git.apps.os.sepia.ceph.com Git - xfsprogs-dev.git/commit

author	Darrick J. Wong <djwong@kernel.org>
	Wed, 6 Sep 2023 11:54:48 +0000 (13:54 +0200)
committer	Carlos Maiolino <cem@kernel.org>
	Thu, 7 Sep 2023 09:55:50 +0000 (11:55 +0200)
commit	98572f41fbdf26a63f262be775dce1ade0b91520
tree	ccf0f9047c4e9e3411c8cd35016a54ccb91cc909	tree \| snapshot
parent	05dcea079c30819909d513b488659a5fe2e876a2	commit \| diff

xfs: AGI length should be bounds checked

Source kernel commit: 2d7d1e7ea321b0b2810eb00183e21332ee9c4b6f

Similar to the recent patch strengthening the AGF agf_length
verification, the AGI verifier does not check that the AGI length field
is within known good bounds. This isn't currently checked by runtime
kernel code, yet we assume in many places that it is correct and verify
other metadata against it.

Add length verification to the AGI verifier. Just like the AGF length
checking, the length of the AGI must be equal to the size of the AG
specified in the superblock, unless it is the last AG in the filesystem.
In that case, it must be less than or equal to sb->sb_agblocks and
greater than XFS_MIN_AG_BLOCKS, which is the smallest AG a growfs
operation will allow to exist.

There's only one place in the filesystem that actually uses agi_length,
but let's not leave it vulnerable to the same weird nonsense that
generates syzbot bugs, eh?

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Carlos Maiolino <cem@kernel.org>

libxfs/xfs_alloc.c		diff \| blob \| history
libxfs/xfs_alloc.h		diff \| blob \| history
libxfs/xfs_ialloc.c		diff \| blob \| history