ext4: protect journal inode's blocks using block_validity
authorTheodore Ts'o <tytso@mit.edu>
Wed, 10 Apr 2019 03:37:08 +0000 (23:37 -0400)
committerTheodore Ts'o <tytso@mit.edu>
Wed, 10 Apr 2019 03:37:08 +0000 (23:37 -0400)
Add the blocks which belong to the journal inode to block_validity's
system zone so attempts to deallocate or overwrite the journal due a
corrupted file system where the journal blocks are also claimed by
another inode.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202879
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
fs/ext4/block_validity.c
fs/ext4/inode.c

index 913061c..9409b1e 100644 (file)
@@ -137,6 +137,48 @@ static void debug_print_tree(struct ext4_sb_info *sbi)
        printk(KERN_CONT "\n");
 }
 
+static int ext4_protect_reserved_inode(struct super_block *sb, u32 ino)
+{
+       struct inode *inode;
+       struct ext4_sb_info *sbi = EXT4_SB(sb);
+       struct ext4_map_blocks map;
+       u32 i = 0, err = 0, num, n;
+
+       if ((ino < EXT4_ROOT_INO) ||
+           (ino > le32_to_cpu(sbi->s_es->s_inodes_count)))
+               return -EINVAL;
+       inode = ext4_iget(sb, ino, EXT4_IGET_SPECIAL);
+       if (IS_ERR(inode))
+               return PTR_ERR(inode);
+       num = (inode->i_size + sb->s_blocksize - 1) >> sb->s_blocksize_bits;
+       while (i < num) {
+               map.m_lblk = i;
+               map.m_len = num - i;
+               n = ext4_map_blocks(NULL, inode, &map, 0);
+               if (n < 0) {
+                       err = n;
+                       break;
+               }
+               if (n == 0) {
+                       i++;
+               } else {
+                       if (!ext4_data_block_valid(sbi, map.m_pblk, n)) {
+                               ext4_error(sb, "blocks %llu-%llu from inode %u "
+                                          "overlap system zone", map.m_pblk,
+                                          map.m_pblk + map.m_len - 1, ino);
+                               err = -EFSCORRUPTED;
+                               break;
+                       }
+                       err = add_system_zone(sbi, map.m_pblk, n);
+                       if (err < 0)
+                               break;
+                       i += n;
+               }
+       }
+       iput(inode);
+       return err;
+}
+
 int ext4_setup_system_zone(struct super_block *sb)
 {
        ext4_group_t ngroups = ext4_get_groups_count(sb);
@@ -171,6 +213,12 @@ int ext4_setup_system_zone(struct super_block *sb)
                if (ret)
                        return ret;
        }
+       if (ext4_has_feature_journal(sb) && sbi->s_es->s_journal_inum) {
+               ret = ext4_protect_reserved_inode(sb,
+                               le32_to_cpu(sbi->s_es->s_journal_inum));
+               if (ret)
+                       return ret;
+       }
 
        if (test_opt(sb, DEBUG))
                debug_print_tree(sbi);
index 190f047..609c836 100644 (file)
@@ -399,6 +399,10 @@ static int __check_block_validity(struct inode *inode, const char *func,
                                unsigned int line,
                                struct ext4_map_blocks *map)
 {
+       if (ext4_has_feature_journal(inode->i_sb) &&
+           (inode->i_ino ==
+            le32_to_cpu(EXT4_SB(inode->i_sb)->s_es->s_journal_inum)))
+               return 0;
        if (!ext4_data_block_valid(EXT4_SB(inode->i_sb), map->m_pblk,
                                   map->m_len)) {
                ext4_error_inode(inode, func, line, map->m_pblk,