github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-24 23:22:31 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

xfs: fix the xattr scrub to detect freemap/entries array collisions

Browse Source 
In the previous patches, we observed that it's possible for there to be
freemap entries with zero size but a nonzero base.  This isn't an
inconsistency per se, but older kernels can get confused by this and
corrupt the block, leading to corruption.

If we see this, flag the xattr structure for optimization so that it
gets rebuilt.

Cc: <stable@vger.kernel.org> # v4.15
Fixes: 13791d3b83 ("xfs: scrub extended attribute leaf space")
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
This commit is contained in:
Darrick J. Wong 2026-01-23 09:27:33 -08:00
parent 27a0c41f33
commit 6fed827044
1 changed files with 27 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
fs/xfs/scrub/attr.c
View File

@ -287,32 +287,6 @@ xchk_xattr_set_map(
return ret;
}
/*
* Check the leaf freemap from the usage bitmap. Returns false if the
* attr freemap has problems or points to used space.
*/
STATIC bool
xchk_xattr_check_freemap(
struct xfs_scrub *sc,
struct xfs_attr3_icleaf_hdr *leafhdr)
{
struct xchk_xattr_buf *ab = sc->buf;
unsigned int mapsize = sc->mp->m_attr_geo->blksize;
int i;
/* Construct bitmap of freemap contents. */
bitmap_zero(ab->freemap, mapsize);
for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
if (!xchk_xattr_set_map(sc, ab->freemap,
leafhdr->freemap[i].base,
leafhdr->freemap[i].size))
return false;
}
/* Look for bits that are set in freemap and are marked in use. */
return !bitmap_intersects(ab->freemap, ab->usedmap, mapsize);
}
/*
* Check this leaf entry's relations to everything else.
* Returns the number of bytes used for the name/value data.
@ -403,6 +377,7 @@ xchk_xattr_block(
*last_checked = blk->blkno;
bitmap_zero(ab->usedmap, mp->m_attr_geo->blksize);
bitmap_zero(ab->freemap, mp->m_attr_geo->blksize);
/* Check all the padding. */
if (xfs_has_crc(ds->sc->mp)) {
@ -449,6 +424,9 @@ xchk_xattr_block(
if ((char *)&entries[leafhdr.count] > (char *)leaf + leafhdr.firstused)
xchk_da_set_corrupt(ds, level);
if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
goto out;
buf_end = (char *)bp->b_addr + mp->m_attr_geo->blksize;
for (i = 0, ent = entries; i < leafhdr.count; ent++, i++) {
/* Mark the leaf entry itself. */
@ -467,7 +445,29 @@ xchk_xattr_block(
goto out;
}
if (!xchk_xattr_check_freemap(ds->sc, &leafhdr))
/* Construct bitmap of freemap contents. */
for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
if (!xchk_xattr_set_map(ds->sc, ab->freemap,
leafhdr.freemap[i].base,
leafhdr.freemap[i].size))
xchk_da_set_corrupt(ds, level);
/*
* freemap entries with zero length and nonzero base can cause
* problems with older kernels, so we mark these for preening
* even though there's no inconsistency.
*/
if (leafhdr.freemap[i].size == 0 &&
leafhdr.freemap[i].base > 0)
xchk_da_set_preen(ds, level);
if (ds->sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)
goto out;
}
/* Look for bits that are set in freemap and are marked in use. */
if (bitmap_intersects(ab->freemap, ab->usedmap,
mp->m_attr_geo->blksize))
xchk_da_set_corrupt(ds, level);
if (leafhdr.usedbytes != usedbytes)