Commit ad206ae5 authored by Darrick J. Wong's avatar Darrick J. Wong
Browse files

xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 



Check that the number of recovered log iovecs is what is expected for
the xattri opcode is expecting.

Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
parent f759784c

fs/xfs/xfs_attr_item.c

+27 −0
Original line number Diff line number Diff line
@@ -737,6 +737,7 @@ xlog_recover_attri_commit_pass2( 
	const void			*attr_value = NULL;

	const void			*attr_name;

	size_t				len;

	unsigned int			op;



	attri_formatp = item->ri_buf[0].i_addr;

	attr_name = item->ri_buf[1].i_addr;
@@ -755,6 +756,32 @@ xlog_recover_attri_commit_pass2( 
		return -EFSCORRUPTED;

	}



	/* Check the number of log iovecs makes sense for the op code. */

	op = attri_formatp->alfi_op_flags & XFS_ATTRI_OP_FLAGS_TYPE_MASK;

	switch (op) {

	case XFS_ATTRI_OP_FLAGS_SET:

	case XFS_ATTRI_OP_FLAGS_REPLACE:

		/* Log item, attr name, attr value */

		if (item->ri_total != 3) {

			XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,

					     attri_formatp, len);

			return -EFSCORRUPTED;

		}

		break;

	case XFS_ATTRI_OP_FLAGS_REMOVE:

		/* Log item, attr name */

		if (item->ri_total != 2) {

			XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,

					     attri_formatp, len);

			return -EFSCORRUPTED;

		}

		break;

	default:

		XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,

				     attri_formatp, len);

		return -EFSCORRUPTED;

	}



	/* Validate the attr name */

	if (item->ri_buf[1].i_len !=

			xlog_calc_iovec_len(attri_formatp->alfi_name_len)) {