xfs: don't accept inode buffers with suspicious unlinked chains

Source kernel commit: 6a96c5650568a2218712d43ec16f3f82296a6c53

When we're verifying inode buffers, sanity-check the unlinked pointer.
We don't want to run the risk of trying to purge something that's
obviously broken.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>

diff --git a/libxfs/xfs_inode_buf.c b/libxfs/xfs_inode_buf.c
index bdaefe3b6602b5bbc9f5eb943ced2b592c0ed59e..074003e4b5bd52228a98bca3e23ce9b006de412b 100644 (file)
--- a/libxfs/xfs_inode_buf.c
+++ b/libxfs/xfs_inode_buf.c
@@ -89,20 +89,26 @@ xfs_inode_buf_verify(
        bool            readahead)
 {
        struct xfs_mount *mp = bp->b_target->bt_mount;
+       xfs_agnumber_t  agno;
        int             i;
        int             ni;
 
        /*
         * Validate the magic number and version of every inode in the buffer
         */
+       agno = xfs_daddr_to_agno(mp, XFS_BUF_ADDR(bp));
        ni = XFS_BB_TO_FSB(mp, bp->b_length) * mp->m_sb.sb_inopblock;
        for (i = 0; i < ni; i++) {
                int             di_ok;
                xfs_dinode_t    *dip;
+               xfs_agino_t     unlinked_ino;
 
                dip = xfs_buf_offset(bp, (i << mp->m_sb.sb_inodelog));
+               unlinked_ino = be32_to_cpu(dip->di_next_unlinked);
                di_ok = dip->di_magic == cpu_to_be16(XFS_DINODE_MAGIC) &&
-                       xfs_dinode_good_version(mp, dip->di_version);
+                       xfs_dinode_good_version(mp, dip->di_version) &&
+                       (unlinked_ino == NULLAGINO ||
+                        xfs_verify_agino(mp, agno, unlinked_ino));
                if (unlikely(XFS_TEST_ERROR(!di_ok, mp,
                                                XFS_ERRTAG_ITOBP_INOTOBP))) {
                        if (readahead) {
@@ -120,9 +126,9 @@ xfs_inode_buf_verify(
                        xfs_buf_verifier_error(bp, -EFSCORRUPTED,
                                        __func__, dip, sizeof(*dip),
                                        NULL);
+                       return;
                }
        }
-       xfs_inobp_check(mp, bp);
 }