From 5daf86607877ea81d0295a9d49a1fe06572e0352 Mon Sep 17 00:00:00 2001
From: Alexander Boyko <alexander.boyko@hpe.com>
Date: Tue, 28 Sep 2021 09:27:12 -0400
Subject: [PATCH] LU-12268 osd: BUG_ON for IAM corruption

The patch adds strict checks of buffer head overflow
for IAM dx blocks.

HPE-bug-id: LUS-10178
Signed-off-by: Alexander Boyko <alexander.boyko@hpe.com>
Change-Id: I1608f6cbf00b5120fbc36d0c65fcfe37c43e375f
Reviewed-on: https://review.whamcloud.com/45072
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Artem Blagodarenko <artem.blagodarenko@hpe.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/osd-ldiskfs/osd_iam.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lustre/osd-ldiskfs/osd_iam.c b/lustre/osd-ldiskfs/osd_iam.c
index a2e82b0..c8a06d8 100644
--- a/lustre/osd-ldiskfs/osd_iam.c
+++ b/lustre/osd-ldiskfs/osd_iam.c
@@ -779,12 +779,18 @@ void iam_insert_key(struct iam_path *path, struct iam_frame *frame,
 	assert_corr(count < dx_get_limit(entries));
 	assert_corr(frame->at < iam_entry_shift(path, entries, count));
 	assert_inv(dx_node_check(path, frame));
+	/* Prevent memory corruption outside of buffer_head */
+	BUG_ON(count >= dx_get_limit(entries));
+	BUG_ON((char *)iam_entry_shift(path, entries, count + 1) >
+	       (frame->bh->b_data + frame->bh->b_size));
 
 	memmove(iam_entry_shift(path, new, 1), new,
 		(char *)iam_entry_shift(path, entries, count) - (char *)new);
 	dx_set_ikey(path, new, key);
 	dx_set_block(path, new, ptr);
 	dx_set_count(entries, count + 1);
+
+	BUG_ON(count > dx_get_limit(entries));
 	assert_inv(dx_node_check(path, frame));
 }
 
-- 
1.8.3.1