Commit e5325fcf authored by Amir Goldstein's avatar Amir Goldstein Committed by Greg Kroah-Hartman

xfs: sanity check directory inode di_size

commit 3c6f46ea upstream.

This changes fixes an assertion hit when fuzzing on-disk
i_mode values.

The easy case to fix is when changing an empty file
i_mode to S_IFDIR. In this case, xfs_dinode_verify()
detects an illegal zero size for directory and fails
to load the inode structure from disk.

For the case of non empty file whose i_mode is changed
to S_IFDIR, the ASSERT() statement in xfs_dir2_isblock()
is replaced with return -EFSCORRUPTED, to avoid interacting
with corrupted jusk also when XFS_DEBUG is disabled.
Suggested-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
Signed-off-by: default avatarAmir Goldstein <amir73il@gmail.com>
Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 624e54b5
...@@ -631,7 +631,8 @@ xfs_dir2_isblock( ...@@ -631,7 +631,8 @@ xfs_dir2_isblock(
if ((rval = xfs_bmap_last_offset(args->dp, &last, XFS_DATA_FORK))) if ((rval = xfs_bmap_last_offset(args->dp, &last, XFS_DATA_FORK)))
return rval; return rval;
rval = XFS_FSB_TO_B(args->dp->i_mount, last) == args->geo->blksize; rval = XFS_FSB_TO_B(args->dp->i_mount, last) == args->geo->blksize;
ASSERT(rval == 0 || args->dp->i_d.di_size == args->geo->blksize); if (rval != 0 && args->dp->i_d.di_size != args->geo->blksize)
return -EFSCORRUPTED;
*vp = rval; *vp = rval;
return 0; return 0;
} }
......
...@@ -386,6 +386,7 @@ xfs_dinode_verify( ...@@ -386,6 +386,7 @@ xfs_dinode_verify(
struct xfs_inode *ip, struct xfs_inode *ip,
struct xfs_dinode *dip) struct xfs_dinode *dip)
{ {
uint16_t mode;
uint16_t flags; uint16_t flags;
uint64_t flags2; uint64_t flags2;
...@@ -396,8 +397,10 @@ xfs_dinode_verify( ...@@ -396,8 +397,10 @@ xfs_dinode_verify(
if (be64_to_cpu(dip->di_size) & (1ULL << 63)) if (be64_to_cpu(dip->di_size) & (1ULL << 63))
return false; return false;
/* No zero-length symlinks. */ mode = be16_to_cpu(dip->di_mode);
if (S_ISLNK(be16_to_cpu(dip->di_mode)) && dip->di_size == 0)
/* No zero-length symlinks/dirs. */
if ((S_ISLNK(mode) || S_ISDIR(mode)) && dip->di_size == 0)
return false; return false;
/* only version 3 or greater inodes are extensively verified here */ /* only version 3 or greater inodes are extensively verified here */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment