libxfs: add more bounds checking to sb sanity checks
authorBill O'Donnell <billodo@redhat.com>
Thu, 26 Jul 2018 17:10:34 +0000 (10:10 -0700)
committerDarrick J. Wong <darrick.wong@oracle.com>
Tue, 31 Jul 2018 20:18:09 +0000 (13:18 -0700)
Current sb verifier doesn't check bounds on sb_fdblocks and sb_ifree.
Add sanity checks for these parameters.

Signed-off-by: Bill O'Donnell <billodo@redhat.com>
[darrick: port to refactored sb validation predicates]
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
fs/xfs/libxfs/xfs_sb.c

index f3835e9..3d29f4a 100644 (file)
@@ -150,6 +150,18 @@ xfs_validate_sb_write(
        struct xfs_mount        *mp,
        struct xfs_sb           *sbp)
 {
+       /*
+        * Carry out additional sb summary counter sanity checks when we write
+        * the superblock.  We skip this in the read validator because there
+        * could be newer superblocks in the log and if the values are garbage
+        * we'll recalculate them at the end of log mount.
+        */
+       if (sbp->sb_fdblocks > sbp->sb_dblocks ||
+           sbp->sb_ifree > sbp->sb_icount) {
+               xfs_warn(mp, "SB summary counter sanity check failed");
+               return -EFSCORRUPTED;
+       }
+
        if (XFS_SB_VERSION_NUM(sbp) != XFS_SB_VERSION_5)
                return 0;