From a1b33e1bb567ce1088132c2897fc7964087068f0 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" Date: Tue, 6 Sep 2022 14:50:56 +0800 Subject: [PATCH] xfs: detect overflows in bmbt records stable inclusion from stable-v5.10.120 commit f20e67b455e425a0d3d03f27bda5fdd32dc2c324 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5L6BR Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f20e67b455e425a0d3d03f27bda5fdd32dc2c324 -------------------------------- commit acf104c2331c1ba2a667e65dd36139d1555b1432 upstream. Detect file block mappings with a blockcount that's either so large that integer overflows occur or are zero, because neither are valid in the filesystem. Worse yet, attempting directory modifications causes the iext code to trip over the bmbt key handling and takes the filesystem down. We can fix most of this by preventing the bad metadata from entering the incore structures in the first place. Found by setting blockcount=0 in a directory data fork mapping and watching the fireworks. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Amir Goldstein Signed-off-by: Greg Kroah-Hartman Signed-off-by: Zheng Zengkai Acked-by: Xie XiuQi --- fs/xfs/libxfs/xfs_bmap.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c index 3a77db5a6ce8..e6bb7b928b38 100644 --- a/fs/xfs/libxfs/xfs_bmap.c +++ b/fs/xfs/libxfs/xfs_bmap.c @@ -6206,6 +6206,11 @@ xfs_bmap_validate_extent( xfs_fsblock_t endfsb; bool isrt; + if (irec->br_startblock + irec->br_blockcount <= irec->br_startblock) + return __this_address; + if (irec->br_startoff + irec->br_blockcount <= irec->br_startoff) + return __this_address; + isrt = XFS_IS_REALTIME_INODE(ip); endfsb = irec->br_startblock + irec->br_blockcount - 1; if (isrt && whichfork == XFS_DATA_FORK) { -- GitLab