Commit 774b5c0a authored by Darrick J. Wong's avatar Darrick J. Wong
Browse files

xfs: check dquot resource timers 



For each dquot resource, ensure either (a) the resource usage is over
the soft limit and there is a nonzero timer; or (b) usage is at or under
the soft limit and the timer is unset.  (a) is redundant with the dquot
buffer verifier, but (b) isn't checked anywhere.

Found by fuzzing xfs/426 and noticing that diskdq.btimer = add didn't
trip any kind of warning for having a timer set even with no limits.

Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
parent 7d1f0e16

fs/xfs/scrub/quota.c

+21 −0
Original line number Diff line number Diff line
@@ -117,6 +117,23 @@ xchk_quota_item_bmap( 
	return 0;

}



/* Complain if a quota timer is incorrectly set. */

static inline void

xchk_quota_item_timer(

	struct xfs_scrub		*sc,

	xfs_fileoff_t			offset,

	const struct xfs_dquot_res	*res)

{

	if ((res->softlimit && res->count > res->softlimit) ||

	    (res->hardlimit && res->count > res->hardlimit)) {

		if (!res->timer)

			xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);

	} else {

		if (res->timer)

			xchk_fblock_set_corrupt(sc, XFS_DATA_FORK, offset);

	}

}



/* Scrub the fields in an individual quota item. */

STATIC int

xchk_quota_item(
@@ -224,6 +241,10 @@ xchk_quota_item( 
	    dq->q_rtb.count > dq->q_rtb.hardlimit)

		xchk_fblock_set_warning(sc, XFS_DATA_FORK, offset);



	xchk_quota_item_timer(sc, offset, &dq->q_blk);

	xchk_quota_item_timer(sc, offset, &dq->q_ino);

	xchk_quota_item_timer(sc, offset, &dq->q_rtb);



out:

	if (sc->sm->sm_flags & XFS_SCRUB_OFLAG_CORRUPT)

		return -ECANCELED;