Re: [PATCH] UPDATED: hfs: handle more on-disk corruptions without oopsing
Roman Zippel wrote:
> Hi,
>
> On Thursday 20 December 2007, Eric Sandeen wrote:
>
>> Index: linux-2.6.24-rc3/fs/hfs/brec.c
>> ===
>> --- linux-2.6.24-rc3.orig/fs/hfs/brec.c
>> +++ linux-2.6.24-rc3/fs/hfs/brec.c
>> @@ -44,10 +44,21 @@ u16 hfs_brec_keylen(struct hfs_bnode *no
>> recoff = hfs_bnode_read_u16(node, node->tree->node_size - (rec
>> + 1) *
>> 2); if (!recoff)
>> return 0;
>> -if (node->tree->attributes & HFS_TREE_BIGKEYS)
>> +if (node->tree->attributes & HFS_TREE_BIGKEYS) {
>> retval = hfs_bnode_read_u16(node, recoff) + 2;
>> -else
>> +if (retval > node->tree->max_key_len + 2) {
>> +printk(KERN_ERR "hfs: keylen %d too large\n",
>> +retval);
>> +retval = HFS_BAD_KEYLEN;
>> +}
>> +} else {
>> retval = (hfs_bnode_read_u8(node, recoff) | 1) + 1;
>> +if (retval > node->tree->max_key_len + 1) {
>> +printk(KERN_ERR "hfs: keylen %d too large\n",
>> +retval);
>> +retval = HFS_BAD_KEYLEN;
>> +}
>> +}
>> }
>> return retval;
>> }
>
> You can reuse 0 as failure value, a key has to be of nonzero size.
Ok. Based on the other 0 returns I wasn't sure if they were considered
real errors or not... but also ISTR I ran into problems with a simple 0
return; I probably just to be sure need the callers check for it.
>> Index: linux-2.6.24-rc3/fs/hfs/btree.c
>> ===
>> --- linux-2.6.24-rc3.orig/fs/hfs/btree.c
>> +++ linux-2.6.24-rc3/fs/hfs/btree.c
>> @@ -81,6 +81,17 @@ struct hfs_btree *hfs_btree_open(struct
>> goto fail_page;
>> if (!tree->node_count)
>> goto fail_page;
>> +if ((id == HFS_EXT_CNID) && (tree->max_key_len != HFS_MAX_EXT_KEYLEN)) {
>> +printk(KERN_ERR "hfs: invalid extent max_key_len %d\n",
>> +tree->max_key_len);
>> +goto fail_page;
>> +}
>> +if ((id == HFS_CAT_CNID) && (tree->max_key_len != HFS_MAX_CAT_KEYLEN)) {
>> +printk(KERN_ERR "hfs: invalid catalog max_key_len %d\n",
>> +tree->max_key_len);
>> +goto fail_page;
>> +}
>> +
>> tree->node_size_shift = ffs(size) - 1;
>> tree->pages_per_bnode = (tree->node_size + PAGE_CACHE_SIZE - 1) >>
>> PAGE_CACHE_SHIFT;
>>
>
> I'd prefer a switch statement here.
Ok, I'd thought about doing it that way... :)
> It would be nice if you could do the same changes for hfsplus, so both stay
> in
> sync.
Yep, wanted to first see if it'd fly for HFS...
Thanks for the feedback,
-Eric
> Thanks.
>
> bye, Roman
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] UPDATED: hfs: handle more on-disk corruptions without oopsing
Hi,
On Thursday 20 December 2007, Eric Sandeen wrote:
> Index: linux-2.6.24-rc3/fs/hfs/brec.c
> ===
> --- linux-2.6.24-rc3.orig/fs/hfs/brec.c
> +++ linux-2.6.24-rc3/fs/hfs/brec.c
> @@ -44,10 +44,21 @@ u16 hfs_brec_keylen(struct hfs_bnode *no
> recoff = hfs_bnode_read_u16(node, node->tree->node_size - (rec
> + 1) *
> 2); if (!recoff)
> return 0;
> - if (node->tree->attributes & HFS_TREE_BIGKEYS)
> + if (node->tree->attributes & HFS_TREE_BIGKEYS) {
> retval = hfs_bnode_read_u16(node, recoff) + 2;
> - else
> + if (retval > node->tree->max_key_len + 2) {
> + printk(KERN_ERR "hfs: keylen %d too large\n",
> + retval);
> + retval = HFS_BAD_KEYLEN;
> + }
> + } else {
> retval = (hfs_bnode_read_u8(node, recoff) | 1) + 1;
> + if (retval > node->tree->max_key_len + 1) {
> + printk(KERN_ERR "hfs: keylen %d too large\n",
> + retval);
> + retval = HFS_BAD_KEYLEN;
> + }
> + }
> }
> return retval;
> }
You can reuse 0 as failure value, a key has to be of nonzero size.
> Index: linux-2.6.24-rc3/fs/hfs/btree.c
> ===
> --- linux-2.6.24-rc3.orig/fs/hfs/btree.c
> +++ linux-2.6.24-rc3/fs/hfs/btree.c
> @@ -81,6 +81,17 @@ struct hfs_btree *hfs_btree_open(struct
> goto fail_page;
> if (!tree->node_count)
> goto fail_page;
> + if ((id == HFS_EXT_CNID) && (tree->max_key_len != HFS_MAX_EXT_KEYLEN)) {
> + printk(KERN_ERR "hfs: invalid extent max_key_len %d\n",
> + tree->max_key_len);
> + goto fail_page;
> + }
> + if ((id == HFS_CAT_CNID) && (tree->max_key_len != HFS_MAX_CAT_KEYLEN)) {
> + printk(KERN_ERR "hfs: invalid catalog max_key_len %d\n",
> + tree->max_key_len);
> + goto fail_page;
> + }
> +
> tree->node_size_shift = ffs(size) - 1;
> tree->pages_per_bnode = (tree->node_size + PAGE_CACHE_SIZE - 1) >>
> PAGE_CACHE_SHIFT;
>
I'd prefer a switch statement here.
It would be nice if you could do the same changes for hfsplus, so both stay in
sync.
Thanks.
bye, Roman
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] UPDATED: hfs: handle more on-disk corruptions without oopsing
Hi,
On Thursday 20 December 2007, Eric Sandeen wrote:
Index: linux-2.6.24-rc3/fs/hfs/brec.c
===
--- linux-2.6.24-rc3.orig/fs/hfs/brec.c
+++ linux-2.6.24-rc3/fs/hfs/brec.c
@@ -44,10 +44,21 @@ u16 hfs_brec_keylen(struct hfs_bnode *no
recoff = hfs_bnode_read_u16(node, node-tree-node_size - (rec
+ 1) *
2); if (!recoff)
return 0;
- if (node-tree-attributes HFS_TREE_BIGKEYS)
+ if (node-tree-attributes HFS_TREE_BIGKEYS) {
retval = hfs_bnode_read_u16(node, recoff) + 2;
- else
+ if (retval node-tree-max_key_len + 2) {
+ printk(KERN_ERR hfs: keylen %d too large\n,
+ retval);
+ retval = HFS_BAD_KEYLEN;
+ }
+ } else {
retval = (hfs_bnode_read_u8(node, recoff) | 1) + 1;
+ if (retval node-tree-max_key_len + 1) {
+ printk(KERN_ERR hfs: keylen %d too large\n,
+ retval);
+ retval = HFS_BAD_KEYLEN;
+ }
+ }
}
return retval;
}
You can reuse 0 as failure value, a key has to be of nonzero size.
Index: linux-2.6.24-rc3/fs/hfs/btree.c
===
--- linux-2.6.24-rc3.orig/fs/hfs/btree.c
+++ linux-2.6.24-rc3/fs/hfs/btree.c
@@ -81,6 +81,17 @@ struct hfs_btree *hfs_btree_open(struct
goto fail_page;
if (!tree-node_count)
goto fail_page;
+ if ((id == HFS_EXT_CNID) (tree-max_key_len != HFS_MAX_EXT_KEYLEN)) {
+ printk(KERN_ERR hfs: invalid extent max_key_len %d\n,
+ tree-max_key_len);
+ goto fail_page;
+ }
+ if ((id == HFS_CAT_CNID) (tree-max_key_len != HFS_MAX_CAT_KEYLEN)) {
+ printk(KERN_ERR hfs: invalid catalog max_key_len %d\n,
+ tree-max_key_len);
+ goto fail_page;
+ }
+
tree-node_size_shift = ffs(size) - 1;
tree-pages_per_bnode = (tree-node_size + PAGE_CACHE_SIZE - 1)
PAGE_CACHE_SHIFT;
I'd prefer a switch statement here.
It would be nice if you could do the same changes for hfsplus, so both stay in
sync.
Thanks.
bye, Roman
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] UPDATED: hfs: handle more on-disk corruptions without oopsing
Roman Zippel wrote:
Hi,
On Thursday 20 December 2007, Eric Sandeen wrote:
Index: linux-2.6.24-rc3/fs/hfs/brec.c
===
--- linux-2.6.24-rc3.orig/fs/hfs/brec.c
+++ linux-2.6.24-rc3/fs/hfs/brec.c
@@ -44,10 +44,21 @@ u16 hfs_brec_keylen(struct hfs_bnode *no
recoff = hfs_bnode_read_u16(node, node-tree-node_size - (rec
+ 1) *
2); if (!recoff)
return 0;
-if (node-tree-attributes HFS_TREE_BIGKEYS)
+if (node-tree-attributes HFS_TREE_BIGKEYS) {
retval = hfs_bnode_read_u16(node, recoff) + 2;
-else
+if (retval node-tree-max_key_len + 2) {
+printk(KERN_ERR hfs: keylen %d too large\n,
+retval);
+retval = HFS_BAD_KEYLEN;
+}
+} else {
retval = (hfs_bnode_read_u8(node, recoff) | 1) + 1;
+if (retval node-tree-max_key_len + 1) {
+printk(KERN_ERR hfs: keylen %d too large\n,
+retval);
+retval = HFS_BAD_KEYLEN;
+}
+}
}
return retval;
}
You can reuse 0 as failure value, a key has to be of nonzero size.
Ok. Based on the other 0 returns I wasn't sure if they were considered
real errors or not... but also ISTR I ran into problems with a simple 0
return; I probably just to be sure need the callers check for it.
Index: linux-2.6.24-rc3/fs/hfs/btree.c
===
--- linux-2.6.24-rc3.orig/fs/hfs/btree.c
+++ linux-2.6.24-rc3/fs/hfs/btree.c
@@ -81,6 +81,17 @@ struct hfs_btree *hfs_btree_open(struct
goto fail_page;
if (!tree-node_count)
goto fail_page;
+if ((id == HFS_EXT_CNID) (tree-max_key_len != HFS_MAX_EXT_KEYLEN)) {
+printk(KERN_ERR hfs: invalid extent max_key_len %d\n,
+tree-max_key_len);
+goto fail_page;
+}
+if ((id == HFS_CAT_CNID) (tree-max_key_len != HFS_MAX_CAT_KEYLEN)) {
+printk(KERN_ERR hfs: invalid catalog max_key_len %d\n,
+tree-max_key_len);
+goto fail_page;
+}
+
tree-node_size_shift = ffs(size) - 1;
tree-pages_per_bnode = (tree-node_size + PAGE_CACHE_SIZE - 1)
PAGE_CACHE_SHIFT;
I'd prefer a switch statement here.
Ok, I'd thought about doing it that way... :)
It would be nice if you could do the same changes for hfsplus, so both stay
in
sync.
Yep, wanted to first see if it'd fly for HFS...
Thanks for the feedback,
-Eric
Thanks.
bye, Roman
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] UPDATED: hfs: handle more on-disk corruptions without oopsing
Andrew, I double-issued warnings in some cases. Mind replacing
with this one?
Thanks,
-Eric
hfs seems prone to bad things when it encounters on disk corruption.
Many values are read from disk, and used as lengths to memcpy, as an
example. This patch fixes up several of these problematic cases.
o sanity check the on-disk maximum key lengths on mount
(these are set to a defined value at mkfs time and shouldn't differ)
o check on-disk node keylens against the maximum key length for each tree
o fix hfs_btree_open so that going out via free_tree: doesn't wind
up in hfs_releasepage, which wants to follow the very pointer
we were trying to set up:
HFS_SB(sb)->cat_tree = hfs_btree_open()
...
failure gets to hfs_releasepage and tries
to follow HFS_SB(sb)->cat_tree
Tested with the fsfuzzer; it survives more than it used to.
Signed-off-by: Eric Sandeen <[EMAIL PROTECTED]>
---
Index: linux-2.6.24-rc3/fs/hfs/brec.c
===
--- linux-2.6.24-rc3.orig/fs/hfs/brec.c
+++ linux-2.6.24-rc3/fs/hfs/brec.c
@@ -44,10 +44,21 @@ u16 hfs_brec_keylen(struct hfs_bnode *no
recoff = hfs_bnode_read_u16(node, node->tree->node_size - (rec
+ 1) * 2);
if (!recoff)
return 0;
- if (node->tree->attributes & HFS_TREE_BIGKEYS)
+ if (node->tree->attributes & HFS_TREE_BIGKEYS) {
retval = hfs_bnode_read_u16(node, recoff) + 2;
- else
+ if (retval > node->tree->max_key_len + 2) {
+ printk(KERN_ERR "hfs: keylen %d too large\n",
+ retval);
+ retval = HFS_BAD_KEYLEN;
+ }
+ } else {
retval = (hfs_bnode_read_u8(node, recoff) | 1) + 1;
+ if (retval > node->tree->max_key_len + 1) {
+ printk(KERN_ERR "hfs: keylen %d too large\n",
+ retval);
+ retval = HFS_BAD_KEYLEN;
+ }
+ }
}
return retval;
}
Index: linux-2.6.24-rc3/fs/hfs/bfind.c
===
--- linux-2.6.24-rc3.orig/fs/hfs/bfind.c
+++ linux-2.6.24-rc3/fs/hfs/bfind.c
@@ -52,6 +52,10 @@ int __hfs_brec_find(struct hfs_bnode *bn
rec = (e + b) / 2;
len = hfs_brec_lenoff(bnode, rec, );
keylen = hfs_brec_keylen(bnode, rec);
+ if (keylen == HFS_BAD_KEYLEN) {
+ res = -EINVAL;
+ goto done;
+ }
hfs_bnode_read(bnode, fd->key, off, keylen);
cmpval = bnode->tree->keycmp(fd->key, fd->search_key);
if (!cmpval) {
@@ -67,6 +71,10 @@ int __hfs_brec_find(struct hfs_bnode *bn
if (rec != e && e >= 0) {
len = hfs_brec_lenoff(bnode, e, );
keylen = hfs_brec_keylen(bnode, e);
+ if (keylen == HFS_BAD_KEYLEN) {
+ res = -EINVAL;
+ goto done;
+ }
hfs_bnode_read(bnode, fd->key, off, keylen);
}
done:
@@ -198,6 +206,10 @@ int hfs_brec_goto(struct hfs_find_data *
len = hfs_brec_lenoff(bnode, fd->record, );
keylen = hfs_brec_keylen(bnode, fd->record);
+ if (keylen == HFS_BAD_KEYLEN) {
+ res = -EINVAL;
+ goto out;
+ }
fd->keyoffset = off;
fd->keylength = keylen;
fd->entryoffset = off + keylen;
Index: linux-2.6.24-rc3/fs/hfs/hfs.h
===
--- linux-2.6.24-rc3.orig/fs/hfs/hfs.h
+++ linux-2.6.24-rc3/fs/hfs/hfs.h
@@ -28,6 +28,8 @@
#define HFS_MAX_NAMELEN128
#define HFS_MAX_VALENCE32767U
+#define HFS_BAD_KEYLEN 0xFF
+
/* Meanings of the drAtrb field of the MDB,
* Reference: _Inside Macintosh: Files_ p. 2-61
*/
@@ -167,6 +169,9 @@ typedef union hfs_btree_key {
struct hfs_ext_key ext;
} hfs_btree_key;
+#define HFS_MAX_CAT_KEYLEN (sizeof(struct hfs_cat_key) - sizeof(u8))
+#define HFS_MAX_EXT_KEYLEN (sizeof(struct hfs_ext_key) - sizeof(u8))
+
typedef union hfs_btree_key btree_key;
struct hfs_extent {
Index: linux-2.6.24-rc3/fs/hfs/btree.c
===
--- linux-2.6.24-rc3.orig/fs/hfs/btree.c
+++ linux-2.6.24-rc3/fs/hfs/btree.c
@@ -81,6 +81,17 @@ struct hfs_btree *hfs_btree_open(struct
goto fail_page;
if (!tree->node_count)
goto fail_page;
+ if ((id == HFS_EXT_CNID) && (tree->max_key_len != HFS_MAX_EXT_KEYLEN)) {
+ printk(KERN_ERR "hfs: invalid extent max_key_len %d\n",
+
[PATCH] UPDATED: hfs: handle more on-disk corruptions without oopsing
Andrew, I double-issued warnings in some cases. Mind replacing
with this one?
Thanks,
-Eric
hfs seems prone to bad things when it encounters on disk corruption.
Many values are read from disk, and used as lengths to memcpy, as an
example. This patch fixes up several of these problematic cases.
o sanity check the on-disk maximum key lengths on mount
(these are set to a defined value at mkfs time and shouldn't differ)
o check on-disk node keylens against the maximum key length for each tree
o fix hfs_btree_open so that going out via free_tree: doesn't wind
up in hfs_releasepage, which wants to follow the very pointer
we were trying to set up:
HFS_SB(sb)-cat_tree = hfs_btree_open()
...
failure gets to hfs_releasepage and tries
to follow HFS_SB(sb)-cat_tree
Tested with the fsfuzzer; it survives more than it used to.
Signed-off-by: Eric Sandeen [EMAIL PROTECTED]
---
Index: linux-2.6.24-rc3/fs/hfs/brec.c
===
--- linux-2.6.24-rc3.orig/fs/hfs/brec.c
+++ linux-2.6.24-rc3/fs/hfs/brec.c
@@ -44,10 +44,21 @@ u16 hfs_brec_keylen(struct hfs_bnode *no
recoff = hfs_bnode_read_u16(node, node-tree-node_size - (rec
+ 1) * 2);
if (!recoff)
return 0;
- if (node-tree-attributes HFS_TREE_BIGKEYS)
+ if (node-tree-attributes HFS_TREE_BIGKEYS) {
retval = hfs_bnode_read_u16(node, recoff) + 2;
- else
+ if (retval node-tree-max_key_len + 2) {
+ printk(KERN_ERR hfs: keylen %d too large\n,
+ retval);
+ retval = HFS_BAD_KEYLEN;
+ }
+ } else {
retval = (hfs_bnode_read_u8(node, recoff) | 1) + 1;
+ if (retval node-tree-max_key_len + 1) {
+ printk(KERN_ERR hfs: keylen %d too large\n,
+ retval);
+ retval = HFS_BAD_KEYLEN;
+ }
+ }
}
return retval;
}
Index: linux-2.6.24-rc3/fs/hfs/bfind.c
===
--- linux-2.6.24-rc3.orig/fs/hfs/bfind.c
+++ linux-2.6.24-rc3/fs/hfs/bfind.c
@@ -52,6 +52,10 @@ int __hfs_brec_find(struct hfs_bnode *bn
rec = (e + b) / 2;
len = hfs_brec_lenoff(bnode, rec, off);
keylen = hfs_brec_keylen(bnode, rec);
+ if (keylen == HFS_BAD_KEYLEN) {
+ res = -EINVAL;
+ goto done;
+ }
hfs_bnode_read(bnode, fd-key, off, keylen);
cmpval = bnode-tree-keycmp(fd-key, fd-search_key);
if (!cmpval) {
@@ -67,6 +71,10 @@ int __hfs_brec_find(struct hfs_bnode *bn
if (rec != e e = 0) {
len = hfs_brec_lenoff(bnode, e, off);
keylen = hfs_brec_keylen(bnode, e);
+ if (keylen == HFS_BAD_KEYLEN) {
+ res = -EINVAL;
+ goto done;
+ }
hfs_bnode_read(bnode, fd-key, off, keylen);
}
done:
@@ -198,6 +206,10 @@ int hfs_brec_goto(struct hfs_find_data *
len = hfs_brec_lenoff(bnode, fd-record, off);
keylen = hfs_brec_keylen(bnode, fd-record);
+ if (keylen == HFS_BAD_KEYLEN) {
+ res = -EINVAL;
+ goto out;
+ }
fd-keyoffset = off;
fd-keylength = keylen;
fd-entryoffset = off + keylen;
Index: linux-2.6.24-rc3/fs/hfs/hfs.h
===
--- linux-2.6.24-rc3.orig/fs/hfs/hfs.h
+++ linux-2.6.24-rc3/fs/hfs/hfs.h
@@ -28,6 +28,8 @@
#define HFS_MAX_NAMELEN128
#define HFS_MAX_VALENCE32767U
+#define HFS_BAD_KEYLEN 0xFF
+
/* Meanings of the drAtrb field of the MDB,
* Reference: _Inside Macintosh: Files_ p. 2-61
*/
@@ -167,6 +169,9 @@ typedef union hfs_btree_key {
struct hfs_ext_key ext;
} hfs_btree_key;
+#define HFS_MAX_CAT_KEYLEN (sizeof(struct hfs_cat_key) - sizeof(u8))
+#define HFS_MAX_EXT_KEYLEN (sizeof(struct hfs_ext_key) - sizeof(u8))
+
typedef union hfs_btree_key btree_key;
struct hfs_extent {
Index: linux-2.6.24-rc3/fs/hfs/btree.c
===
--- linux-2.6.24-rc3.orig/fs/hfs/btree.c
+++ linux-2.6.24-rc3/fs/hfs/btree.c
@@ -81,6 +81,17 @@ struct hfs_btree *hfs_btree_open(struct
goto fail_page;
if (!tree-node_count)
goto fail_page;
+ if ((id == HFS_EXT_CNID) (tree-max_key_len != HFS_MAX_EXT_KEYLEN)) {
+ printk(KERN_ERR hfs: invalid extent max_key_len %d\n,
+
