git.ipfire.org Git - thirdparty/xfsprogs-dev.git/commit

author	Eric Sandeen <sandeen@sandeen.net>
	Tue, 10 May 2016 07:16:07 +0000 (17:16 +1000)
committer	Dave Chinner <david@fromorbit.com>
	Tue, 10 May 2016 07:16:07 +0000 (17:16 +1000)
commit	d7006beb3759cf1e1d29a5acb5aabec8e817d688
tree	2c69abea6fd06a5e1f8a4af9ed5d31611fe803ca	tree \| snapshot
parent	2aca16d6b21d30f52ffdc6c1c6184c694a5dd9f9	commit \| diff

metadump: limit permissible sector sizes

A metadump is composed of many metablocks, which have the format:

[header|indices][ ... disk sectors ... ]

where "disk sectors" are BBSIZE (512) blocks, and the (indices)
indicate where those disk sectors should land in the restored
image.

The header+indices fit within a single BBSIZE sector, and as such
the number of indices is limited to:

num_indices = (BBSIZE - sizeof(xfs_metablock_t)) / sizeof(__be64);

In practice, this works out to 63 indices; sadly 64 are required
to store a 32k metadata chunk, if the filesystem was created with
XFS_MAX_SECTORSIZE. This leads to more sadness later on, as we
index past arrays etc.

For now, just refuse to create a metadump from a 32k sector
filesystem; that's largely just theoretical at this point anyway.

Also check this on mdrestore, and check the lower bound as well;
the AFL fuzzer showed that interesting things happen when the
metadump image claims to contain a sector size of 0.

Oh, and spell "indices" correctly while we're at it.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>

db/metadump.c		diff \| blob \| blame \| history
mdrestore/xfs_mdrestore.c		diff \| blob \| blame \| history