f2fs: check validation of fault attrs in f2fs_build_fault_attr()

commit 4ed886b187f47447ad559619c48c086f432d2b77 upstream.

- It missed to check validation of fault attrs in parse_options(),
let's fix to add check condition in f2fs_build_fault_attr().
- Use f2fs_build_fault_attr() in __sbi_store() to clean up code.

Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Cliff Liu <donghua.liu@windriver.com>
Signed-off-by: He Zhe <Zhe.He@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 135927974e28c1ce6c78ddc5ed1bd80250606f8d..e67be37837406f6e78a7034ccf146ebe8d30964d 100644 (file)
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -64,7 +64,7 @@ enum {
 
 struct f2fs_fault_info {
        atomic_t inject_ops;
-       unsigned int inject_rate;
+       int inject_rate;
        unsigned int inject_type;
 };
 
@@ -4373,10 +4373,14 @@ static inline bool f2fs_need_verity(const struct inode *inode, pgoff_t idx)
 }
 
 #ifdef CONFIG_F2FS_FAULT_INJECTION
-extern void f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned int rate,
-                                                       unsigned int type);
+extern int f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned long rate,
+                                                       unsigned long type);
 #else
-#define f2fs_build_fault_attr(sbi, rate, type)         do { } while (0)
+static int f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned long rate,
+                                                       unsigned long type)
+{
+       return 0;
+}
 #endif
 
 static inline bool is_journalled_quota(struct f2fs_sb_info *sbi)

diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index f8aaff9b1784ab1c9e344520ef3cedf73fba2fd0..0cf564ded140a9a03353d6678cd0403c2ef1a313 100644 (file)
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -61,21 +61,31 @@ const char *f2fs_fault_name[FAULT_MAX] = {
        [FAULT_DQUOT_INIT]      = "dquot initialize",
 };
 
-void f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned int rate,
-                                                       unsigned int type)
+int f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned long rate,
+                                                       unsigned long type)
 {
        struct f2fs_fault_info *ffi = &F2FS_OPTION(sbi).fault_info;
 
        if (rate) {
+               if (rate > INT_MAX)
+                       return -EINVAL;
                atomic_set(&ffi->inject_ops, 0);
-               ffi->inject_rate = rate;
+               ffi->inject_rate = (int)rate;
        }
 
-       if (type)
-               ffi->inject_type = type;
+       if (type) {
+               if (type >= BIT(FAULT_MAX))
+                       return -EINVAL;
+               ffi->inject_type = (unsigned int)type;
+       }
 
        if (!rate && !type)
                memset(ffi, 0, sizeof(struct f2fs_fault_info));
+       else
+               f2fs_info(sbi,
+                       "build fault injection attr: rate: %lu, type: 0x%lx",
+                                                               rate, type);
+       return 0;
 }
 #endif
 
@@ -901,14 +911,17 @@ static int parse_options(struct super_block *sb, char *options, bool is_remount)
                case Opt_fault_injection:
                        if (args->from && match_int(args, &arg))
                                return -EINVAL;
-                       f2fs_build_fault_attr(sbi, arg, F2FS_ALL_FAULT_TYPE);
+                       if (f2fs_build_fault_attr(sbi, arg,
+                                       F2FS_ALL_FAULT_TYPE))
+                               return -EINVAL;
                        set_opt(sbi, FAULT_INJECTION);
                        break;
 
                case Opt_fault_type:
                        if (args->from && match_int(args, &arg))
                                return -EINVAL;
-                       f2fs_build_fault_attr(sbi, 0, arg);
+                       if (f2fs_build_fault_attr(sbi, 0, arg))
+                               return -EINVAL;
                        set_opt(sbi, FAULT_INJECTION);
                        break;
 #else

diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c
index 63af1573ebcaac0fc3d97a0a6c7c70562feed050..30ff2c087726605cdef9300fdc220e295fe76d9c 100644 (file)
--- a/fs/f2fs/sysfs.c
+++ b/fs/f2fs/sysfs.c
@@ -407,10 +407,16 @@ out:
        if (ret < 0)
                return ret;
 #ifdef CONFIG_F2FS_FAULT_INJECTION
-       if (a->struct_type == FAULT_INFO_TYPE && t >= (1 << FAULT_MAX))
-               return -EINVAL;
-       if (a->struct_type == FAULT_INFO_RATE && t >= UINT_MAX)
-               return -EINVAL;
+       if (a->struct_type == FAULT_INFO_TYPE) {
+               if (f2fs_build_fault_attr(sbi, 0, t))
+                       return -EINVAL;
+               return count;
+       }
+       if (a->struct_type == FAULT_INFO_RATE) {
+               if (f2fs_build_fault_attr(sbi, t, 0))
+                       return -EINVAL;
+               return count;
+       }
 #endif
        if (a->struct_type == RESERVED_BLOCKS) {
                spin_lock(&sbi->stat_lock);