ext4: add checks of block references for non-extent inodes
Check block references in the inode and indorect blocks for non-extent inodes to make sure they are valid, and flag an error if they are invalid. Signed-off-by: Thiemo Nagel <thiemo.nagel@ph.tum.de> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
This commit is contained in:
Thiemo Nagel
Theodore Ts'o
parent
563bdd61fe
commit
fe2c8191fa
1 changed files with 52 additions and 7 deletions
|
|
@ -371,6 +371,34 @@ static int ext4_block_to_path(struct inode *inode,
|
||||||
return n;
|
return n;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int __ext4_check_blockref(const char *function, struct inode *inode,
|
||||||
|
unsigned int *p, unsigned int max) {
|
||||||
|
|
||||||
|
unsigned int maxblocks = ext4_blocks_count(EXT4_SB(inode->i_sb)->s_es);
|
||||||
|
unsigned int *bref = p;
|
||||||
|
while (bref < p+max) {
|
||||||
|
if (unlikely(*bref >= maxblocks)) {
|
||||||
|
ext4_error(inode->i_sb, function,
|
||||||
|
"block reference %u >= max (%u) "
|
||||||
|
"in inode #%lu, offset=%d",
|
||||||
|
*bref, maxblocks,
|
||||||
|
inode->i_ino, (int)(bref-p));
|
||||||
|
return -EIO;
|
||||||
|
}
|
||||||
|
bref++;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#define ext4_check_indirect_blockref(inode, bh) \
|
||||||
|
__ext4_check_blockref(__func__, inode, (__le32 *)(bh)->b_data, \
|
||||||
|
EXT4_ADDR_PER_BLOCK((inode)->i_sb))
|
||||||
|
|
||||||
|
#define ext4_check_inode_blockref(inode) \
|
||||||
|
__ext4_check_blockref(__func__, inode, EXT4_I(inode)->i_data, \
|
||||||
|
EXT4_NDIR_BLOCKS)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ext4_get_branch - read the chain of indirect blocks leading to data
|
* ext4_get_branch - read the chain of indirect blocks leading to data
|
||||||
* @inode: inode in question
|
* @inode: inode in question
|
||||||
|
|
@ -415,9 +443,22 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth,
|
||||||
if (!p->key)
|
if (!p->key)
|
||||||
goto no_block;
|
goto no_block;
|
||||||
while (--depth) {
|
while (--depth) {
|
||||||
bh = sb_bread(sb, le32_to_cpu(p->key));
|
bh = sb_getblk(sb, le32_to_cpu(p->key));
|
||||||
if (!bh)
|
if (unlikely(!bh))
|
||||||
goto failure;
|
goto failure;
|
||||||
|
|
||||||
|
if (!bh_uptodate_or_lock(bh)) {
|
||||||
|
if (bh_submit_read(bh) < 0) {
|
||||||
|
put_bh(bh);
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
/* validate block references */
|
||||||
|
if (ext4_check_indirect_blockref(inode, bh)) {
|
||||||
|
put_bh(bh);
|
||||||
|
goto failure;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
add_chain(++p, bh, (__le32 *)bh->b_data + *++offsets);
|
add_chain(++p, bh, (__le32 *)bh->b_data + *++offsets);
|
||||||
/* Reader: end */
|
/* Reader: end */
|
||||||
if (!p->key)
|
if (!p->key)
|
||||||
|
|
@ -4371,13 +4412,17 @@ struct inode *ext4_iget(struct super_block *sb, unsigned long ino)
|
||||||
if (ei->i_flags & EXT4_EXTENTS_FL) {
|
if (ei->i_flags & EXT4_EXTENTS_FL) {
|
||||||
/* Validate extent which is part of inode */
|
/* Validate extent which is part of inode */
|
||||||
ret = ext4_ext_check_inode(inode);
|
ret = ext4_ext_check_inode(inode);
|
||||||
|
} else if (S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) ||
|
||||||
|
(S_ISLNK(inode->i_mode) &&
|
||||||
|
!ext4_inode_is_fast_symlink(inode))) {
|
||||||
|
/* Validate block references which are part of inode */
|
||||||
|
ret = ext4_check_inode_blockref(inode);
|
||||||
|
}
|
||||||
if (ret) {
|
if (ret) {
|
||||||
brelse(bh);
|
brelse(bh);
|
||||||
goto bad_inode;
|
goto bad_inode;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
if (S_ISREG(inode->i_mode)) {
|
if (S_ISREG(inode->i_mode)) {
|
||||||
inode->i_op = &ext4_file_inode_operations;
|
inode->i_op = &ext4_file_inode_operations;
|
||||||
inode->i_fop = &ext4_file_operations;
|
inode->i_fop = &ext4_file_operations;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue