ext4: check for out-of-order index extents in ext4_valid_extent_entries()

hulk inclusion category: bugfix bugzilla: 109205 CVE: NA --------------------------- After commit 5946d089 ("ext4: check for overlapping extents in ext4_valid_extent_entries()"), we can check out the overlapping extent entry in leaf extent blocks. But the out-of-order extent entry in index extent blocks could also trigger bad things if the filesystem is inconsistent. So this patch add a check to figure out the out-of-order index extents and return error. Signed-off-by: N Zhang Yi <yi.zhang@huawei.com> Reviewed-by: N Theodore Ts'o <tytso@mit.edu> Link: https://lore.kernel.org/r/20210908120850.4012324-2-yi.zhang@huawei.comSigned-off-by: N Theodore Ts'o <tytso@mit.edu> Reviewed-by: N Yang Erkun <yangerkun@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

ext4: check for out-of-order index extents in ext4_valid_extent_entries()
hulk inclusion category: bugfix bugzilla: 109205 CVE: NA --------------------------- After commit 5946d089 ("ext4: check for overlapping extents in ext4_valid_extent_entries()"), we can check out the overlapping extent entry in leaf extent blocks. But the out-of-order extent entry in index extent blocks could also trigger bad things if the filesystem is inconsistent. So this patch add a check to figure out the out-of-order index extents and return error. Signed-off-by: N Zhang Yi <yi.zhang@huawei.com> Reviewed-by: N Theodore Ts'o <tytso@mit.edu> Link: https://lore.kernel.org/r/20210908120850.4012324-2-yi.zhang@huawei.comSigned-off-by: N Theodore Ts'o <tytso@mit.edu> Reviewed-by: N Yang Erkun <yangerkun@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
4a6f39fe · Zhang Yi · Yang Yingliang · 16fbff88 · 4a6f39fe
显示空白变更内容
内联并排

Showing with 12 addition and 5 deletion

fs/ext4/extents.c fs/ext4/extents.c +12 -5

未找到文件。
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -405,6 +405,9 @@ static int ext4_valid_extent_entries(struct inode *inode,
 				     ext4_fsblk_t *pblk, int depth)
 {
 	unsigned short entries;
+	ext4_lblk_t lblock = 0;
+	ext4_lblk_t prev = 0;
+
 	if (eh->eh_entries == 0)
 		return 1;

@@ -413,31 +416,35 @@ static int ext4_valid_extent_entries(struct inode *inode,
 	if (depth == 0) {
 		/* leaf entries */
 		struct ext4_extent *ext = EXT_FIRST_EXTENT(eh);
-		ext4_lblk_t lblock = 0;
-		ext4_lblk_t prev = 0;
-		int len = 0;
 		while (entries) {
 			if (!ext4_valid_extent(inode, ext))
 				return 0;

 			/* Check for overlapping extents */
 			lblock = le32_to_cpu(ext->ee_block);
-			len = ext4_ext_get_actual_len(ext);
 			if ((lblock <= prev) && prev) {
 				*pblk = ext4_ext_pblock(ext);
 				return 0;
 			}
+			prev = lblock + ext4_ext_get_actual_len(ext) - 1;
 			ext++;
 			entries--;
-			prev = lblock + len - 1;
 		}
 	} else {
 		struct ext4_extent_idx *ext_idx = EXT_FIRST_INDEX(eh);
 		while (entries) {
 			if (!ext4_valid_extent_idx(inode, ext_idx))
 				return 0;
+
+			/* Check for overlapping index extents */
+			lblock = le32_to_cpu(ext_idx->ei_block);
+			if ((lblock <= prev) && prev) {
+				*pblk = ext4_idx_pblock(ext_idx);
+				return 0;
+			}
 			ext_idx++;
 			entries--;
+			prev = lblock;
 		}
 	}
 	return 1;