mirror of
https://github.com/torvalds/linux.git
synced 2024-11-22 20:22:09 +00:00
025497e1d1
Negative i_size is never supported, although crafted images with inodes having negative i_size will NOT lead to security issues in our current codebase: The following image can verify this (gzip+base64 encoded): H4sICCmk4mYAA3Rlc3QuaW1nAGNgGAWjYBSMVPDo4dcH3jP2aTED2TwMKgxMUHHNJY/SQDQX LxcDIw3tZwXit44MDNpQ/n8gQJZ/vxjijosPuSyZ0DUDgQqcZoKzVYFsDShbHeh6PT29ktTi Eqz2g/y2pBFiLxDMh4lhs5+W4TAKRsEoGAWjYBSMglEwCkYBPQAAS2DbowAQAAA= Mark as bad inodes for such corrupted inodes explicitly. Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com> Link: https://lore.kernel.org/r/20240912083538.3011860-1-hsiangkao@linux.alibaba.com
368 lines
9.9 KiB
C
368 lines
9.9 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* Copyright (C) 2017-2018 HUAWEI, Inc.
|
|
* https://www.huawei.com/
|
|
* Copyright (C) 2021, Alibaba Cloud
|
|
*/
|
|
#include "xattr.h"
|
|
#include <trace/events/erofs.h>
|
|
|
|
static int erofs_fill_symlink(struct inode *inode, void *kaddr,
|
|
unsigned int m_pofs)
|
|
{
|
|
struct erofs_inode *vi = EROFS_I(inode);
|
|
loff_t off;
|
|
|
|
m_pofs += vi->xattr_isize;
|
|
/* check if it cannot be handled with fast symlink scheme */
|
|
if (vi->datalayout != EROFS_INODE_FLAT_INLINE ||
|
|
check_add_overflow(m_pofs, inode->i_size, &off) ||
|
|
off > i_blocksize(inode))
|
|
return 0;
|
|
|
|
inode->i_link = kmemdup_nul(kaddr + m_pofs, inode->i_size, GFP_KERNEL);
|
|
return inode->i_link ? 0 : -ENOMEM;
|
|
}
|
|
|
|
static int erofs_read_inode(struct inode *inode)
|
|
{
|
|
struct super_block *sb = inode->i_sb;
|
|
struct erofs_sb_info *sbi = EROFS_SB(sb);
|
|
struct erofs_inode *vi = EROFS_I(inode);
|
|
const erofs_off_t inode_loc = erofs_iloc(inode);
|
|
erofs_blk_t blkaddr, nblks = 0;
|
|
void *kaddr;
|
|
struct erofs_inode_compact *dic;
|
|
struct erofs_inode_extended *die, *copied = NULL;
|
|
union erofs_inode_i_u iu;
|
|
struct erofs_buf buf = __EROFS_BUF_INITIALIZER;
|
|
unsigned int ifmt, ofs;
|
|
int err = 0;
|
|
|
|
blkaddr = erofs_blknr(sb, inode_loc);
|
|
ofs = erofs_blkoff(sb, inode_loc);
|
|
|
|
kaddr = erofs_read_metabuf(&buf, sb, erofs_pos(sb, blkaddr), EROFS_KMAP);
|
|
if (IS_ERR(kaddr)) {
|
|
erofs_err(sb, "failed to get inode (nid: %llu) page, err %ld",
|
|
vi->nid, PTR_ERR(kaddr));
|
|
return PTR_ERR(kaddr);
|
|
}
|
|
|
|
dic = kaddr + ofs;
|
|
ifmt = le16_to_cpu(dic->i_format);
|
|
if (ifmt & ~EROFS_I_ALL) {
|
|
erofs_err(sb, "unsupported i_format %u of nid %llu",
|
|
ifmt, vi->nid);
|
|
err = -EOPNOTSUPP;
|
|
goto err_out;
|
|
}
|
|
|
|
vi->datalayout = erofs_inode_datalayout(ifmt);
|
|
if (vi->datalayout >= EROFS_INODE_DATALAYOUT_MAX) {
|
|
erofs_err(sb, "unsupported datalayout %u of nid %llu",
|
|
vi->datalayout, vi->nid);
|
|
err = -EOPNOTSUPP;
|
|
goto err_out;
|
|
}
|
|
|
|
switch (erofs_inode_version(ifmt)) {
|
|
case EROFS_INODE_LAYOUT_EXTENDED:
|
|
vi->inode_isize = sizeof(struct erofs_inode_extended);
|
|
/* check if the extended inode acrosses block boundary */
|
|
if (ofs + vi->inode_isize <= sb->s_blocksize) {
|
|
ofs += vi->inode_isize;
|
|
die = (struct erofs_inode_extended *)dic;
|
|
} else {
|
|
const unsigned int gotten = sb->s_blocksize - ofs;
|
|
|
|
copied = kmalloc(vi->inode_isize, GFP_KERNEL);
|
|
if (!copied) {
|
|
err = -ENOMEM;
|
|
goto err_out;
|
|
}
|
|
memcpy(copied, dic, gotten);
|
|
kaddr = erofs_read_metabuf(&buf, sb, erofs_pos(sb, blkaddr + 1),
|
|
EROFS_KMAP);
|
|
if (IS_ERR(kaddr)) {
|
|
erofs_err(sb, "failed to get inode payload block (nid: %llu), err %ld",
|
|
vi->nid, PTR_ERR(kaddr));
|
|
kfree(copied);
|
|
return PTR_ERR(kaddr);
|
|
}
|
|
ofs = vi->inode_isize - gotten;
|
|
memcpy((u8 *)copied + gotten, kaddr, ofs);
|
|
die = copied;
|
|
}
|
|
vi->xattr_isize = erofs_xattr_ibody_size(die->i_xattr_icount);
|
|
|
|
inode->i_mode = le16_to_cpu(die->i_mode);
|
|
iu = die->i_u;
|
|
i_uid_write(inode, le32_to_cpu(die->i_uid));
|
|
i_gid_write(inode, le32_to_cpu(die->i_gid));
|
|
set_nlink(inode, le32_to_cpu(die->i_nlink));
|
|
/* each extended inode has its own timestamp */
|
|
inode_set_ctime(inode, le64_to_cpu(die->i_mtime),
|
|
le32_to_cpu(die->i_mtime_nsec));
|
|
|
|
inode->i_size = le64_to_cpu(die->i_size);
|
|
kfree(copied);
|
|
break;
|
|
case EROFS_INODE_LAYOUT_COMPACT:
|
|
vi->inode_isize = sizeof(struct erofs_inode_compact);
|
|
ofs += vi->inode_isize;
|
|
vi->xattr_isize = erofs_xattr_ibody_size(dic->i_xattr_icount);
|
|
|
|
inode->i_mode = le16_to_cpu(dic->i_mode);
|
|
iu = dic->i_u;
|
|
i_uid_write(inode, le16_to_cpu(dic->i_uid));
|
|
i_gid_write(inode, le16_to_cpu(dic->i_gid));
|
|
set_nlink(inode, le16_to_cpu(dic->i_nlink));
|
|
/* use build time for compact inodes */
|
|
inode_set_ctime(inode, sbi->build_time, sbi->build_time_nsec);
|
|
|
|
inode->i_size = le32_to_cpu(dic->i_size);
|
|
break;
|
|
default:
|
|
erofs_err(sb, "unsupported on-disk inode version %u of nid %llu",
|
|
erofs_inode_version(ifmt), vi->nid);
|
|
err = -EOPNOTSUPP;
|
|
goto err_out;
|
|
}
|
|
|
|
if (unlikely(inode->i_size < 0)) {
|
|
erofs_err(sb, "negative i_size @ nid %llu", vi->nid);
|
|
err = -EFSCORRUPTED;
|
|
goto err_out;
|
|
}
|
|
switch (inode->i_mode & S_IFMT) {
|
|
case S_IFREG:
|
|
case S_IFDIR:
|
|
case S_IFLNK:
|
|
vi->raw_blkaddr = le32_to_cpu(iu.raw_blkaddr);
|
|
if(S_ISLNK(inode->i_mode)) {
|
|
err = erofs_fill_symlink(inode, kaddr, ofs);
|
|
if (err)
|
|
goto err_out;
|
|
}
|
|
break;
|
|
case S_IFCHR:
|
|
case S_IFBLK:
|
|
inode->i_rdev = new_decode_dev(le32_to_cpu(iu.rdev));
|
|
break;
|
|
case S_IFIFO:
|
|
case S_IFSOCK:
|
|
inode->i_rdev = 0;
|
|
break;
|
|
default:
|
|
erofs_err(sb, "bogus i_mode (%o) @ nid %llu", inode->i_mode,
|
|
vi->nid);
|
|
err = -EFSCORRUPTED;
|
|
goto err_out;
|
|
}
|
|
|
|
/* total blocks for compressed files */
|
|
if (erofs_inode_is_data_compressed(vi->datalayout)) {
|
|
nblks = le32_to_cpu(iu.compressed_blocks);
|
|
} else if (vi->datalayout == EROFS_INODE_CHUNK_BASED) {
|
|
/* fill chunked inode summary info */
|
|
vi->chunkformat = le16_to_cpu(iu.c.format);
|
|
if (vi->chunkformat & ~EROFS_CHUNK_FORMAT_ALL) {
|
|
erofs_err(sb, "unsupported chunk format %x of nid %llu",
|
|
vi->chunkformat, vi->nid);
|
|
err = -EOPNOTSUPP;
|
|
goto err_out;
|
|
}
|
|
vi->chunkbits = sb->s_blocksize_bits +
|
|
(vi->chunkformat & EROFS_CHUNK_FORMAT_BLKBITS_MASK);
|
|
}
|
|
inode_set_mtime_to_ts(inode,
|
|
inode_set_atime_to_ts(inode, inode_get_ctime(inode)));
|
|
|
|
inode->i_flags &= ~S_DAX;
|
|
if (test_opt(&sbi->opt, DAX_ALWAYS) && S_ISREG(inode->i_mode) &&
|
|
(vi->datalayout == EROFS_INODE_FLAT_PLAIN ||
|
|
vi->datalayout == EROFS_INODE_CHUNK_BASED))
|
|
inode->i_flags |= S_DAX;
|
|
|
|
if (!nblks)
|
|
/* measure inode.i_blocks as generic filesystems */
|
|
inode->i_blocks = round_up(inode->i_size, sb->s_blocksize) >> 9;
|
|
else
|
|
inode->i_blocks = nblks << (sb->s_blocksize_bits - 9);
|
|
err_out:
|
|
DBG_BUGON(err);
|
|
erofs_put_metabuf(&buf);
|
|
return err;
|
|
}
|
|
|
|
static int erofs_fill_inode(struct inode *inode)
|
|
{
|
|
struct erofs_inode *vi = EROFS_I(inode);
|
|
int err;
|
|
|
|
trace_erofs_fill_inode(inode);
|
|
|
|
/* read inode base data from disk */
|
|
err = erofs_read_inode(inode);
|
|
if (err)
|
|
return err;
|
|
|
|
/* setup the new inode */
|
|
switch (inode->i_mode & S_IFMT) {
|
|
case S_IFREG:
|
|
inode->i_op = &erofs_generic_iops;
|
|
if (erofs_inode_is_data_compressed(vi->datalayout))
|
|
inode->i_fop = &generic_ro_fops;
|
|
else
|
|
inode->i_fop = &erofs_file_fops;
|
|
break;
|
|
case S_IFDIR:
|
|
inode->i_op = &erofs_dir_iops;
|
|
inode->i_fop = &erofs_dir_fops;
|
|
inode_nohighmem(inode);
|
|
break;
|
|
case S_IFLNK:
|
|
if (inode->i_link)
|
|
inode->i_op = &erofs_fast_symlink_iops;
|
|
else
|
|
inode->i_op = &erofs_symlink_iops;
|
|
inode_nohighmem(inode);
|
|
break;
|
|
case S_IFCHR:
|
|
case S_IFBLK:
|
|
case S_IFIFO:
|
|
case S_IFSOCK:
|
|
inode->i_op = &erofs_generic_iops;
|
|
init_special_inode(inode, inode->i_mode, inode->i_rdev);
|
|
return 0;
|
|
default:
|
|
return -EFSCORRUPTED;
|
|
}
|
|
|
|
mapping_set_large_folios(inode->i_mapping);
|
|
if (erofs_inode_is_data_compressed(vi->datalayout)) {
|
|
#ifdef CONFIG_EROFS_FS_ZIP
|
|
DO_ONCE_LITE_IF(inode->i_blkbits != PAGE_SHIFT,
|
|
erofs_info, inode->i_sb,
|
|
"EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk!");
|
|
inode->i_mapping->a_ops = &z_erofs_aops;
|
|
#else
|
|
err = -EOPNOTSUPP;
|
|
#endif
|
|
} else {
|
|
inode->i_mapping->a_ops = &erofs_aops;
|
|
#ifdef CONFIG_EROFS_FS_ONDEMAND
|
|
if (erofs_is_fscache_mode(inode->i_sb))
|
|
inode->i_mapping->a_ops = &erofs_fscache_access_aops;
|
|
#endif
|
|
#ifdef CONFIG_EROFS_FS_BACKED_BY_FILE
|
|
if (erofs_is_fileio_mode(EROFS_SB(inode->i_sb)))
|
|
inode->i_mapping->a_ops = &erofs_fileio_aops;
|
|
#endif
|
|
}
|
|
|
|
return err;
|
|
}
|
|
|
|
/*
|
|
* ino_t is 32-bits on 32-bit arch. We have to squash the 64-bit value down
|
|
* so that it will fit.
|
|
*/
|
|
static ino_t erofs_squash_ino(erofs_nid_t nid)
|
|
{
|
|
ino_t ino = (ino_t)nid;
|
|
|
|
if (sizeof(ino_t) < sizeof(erofs_nid_t))
|
|
ino ^= nid >> (sizeof(erofs_nid_t) - sizeof(ino_t)) * 8;
|
|
return ino;
|
|
}
|
|
|
|
static int erofs_iget5_eq(struct inode *inode, void *opaque)
|
|
{
|
|
return EROFS_I(inode)->nid == *(erofs_nid_t *)opaque;
|
|
}
|
|
|
|
static int erofs_iget5_set(struct inode *inode, void *opaque)
|
|
{
|
|
const erofs_nid_t nid = *(erofs_nid_t *)opaque;
|
|
|
|
inode->i_ino = erofs_squash_ino(nid);
|
|
EROFS_I(inode)->nid = nid;
|
|
return 0;
|
|
}
|
|
|
|
struct inode *erofs_iget(struct super_block *sb, erofs_nid_t nid)
|
|
{
|
|
struct inode *inode;
|
|
|
|
inode = iget5_locked(sb, erofs_squash_ino(nid), erofs_iget5_eq,
|
|
erofs_iget5_set, &nid);
|
|
if (!inode)
|
|
return ERR_PTR(-ENOMEM);
|
|
|
|
if (inode->i_state & I_NEW) {
|
|
int err = erofs_fill_inode(inode);
|
|
|
|
if (err) {
|
|
iget_failed(inode);
|
|
return ERR_PTR(err);
|
|
}
|
|
unlock_new_inode(inode);
|
|
}
|
|
return inode;
|
|
}
|
|
|
|
int erofs_getattr(struct mnt_idmap *idmap, const struct path *path,
|
|
struct kstat *stat, u32 request_mask,
|
|
unsigned int query_flags)
|
|
{
|
|
struct inode *const inode = d_inode(path->dentry);
|
|
bool compressed =
|
|
erofs_inode_is_data_compressed(EROFS_I(inode)->datalayout);
|
|
|
|
if (compressed)
|
|
stat->attributes |= STATX_ATTR_COMPRESSED;
|
|
stat->attributes |= STATX_ATTR_IMMUTABLE;
|
|
stat->attributes_mask |= (STATX_ATTR_COMPRESSED |
|
|
STATX_ATTR_IMMUTABLE);
|
|
|
|
/*
|
|
* Return the DIO alignment restrictions if requested.
|
|
*
|
|
* In EROFS, STATX_DIOALIGN is not supported in ondemand mode and
|
|
* compressed files, so in these cases we report no DIO support.
|
|
*/
|
|
if ((request_mask & STATX_DIOALIGN) && S_ISREG(inode->i_mode)) {
|
|
stat->result_mask |= STATX_DIOALIGN;
|
|
if (!erofs_is_fscache_mode(inode->i_sb) && !compressed) {
|
|
stat->dio_mem_align =
|
|
bdev_logical_block_size(inode->i_sb->s_bdev);
|
|
stat->dio_offset_align = stat->dio_mem_align;
|
|
}
|
|
}
|
|
generic_fillattr(idmap, request_mask, inode, stat);
|
|
return 0;
|
|
}
|
|
|
|
const struct inode_operations erofs_generic_iops = {
|
|
.getattr = erofs_getattr,
|
|
.listxattr = erofs_listxattr,
|
|
.get_inode_acl = erofs_get_acl,
|
|
.fiemap = erofs_fiemap,
|
|
};
|
|
|
|
const struct inode_operations erofs_symlink_iops = {
|
|
.get_link = page_get_link,
|
|
.getattr = erofs_getattr,
|
|
.listxattr = erofs_listxattr,
|
|
.get_inode_acl = erofs_get_acl,
|
|
};
|
|
|
|
const struct inode_operations erofs_fast_symlink_iops = {
|
|
.get_link = simple_get_link,
|
|
.getattr = erofs_getattr,
|
|
.listxattr = erofs_listxattr,
|
|
.get_inode_acl = erofs_get_acl,
|
|
};
|