Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fe2c8191 authored by Thiemo Nagel's avatar Thiemo Nagel Committed by Theodore Ts'o
Browse files

ext4: add checks of block references for non-extent inodes 



Check block references in the inode and indorect blocks for non-extent
inodes to make sure they are valid, and flag an error if they are
invalid.

Signed-off-by: default avatarThiemo Nagel <thiemo.nagel@ph.tum.de>
Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
parent 563bdd61

fs/ext4/inode.c

+52 −7
Original line number Original line Diff line number Diff line
@@ -371,6 +371,34 @@ static int ext4_block_to_path(struct inode *inode, 
	return n;

	return n;

}

}





static int __ext4_check_blockref(const char *function, struct inode *inode,

				 unsigned int *p, unsigned int max) {



	unsigned int maxblocks = ext4_blocks_count(EXT4_SB(inode->i_sb)->s_es);

	unsigned int *bref = p;

	while (bref < p+max) {

		if (unlikely(*bref >= maxblocks)) {

			ext4_error(inode->i_sb, function,

				   "block reference %u >= max (%u) "

				   "in inode #%lu, offset=%d",

				   *bref, maxblocks,

				   inode->i_ino, (int)(bref-p));

 			return -EIO;

 		}

		bref++;

 	}

 	return 0;

}





#define ext4_check_indirect_blockref(inode, bh)                         \

        __ext4_check_blockref(__func__, inode, (__le32 *)(bh)->b_data,  \

			      EXT4_ADDR_PER_BLOCK((inode)->i_sb))



#define ext4_check_inode_blockref(inode)                                \

        __ext4_check_blockref(__func__, inode, EXT4_I(inode)->i_data,   \

			      EXT4_NDIR_BLOCKS)



/**

/**

 *	ext4_get_branch - read the chain of indirect blocks leading to data

 *	ext4_get_branch - read the chain of indirect blocks leading to data

 *	@inode: inode in question

 *	@inode: inode in question
@@ -415,9 +443,22 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth, 
	if (!p->key)

	if (!p->key)

		goto no_block;

		goto no_block;

	while (--depth) {

	while (--depth) {

		bh = sb_bread(sb, le32_to_cpu(p->key));

		bh = sb_getblk(sb, le32_to_cpu(p->key));

		if (!bh)

		if (unlikely(!bh))

			goto failure;

                  

		if (!bh_uptodate_or_lock(bh)) {

			if (bh_submit_read(bh) < 0) {

				put_bh(bh);

				goto failure;

			}

			/* validate block references */

			if (ext4_check_indirect_blockref(inode, bh)) {

				put_bh(bh);

				goto failure;

				goto failure;

			}

		}

		

		add_chain(++p, bh, (__le32 *)bh->b_data + *++offsets);

		add_chain(++p, bh, (__le32 *)bh->b_data + *++offsets);

		/* Reader: end */

		/* Reader: end */

		if (!p->key)

		if (!p->key)
@@ -4371,13 +4412,17 @@ struct inode *ext4_iget(struct super_block *sb, unsigned long ino) 
	if (ei->i_flags & EXT4_EXTENTS_FL) {

	if (ei->i_flags & EXT4_EXTENTS_FL) {

		/* Validate extent which is part of inode */

		/* Validate extent which is part of inode */

		ret = ext4_ext_check_inode(inode);

		ret = ext4_ext_check_inode(inode);

 	} else if (S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) ||

		   (S_ISLNK(inode->i_mode) &&

		    !ext4_inode_is_fast_symlink(inode))) {

	 	/* Validate block references which are part of inode */

		ret = ext4_check_inode_blockref(inode);

	}

	if (ret) {

	if (ret) {

 		brelse(bh);

 		brelse(bh);

 		goto bad_inode;

 		goto bad_inode;

	}

	}





	}



	if (S_ISREG(inode->i_mode)) {

	if (S_ISREG(inode->i_mode)) {

		inode->i_op = &ext4_file_inode_operations;

		inode->i_op = &ext4_file_inode_operations;

		inode->i_fop = &ext4_file_operations;

		inode->i_fop = &ext4_file_operations;