Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b42db086 authored by Eric Sandeen's avatar Eric Sandeen Committed by Darrick J. Wong
Browse files

xfs: enhance dinode verifier 



Add several more validations to xfs_dinode_verify:

- For LOCAL data fork formats, di_nextents must be 0.
- For LOCAL attr fork formats, di_anextents must be 0.
- For inodes with no attr fork offset,
  - format must be XFS_DINODE_FMT_EXTENTS if set at all
  - di_anextents must be 0.

Thanks to dchinner for pointing out a couple related checks I had
forgotten to add.

Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199377


Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
parent 60cc43fc

fs/xfs/libxfs/xfs_inode_buf.c

+21 −0
Original line number Diff line number Diff line
@@ -466,6 +466,8 @@ xfs_dinode_verify( 
				return __this_address;

			if (di_size > XFS_DFORK_DSIZE(dip, mp))

				return __this_address;

			if (dip->di_nextents)

				return __this_address;

			/* fall through */

		case XFS_DINODE_FMT_EXTENTS:

		case XFS_DINODE_FMT_BTREE:
@@ -484,12 +486,31 @@ xfs_dinode_verify( 
	if (XFS_DFORK_Q(dip)) {

		switch (dip->di_aformat) {

		case XFS_DINODE_FMT_LOCAL:

			if (dip->di_anextents)

				return __this_address;

		/* fall through */

		case XFS_DINODE_FMT_EXTENTS:

		case XFS_DINODE_FMT_BTREE:

			break;

		default:

			return __this_address;

		}

	} else {

		/*

		 * If there is no fork offset, this may be a freshly-made inode

		 * in a new disk cluster, in which case di_aformat is zeroed.

		 * Otherwise, such an inode must be in EXTENTS format; this goes

		 * for freed inodes as well.

		 */

		switch (dip->di_aformat) {

		case 0:

		case XFS_DINODE_FMT_EXTENTS:

			break;

		default:

			return __this_address;

		}

		if (dip->di_anextents)

			return __this_address;

	}



	/* only version 3 or greater inodes are extensively verified here */