xfs: enhance dinode verifier

Source kernel commit: b42db0860e13067fcc7cbfba3966c9e652668bbc

Add several more validations to xfs_dinode_verify:

- For LOCAL data fork formats, di_nextents must be 0.
- For LOCAL attr fork formats, di_anextents must be 0.
- For inodes with no attr fork offset,
- format must be XFS_DINODE_FMT_EXTENTS if set at all
- di_anextents must be 0.

Thanks to dchinner for pointing out a couple related checks I had
forgotten to add.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199377
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>

diff --git a/libxfs/xfs_inode_buf.c b/libxfs/xfs_inode_buf.c
index a698a35c60c1bfcbd2a8be36e6ac1df6cfc1d078..15f68080bb522e1a6ba5aa2df6d6ae2d55e21b26 100644 (file)
--- a/libxfs/xfs_inode_buf.c
+++ b/libxfs/xfs_inode_buf.c
@@ -462,6 +462,8 @@ xfs_dinode_verify(
                                return __this_address;
                        if (di_size > XFS_DFORK_DSIZE(dip, mp))
                                return __this_address;
+                       if (dip->di_nextents)
+                               return __this_address;
                        /* fall through */
                case XFS_DINODE_FMT_EXTENTS:
                case XFS_DINODE_FMT_BTREE:
@@ -480,12 +482,31 @@ xfs_dinode_verify(
        if (XFS_DFORK_Q(dip)) {
                switch (dip->di_aformat) {
                case XFS_DINODE_FMT_LOCAL:
+                       if (dip->di_anextents)
+                               return __this_address;
+               /* fall through */
                case XFS_DINODE_FMT_EXTENTS:
                case XFS_DINODE_FMT_BTREE:
                        break;
                default:
                        return __this_address;
                }
+       } else {
+               /*
+                * If there is no fork offset, this may be a freshly-made inode
+                * in a new disk cluster, in which case di_aformat is zeroed.
+                * Otherwise, such an inode must be in EXTENTS format; this goes
+                * for freed inodes as well.
+                */
+               switch (dip->di_aformat) {
+               case 0:
+               case XFS_DINODE_FMT_EXTENTS:
+                       break;
+               default:
+                       return __this_address;
+               }
+               if (dip->di_anextents)
+                       return __this_address;
        }
 
        /* only version 3 or greater inodes are extensively verified here */