick J. Wong <djwong@xxxxxxxxxx> > > Similar to the recent patch strengthening the AGF agf_length > verification, the AGI verifier does not check that the AGI length field > is within known good bounds. This isn't currently checked by runtime > kernel code, yet we assume in many places that it is correct and verify > other metadata against it. > > Add length verification to the AGI verifier. Just like the AGF length > checking, the length of the AGI must be equal to the size of the AG > specified in the superblock, unless it is the last AG in the filesystem. > In that case, it must be less than or equal to sb->sb_agblocks and > greater than XFS_MIN_AG_BLOCKS, which is the smallest AG a growfs > operation will allow to exist. > > There's only one place in the filesystem that actually uses agi_length, > but let's not leave it vulnerable to the same weird nonsense that > generates syzbot bugs, eh? > > Signed-off-by: Darrick J. Wong <djwong@xxxxxxxxxx> > --- > fs/xfs/libxfs/xfs_alloc.c | 72 ++++++++++++++++++++++++++++---------------- > fs/xfs/libxfs/xfs_alloc.h | 3 ++ > fs/xfs/libxfs/xfs_ialloc.c | 24 +++++++-------- > 3 files changed, 60 insertions(+), 39 deletions(-) Looks good. Reviewed-by: Dave Chinner <dchinner@xxxxxxxxxx> -- Dave Chinner david@xxxxxxxxxxxxx
