ldiskfs/kernel_patches/patches/ext3-extents-sanity-checks.patch

   1 Index: linux-2.6.9-42.0.10.EL_lustre.1.4.10/fs/ext3/extents.c
   2 ===================================================================
   3 --- linux-2.6.9-42.0.10.EL_lustre.1.4.10.orig/fs/ext3/extents.c 2007-06-14 11:42:34.000000000 +0200
   4 +++ linux-2.6.9-42.0.10.EL_lustre.1.4.10/fs/ext3/extents.c      2007-06-14 13:59:49.000000000 +0200
   5 @@ -44,26 +44,49 @@
   6  #include <asm/uaccess.h>
   7
   8
   9 -static inline int ext3_ext_check_header(struct ext3_extent_header *eh)
  10 -{
  11 -       if (eh->eh_magic != EXT3_EXT_MAGIC) {
  12 -               printk(KERN_ERR "EXT3-fs: invalid magic = 0x%x\n",
  13 -                      (unsigned)eh->eh_magic);
  14 -               return -EIO;
  15 -       }
  16 -       if (eh->eh_max == 0) {
  17 -               printk(KERN_ERR "EXT3-fs: invalid eh_max = %u\n",
  18 -                      (unsigned)eh->eh_max);
  19 -               return -EIO;
  20 -       }
  21 -       if (eh->eh_entries > eh->eh_max) {
  22 -               printk(KERN_ERR "EXT3-fs: invalid eh_entries = %u\n",
  23 -                      (unsigned)eh->eh_entries);
  24 -               return -EIO;
  25 +static int __ext3_ext_check_header(const char *function, struct inode *inode,
  26 +                               struct ext3_extent_header *eh, int depth,
  27 +                               int max)
  28 +{
  29 +       const char *error_msg = NULL;
  30 +
  31 +       if (unlikely(eh->eh_magic != EXT3_EXT_MAGIC)) {
  32 +               error_msg = "invalid magic";
  33 +               goto corrupted;
  34 +       }
  35 +       if (unlikely(eh->eh_depth != depth)) {
  36 +               error_msg = "unexpected eh_depth";
  37 +               goto corrupted;
  38 +       }
  39 +       if (unlikely(eh->eh_max == 0)) {
  40 +               error_msg = "too small eh_max";
  41 +               goto corrupted;
  42 +       }
  43 +       if (unlikely(eh->eh_max > max)) {
  44 +               error_msg = "too large eh_max";
  45 +               goto corrupted;
  46 +       }
  47 +       if (unlikely(eh->eh_entries > eh->eh_max)) {
  48 +               error_msg = "invalid eh_entries";
  49 +               goto corrupted;
  50         }
  51         return 0;
  52 +
  53 +corrupted:
  54 +       ext3_error(inode->i_sb, function,
  55 +                       "bad header in inode #%lu: %s - magic %x, "
  56 +                       "entries %u, max %u(%u), depth %u(%u)",
  57 +                       inode->i_ino, error_msg, eh->eh_magic,
  58 +                       eh->eh_entries, eh->eh_max, max,
  59 +                       eh->eh_depth, depth);
  60 +
  61 +       return -EIO;
  62  }
  63
  64 +#define ext3_ext_check_header(inode,eh,depth,max)      \
  65 +       __ext3_ext_check_header(__FUNCTION__,inode,eh,depth,max)
  66 +
  67 +
  68  static handle_t *ext3_ext_journal_restart(handle_t *handle, int needed)
  69  {
  70         int err;
  71 @@ -227,6 +250,26 @@ static inline int ext3_ext_space_root_id
  72         return size;
  73  }
  74
  75 +static inline int
  76 +ext3_ext_max_entries(struct ext3_extents_tree *tree, int root, int depth)
  77 +{
  78 +       int max;
  79 +
  80 +       if (root) {
  81 +               if (depth == 0)
  82 +                       max = ext3_ext_space_root(tree);
  83 +               else
  84 +                       max = ext3_ext_space_root_idx(tree);
  85 +       } else {
  86 +               if (depth == 0)
  87 +                       max = ext3_ext_space_block(tree);
  88 +               else
  89 +                       max = ext3_ext_space_block_idx(tree);
  90 +       }
  91 +
  92 +       return max;
  93 +}
  94 +
  95  static void ext3_ext_show_path(struct ext3_extents_tree *tree,
  96                                struct ext3_ext_path *path)
  97  {
  98 @@ -297,10 +340,6 @@ ext3_ext_binsearch_idx(struct ext3_exten
  99         struct ext3_extent_idx *ix;
 100         int l = 0, k, r;
 101
 102 -       EXT_ASSERT(eh->eh_magic == EXT3_EXT_MAGIC);
 103 -       EXT_ASSERT(eh->eh_entries <= eh->eh_max);
 104 -       EXT_ASSERT(eh->eh_entries > 0);
 105 -
 106         ext_debug(tree, "binsearch for %d(idx):  ", block);
 107
 108         path->p_idx = ix = EXT_FIRST_INDEX(eh);
 109 @@ -360,9 +399,6 @@ ext3_ext_binsearch(struct ext3_extents_t
 110         struct ext3_extent *ex;
 111         int l = 0, k, r;
 112
 113 -       EXT_ASSERT(eh->eh_magic == EXT3_EXT_MAGIC);
 114 -       EXT_ASSERT(eh->eh_entries <= eh->eh_max);
 115 -
 116         if (eh->eh_entries == 0) {
 117                 /*
 118                  * this leaf is empty yet:
 119 @@ -437,6 +473,7 @@ ext3_ext_find_extent(struct ext3_extents
 120         struct ext3_extent_header *eh;
 121         struct buffer_head *bh;
 122         int depth, i, ppos = 0;
 123 +       int max;
 124
 125         EXT_ASSERT(tree);
 126         EXT_ASSERT(tree->inode);
 127 @@ -444,17 +481,15 @@ ext3_ext_find_extent(struct ext3_extents
 128
 129         eh = EXT_ROOT_HDR(tree);
 130         EXT_ASSERT(eh);
 131 -       if (ext3_ext_check_header(eh)) {
 132 +       i = depth = EXT_DEPTH(tree);
 133 +       max = ext3_ext_max_entries(tree, 1, i);
 134 +       if (ext3_ext_check_header(tree->inode, eh, i, max)) {
 135                 /* don't free previously allocated path
 136                  * -- caller should take care */
 137                 path = NULL;
 138                 goto err;
 139         }
 140
 141 -       i = depth = EXT_DEPTH(tree);
 142 -       EXT_ASSERT(eh->eh_max);
 143 -       EXT_ASSERT(eh->eh_magic == EXT3_EXT_MAGIC);
 144 -
 145         /* account possible depth increase */
 146         if (!path) {
 147                 path = kmalloc(sizeof(struct ext3_ext_path) * (depth + 2),
 148 @@ -485,7 +520,8 @@ ext3_ext_find_extent(struct ext3_extents
 149                 path[ppos].p_hdr = eh;
 150                 i--;
 151
 152 -               if (ext3_ext_check_header(eh))
 153 +               max = ext3_ext_max_entries(tree, 0, i);
 154 +               if (ext3_ext_check_header(tree->inode, eh, i, max))
 155                         goto err;
 156         }
 157
 158 @@ -494,9 +530,6 @@ ext3_ext_find_extent(struct ext3_extents
 159         path[ppos].p_ext = NULL;
 160         path[ppos].p_idx = NULL;
 161
 162 -       if (ext3_ext_check_header(eh))
 163 -               goto err;
 164 -
 165         /* find extent */
 166         ext3_ext_binsearch(tree, path + ppos, block);
 167
 168 @@ -993,7 +1026,7 @@ ext3_ext_search_right(struct ext3_extent
 169         struct ext3_extent_idx *ix;
 170         struct ext3_extent *ex;
 171         unsigned long block;
 172 -       int depth;
 173 +       int depth, max;
 174
 175         BUG_ON(path == NULL);
 176         depth = path->p_depth;
 177 @@ -1051,7 +1084,8 @@ ext3_ext_search_right(struct ext3_extent
 178                 if (bh == NULL)
 179                         return -EIO;
 180                 eh = EXT_BLOCK_HDR(bh);
 181 -               if (ext3_ext_check_header(eh)) {
 182 +               max = ext3_ext_max_entries(tree, 0, depth);
 183 +               if (ext3_ext_check_header(tree->inode, eh, depth, max)) {
 184                         brelse(bh);
 185                         return -EIO;
 186                 }
 187 @@ -1064,7 +1098,8 @@ ext3_ext_search_right(struct ext3_extent
 188         if (bh == NULL)
 189                 return -EIO;
 190         eh = EXT_BLOCK_HDR(bh);
 191 -       if (ext3_ext_check_header(eh)) {
 192 +       max = ext3_ext_max_entries(tree, 0, depth);
 193 +       if (ext3_ext_check_header(tree->inode, eh, depth, max)) {
 194                 brelse(bh);
 195                 return -EIO;
 196         }
 197 @@ -1694,6 +1729,8 @@ ext3_ext_rm_leaf(handle_t *handle, struc
 198         ext_debug(tree, "remove [%lu:%lu] in leaf\n", start, end);
 199         if (!path[depth].p_hdr)
 200                 path[depth].p_hdr = EXT_BLOCK_HDR(path[depth].p_bh);
 201 +
 202 +       /* the header must be checked already in ext3_ext_remove_space() */
 203         eh = path[depth].p_hdr;
 204         EXT_ASSERT(eh);
 205         EXT_ASSERT(eh->eh_entries <= eh->eh_max);
 206 @@ -1856,7 +1893,7 @@ int ext3_ext_remove_space(struct ext3_ex
 207         int depth = EXT_DEPTH(tree);
 208         struct ext3_ext_path *path;
 209         handle_t *handle;
 210 -       int i = 0, err = 0;
 211 +       int i = 0, err = 0, max;
 212
 213         ext_debug(tree, "space to be removed: %lu:%lu\n", start, end);
 214
 215 @@ -1879,7 +1916,13 @@ int ext3_ext_remove_space(struct ext3_ex
 216         }
 217         memset(path, 0, sizeof(struct ext3_ext_path) * (depth + 1));
 218         path[i].p_hdr = EXT_ROOT_HDR(tree);
 219 -
 220 +
 221 +       max = ext3_ext_max_entries(tree, 1, depth);
 222 +       if (ext3_ext_check_header(inode, path[i].p_hdr, depth, max)) {
 223 +               err = -EIO;
 224 +               goto out;
 225 +       }
 226 +
 227         while (i >= 0 && err == 0) {
 228                 if (i == depth) {
 229                         /* this is leaf block */
 230 @@ -1889,16 +1932,13 @@ int ext3_ext_remove_space(struct ext3_ex
 231                         i--;
 232                         continue;
 233                 }
 234 -
 235 +
 236                 /* this is index block */
 237                 if (!path[i].p_hdr) {
 238                         ext_debug(tree, "initialize header\n");
 239                         path[i].p_hdr = EXT_BLOCK_HDR(path[i].p_bh);
 240                 }
 241
 242 -               EXT_ASSERT(path[i].p_hdr->eh_entries <= path[i].p_hdr->eh_max);
 243 -               EXT_ASSERT(path[i].p_hdr->eh_magic == EXT3_EXT_MAGIC);
 244 -
 245                 if (!path[i].p_idx) {
 246                         /* this level hasn't touched yet */
 247                         path[i].p_idx =
 248 @@ -1925,6 +1965,14 @@ int ext3_ext_remove_space(struct ext3_ex
 249                                 err = -EIO;
 250                                 break;
 251                         }
 252 +                       BUG_ON(i + 1 > depth);
 253 +                       max = ext3_ext_max_entries(tree, 0, depth - i - 1);
 254 +                       if (ext3_ext_check_header(inode,
 255 +                                               EXT_BLOCK_HDR(path[i+1].p_bh),
 256 +                                               depth - i - 1, max)) {
 257 +                               err = -EIO;
 258 +                               break;
 259 +                       }
 260                         /* put actual number of indexes to know is this
 261                          * number got changed at the next iteration */
 262                         path[i].p_block = path[i].p_hdr->eh_entries;
 263 @@ -1945,7 +1993,7 @@ int ext3_ext_remove_space(struct ext3_ex
 264         }
 265
 266         /* TODO: flexible tree reduction should be here */
 267 -       if (path->p_hdr->eh_entries == 0) {
 268 +       if (err == 0 && path->p_hdr->eh_entries == 0) {
 269                 /*
 270                  * truncate to zero freed all the tree
 271                  * so, we need to correct eh_depth
 272 @@ -1959,6 +2007,7 @@ int ext3_ext_remove_space(struct ext3_ex
 273         }
 274         ext3_ext_tree_changed(tree);
 275
 276 +out:
 277         kfree(path);
 278         ext3_journal_stop(handle);
 279