forked from Minki/linux
xfs: check sb_agblocks and sb_agblklog when validating superblock
Currently, we don't check sb_agblocks or sb_agblklog when we validate the superblock, which means that we can fuzz garbage values into those values and the mount succeeds. This leads to all sorts of UBSAN warnings in xfs/350 since we can then coerce other parts of xfs into shifting by ridiculously large values. Once we've validated agblocks, make sure the agcount makes sense. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Brian Foster <bfoster@redhat.com>
This commit is contained in:
parent
be78ff0e72
commit
4bb73d0147
@ -233,6 +233,13 @@ typedef struct xfs_fsop_resblks {
|
||||
#define XFS_MAX_LOG_BLOCKS (1024 * 1024ULL)
|
||||
#define XFS_MIN_LOG_BYTES (10 * 1024 * 1024ULL)
|
||||
|
||||
/*
|
||||
* Limits on sb_agblocks/sb_agblklog -- mkfs won't format AGs smaller than
|
||||
* 16MB or larger than 1TB.
|
||||
*/
|
||||
#define XFS_MIN_AG_BYTES (1ULL << 24) /* 16 MB */
|
||||
#define XFS_MAX_AG_BYTES (1ULL << 40) /* 1 TB */
|
||||
|
||||
/* keep the maximum size under 2^31 by a small amount */
|
||||
#define XFS_MAX_LOG_BYTES \
|
||||
((2 * 1024 * 1024 * 1024ULL) - XFS_MIN_LOG_BYTES)
|
||||
|
@ -118,6 +118,9 @@ xfs_mount_validate_sb(
|
||||
bool check_inprogress,
|
||||
bool check_version)
|
||||
{
|
||||
u32 agcount = 0;
|
||||
u32 rem;
|
||||
|
||||
if (sbp->sb_magicnum != XFS_SB_MAGIC) {
|
||||
xfs_warn(mp, "bad magic number");
|
||||
return -EWRONGFS;
|
||||
@ -228,6 +231,13 @@ xfs_mount_validate_sb(
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
/* Compute agcount for this number of dblocks and agblocks */
|
||||
if (sbp->sb_agblocks) {
|
||||
agcount = div_u64_rem(sbp->sb_dblocks, sbp->sb_agblocks, &rem);
|
||||
if (rem)
|
||||
agcount++;
|
||||
}
|
||||
|
||||
/*
|
||||
* More sanity checking. Most of these were stolen directly from
|
||||
* xfs_repair.
|
||||
@ -252,6 +262,10 @@ xfs_mount_validate_sb(
|
||||
sbp->sb_inodesize != (1 << sbp->sb_inodelog) ||
|
||||
sbp->sb_logsunit > XLOG_MAX_RECORD_BSIZE ||
|
||||
sbp->sb_inopblock != howmany(sbp->sb_blocksize,sbp->sb_inodesize) ||
|
||||
XFS_FSB_TO_B(mp, sbp->sb_agblocks) < XFS_MIN_AG_BYTES ||
|
||||
XFS_FSB_TO_B(mp, sbp->sb_agblocks) > XFS_MAX_AG_BYTES ||
|
||||
sbp->sb_agblklog != xfs_highbit32(sbp->sb_agblocks - 1) + 1 ||
|
||||
agcount == 0 || agcount != sbp->sb_agcount ||
|
||||
(sbp->sb_blocklog - sbp->sb_inodelog != sbp->sb_inopblog) ||
|
||||
(sbp->sb_rextsize * sbp->sb_blocksize > XFS_MAX_RTEXTSIZE) ||
|
||||
(sbp->sb_rextsize * sbp->sb_blocksize < XFS_MIN_RTEXTSIZE) ||
|
||||
|
Loading…
Reference in New Issue
Block a user