Re: [PATCH] xfs: xfs_trans->t_flags overflow

Wengang Wang <wen.gang.wang@xxxxxxxxxx> · Thu, 13 Jul 2023 01:39:55 +0000

> On Jul 12, 2023, at 6:22 PM, Darrick J. Wong <djwong@xxxxxxxxxx> wrote:
> 
> On Wed, Jul 12, 2023 at 06:15:08PM -0700, Wengang Wang wrote:
>> Current xfs_trans->t_flags is of type uint8_t (8 bits long). We are storing
>> XFS_TRANS_LOWMODE, which is 0x100, to t_flags. The highest set bit of
>> XFS_TRANS_LOWMODE overflows.
>> 
>> Fix:
>> Change the type from uint8_t to uint16_t.
>> 
>> Signed-off-by: Wengang Wang <wen.gang.wang@xxxxxxxxxx>
>> ---
>> fs/xfs/libxfs/xfs_shared.h | 2 +-
>> fs/xfs/xfs_log_priv.h      | 2 +-
>> 2 files changed, 2 insertions(+), 2 deletions(-)
>> 
>> diff --git a/fs/xfs/libxfs/xfs_shared.h b/fs/xfs/libxfs/xfs_shared.h
>> index c4381388c0c1..5532d6480d53 100644
>> --- a/fs/xfs/libxfs/xfs_shared.h
>> +++ b/fs/xfs/libxfs/xfs_shared.h
>> @@ -82,7 +82,7 @@ void xfs_log_get_max_trans_res(struct xfs_mount *mp,
>>  * for free space from AG 0. If the correct transaction reservations have been
>>  * made then this algorithm will eventually find all the space it needs.
>>  */
>> -#define XFS_TRANS_LOWMODE 0x100 /* allocate in low space mode */
>> +#define XFS_TRANS_LOWMODE (1u << 8) /* allocate in low space mode */
>> 
>> /*
>>  * Field values for xfs_trans_mod_sb.
>> diff --git a/fs/xfs/xfs_log_priv.h b/fs/xfs/xfs_log_priv.h
>> index 1bd2963e8fbd..e4b03edbc87b 100644
>> --- a/fs/xfs/xfs_log_priv.h
>> +++ b/fs/xfs/xfs_log_priv.h
>> @@ -151,7 +151,7 @@ typedef struct xlog_ticket {
> 
> Huh?  xlog_ticket != xfs_trans.
> 
> typedef struct xfs_trans {
> unsigned int t_magic; /* magic number */
> ...
> unsigned int t_flags; /* misc flags */
> ...
> };
> 
> This declaration looks wide enough to me.  The only place I see
> xlog_ticket.t_flags used is to set, clear, and test XLOG_TIC_PERM_RESERV.
> 

Oh, yes, I misread it. Sorry, pls ignore.

thanks,
wengang

> --D
> 
>> int t_unit_res; /* unit reservation */
>> char t_ocnt; /* original unit count */
>> char t_cnt; /* current unit count */
>> - uint8_t t_flags; /* properties of reservation */
>> + uint16_t t_flags; /* properties of reservation */
>> int t_iclog_hdrs; /* iclog hdrs in t_curr_res */
>> } xlog_ticket_t;
>> 
>> -- 
>> 2.21.0 (Apple Git-122.2)
>> 