diff options
| author | Darrick J. Wong <darrick.wong@oracle.com> | 2020-12-02 23:25:43 +0300 |
|---|---|---|
| committer | Darrick J. Wong <darrick.wong@oracle.com> | 2020-12-09 20:49:38 +0300 |
| commit | acf104c2331c1ba2a667e65dd36139d1555b1432 (patch) | |
| tree | bb0f20becf48b4b112356a06579d8d270b033366 /fs/xfs/libxfs | |
| parent | 6337032689fa51462d47eb456e5867cb0efa33eb (diff) | |
| download | linux-acf104c2331c1ba2a667e65dd36139d1555b1432.tar.xz | |
xfs: detect overflows in bmbt records
Detect file block mappings with a blockcount that's either so large that
integer overflows occur or are zero, because neither are valid in the
filesystem. Worse yet, attempting directory modifications causes the
iext code to trip over the bmbt key handling and takes the filesystem
down. We can fix most of this by preventing the bad metadata from
entering the incore structures in the first place.
Found by setting blockcount=0 in a directory data fork mapping and
watching the fireworks.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Diffstat (limited to 'fs/xfs/libxfs')
| -rw-r--r-- | fs/xfs/libxfs/xfs_bmap.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c index d9a692484eae..de9c27ef68d8 100644 --- a/fs/xfs/libxfs/xfs_bmap.c +++ b/fs/xfs/libxfs/xfs_bmap.c @@ -6229,6 +6229,11 @@ xfs_bmap_validate_extent( xfs_fsblock_t endfsb; bool isrt; + if (irec->br_startblock + irec->br_blockcount <= irec->br_startblock) + return __this_address; + if (irec->br_startoff + irec->br_blockcount <= irec->br_startoff) + return __this_address; + isrt = XFS_IS_REALTIME_INODE(ip); endfsb = irec->br_startblock + irec->br_blockcount - 1; if (isrt && whichfork == XFS_DATA_FORK) { |