From: Darrick J. Wong Date: Wed, 18 Apr 2018 19:46:07 +0000 (-0500) Subject: xfs: don't accept inode buffers with suspicious unlinked chains X-Git-Tag: v4.17.0-rc1~44^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2949b46779cf054a7f9067000bbadf35e55b3ce7;p=thirdparty%2Fxfsprogs-dev.git xfs: don't accept inode buffers with suspicious unlinked chains Source kernel commit: 6a96c5650568a2218712d43ec16f3f82296a6c53 When we're verifying inode buffers, sanity-check the unlinked pointer. We don't want to run the risk of trying to purge something that's obviously broken. Signed-off-by: Darrick J. Wong Reviewed-by: Brian Foster Signed-off-by: Eric Sandeen --- diff --git a/libxfs/xfs_inode_buf.c b/libxfs/xfs_inode_buf.c index bdaefe3b6..074003e4b 100644 --- a/libxfs/xfs_inode_buf.c +++ b/libxfs/xfs_inode_buf.c @@ -89,20 +89,26 @@ xfs_inode_buf_verify( bool readahead) { struct xfs_mount *mp = bp->b_target->bt_mount; + xfs_agnumber_t agno; int i; int ni; /* * Validate the magic number and version of every inode in the buffer */ + agno = xfs_daddr_to_agno(mp, XFS_BUF_ADDR(bp)); ni = XFS_BB_TO_FSB(mp, bp->b_length) * mp->m_sb.sb_inopblock; for (i = 0; i < ni; i++) { int di_ok; xfs_dinode_t *dip; + xfs_agino_t unlinked_ino; dip = xfs_buf_offset(bp, (i << mp->m_sb.sb_inodelog)); + unlinked_ino = be32_to_cpu(dip->di_next_unlinked); di_ok = dip->di_magic == cpu_to_be16(XFS_DINODE_MAGIC) && - xfs_dinode_good_version(mp, dip->di_version); + xfs_dinode_good_version(mp, dip->di_version) && + (unlinked_ino == NULLAGINO || + xfs_verify_agino(mp, agno, unlinked_ino)); if (unlikely(XFS_TEST_ERROR(!di_ok, mp, XFS_ERRTAG_ITOBP_INOTOBP))) { if (readahead) { @@ -120,9 +126,9 @@ xfs_inode_buf_verify( xfs_buf_verifier_error(bp, -EFSCORRUPTED, __func__, dip, sizeof(*dip), NULL); + return; } } - xfs_inobp_check(mp, bp); }