From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 93548C48BC3 for ; Wed, 14 Feb 2024 15:51:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D84316B00A3; Wed, 14 Feb 2024 10:51:33 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id D346C6B00A5; Wed, 14 Feb 2024 10:51:33 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BFDAD6B00A6; Wed, 14 Feb 2024 10:51:33 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id AF3396B00A3 for ; Wed, 14 Feb 2024 10:51:33 -0500 (EST) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 6EAF640E6E for ; Wed, 14 Feb 2024 15:51:33 +0000 (UTC) X-FDA: 81790849266.24.F13F8B3 Received: from mout-p-202.mailbox.org (mout-p-202.mailbox.org [80.241.56.172]) by imf06.hostedemail.com (Postfix) with ESMTP id 54E73180020 for ; Wed, 14 Feb 2024 15:51:31 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=pankajraghav.com header.s=MBO0001 header.b=oJgKmevx; spf=pass (imf06.hostedemail.com: domain of kernel@pankajraghav.com designates 80.241.56.172 as permitted sender) smtp.mailfrom=kernel@pankajraghav.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1707925891; a=rsa-sha256; cv=none; b=SuQIyZfH5QJlpzHYRG0iHhmGt4+AyJ4D4I8NaFhydCNb4t9WvZzjhCTsDUhquF6x6f2Ssq f6lofSRquFuzNm1ePzNvah1KoVOT8b6eqYhqTlDXgLgWlsa6al3J3o9KrBRNSUQlwVM4qt dgS+SFJwoGOpocRdyo/3n3NmP+DlXag= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=pankajraghav.com header.s=MBO0001 header.b=oJgKmevx; spf=pass (imf06.hostedemail.com: domain of kernel@pankajraghav.com designates 80.241.56.172 as permitted sender) smtp.mailfrom=kernel@pankajraghav.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1707925891; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uvRxRUirHGWYGjoW5odKQxfL8aAW2NExn/9k0sqlsuY=; b=25lMxvIUy+FlfF5JgwCFXmK3tf8bckzwNd7+hYmZJk4OpvZ6+StGN/X2Fw2sVQfJ0+cuH4 N5Ce+I+KjSbld38582/0NYUAzMVQkSSQcLjM9HGBxIiVzrOu1nKw81/grSNpbH9PLg4a9/ 9nfxWa10mS+TWYJjHQyB07hr0T7tKgw= Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4TZjNZ5Zyjz9sZZ; Wed, 14 Feb 2024 16:51:26 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pankajraghav.com; s=MBO0001; t=1707925886; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=uvRxRUirHGWYGjoW5odKQxfL8aAW2NExn/9k0sqlsuY=; b=oJgKmevxuE6YOihKJil5WtpmnnL/lRWqZVwijXduz8jb+QWVrPdGzO5ngbvtLp+WXXMwEu NpxC3Zfg1ABJsNEgxncesLhI3dWYoLPhegT8D/FHjc3+5TquElV7jzzw7sbvfcFO9OBe7X XqIpdaIRlR0PpWsIvJdQNn7UoDyuwXzAb1UQVeaEd5qwdvlTDZ0EDjNKBLu9ihP8I/3U/T mQVY7dtXXTAOVF2omkKDbwIwT/aFGM6shr7XuPd8qSj7gjae7cQ12mvGH2ERjRTON5+wW7 VJSCo+ClN6RbgWei3lr/BJZsL2aXFWMQRiv38m7CnG0YyKXz4yYflriN8N8VrQ== Date: Wed, 14 Feb 2024 16:51:22 +0100 From: "Pankaj Raghav (Samsung)" To: Dave Chinner Cc: "Darrick J. Wong" , linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, mcgrof@kernel.org, gost.dev@samsung.com, akpm@linux-foundation.org, kbusch@kernel.org, chandan.babu@oracle.com, p.raghav@samsung.com, linux-kernel@vger.kernel.org, hare@suse.de, willy@infradead.org, linux-mm@kvack.org Subject: Re: [RFC v2 12/14] xfs: make the calculation generic in xfs_sb_validate_fsb_count() Message-ID: <2h5ikaxcij2rpekaenf2fnlh4dquwpnkjy7eaqfwk75tbkkmuw@ehbfsjjumgdp> References: <20240213093713.1753368-1-kernel@pankajraghav.com> <20240213093713.1753368-13-kernel@pankajraghav.com> <20240213162611.GP6184@frogsfrogsfrogs> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 54E73180020 X-Stat-Signature: 117wgiip7aq4e63tezjf7tpo1i3ksk99 X-Rspam-User: X-HE-Tag: 1707925891-785540 X-HE-Meta: U2FsdGVkX1+n9m7TLZLcwbprdH3Vszu/aFhH03Gkvwa/FvSCHUnRVl26lMaEsE8KcYZrp6agyLVsZEJmEKZYYMJCPqe2AEji1eGjy+kmQmjRY0srFjgIYnUrh0XK8dIjAZjERedI/uIkPKsqeXZqLWAR23ax2qjyI2bUxJ2lA+UdgikESczvxahlunyTzF/B/ajT+62TzAQl7yxk0K/O4aiDLLLLQNjELUAgc3tLEGcNLVtNuv72i1sUKZv+KlUXwPxkvdlizIaFlopf2IdfdjVhlS3Vxj1wTw/dPNamPWr0zW/f4mf2ErysKPZKbXf3/zriA4X+rTBiaX9F7CNmgHXZQcgMHxjxzYBJ3XA8Cm5VFDJaKgXSfEE3leWEIqBshtTlT8N6iwG6D5phTobkGKPMmG1oPDdAl56AdvnP4GbE9p0I1rivHRYj9OiQWhIZ0kADc2dYlYwNuX6ka4HoP6NhWTQVl8Tpos8BEVXnz72p5OzDVtGZK7pT+UulHhQ1gIhhahVTDVhkEedQGGa8osm/vUeKjJlXxjNg2/9x60Y9t0eBFDiGICjitIUh6z3PisCIeU9Rtiv6QRpGqQIZc+vyCVqQVoh0pNkk65DWZqLQrChYsYfhaAe/9hLkcPz2SflCnjKP88wsMCHRq2T8MFEe5ggiG44axksOCw0IEm4mEJu4Pf8cSMWja95UO+U0RBtsgVW0XbBSpE/zcqunUjaf3/CjF3A5kOTPzb8/iJ6kHsw1lOmxBh5Ur+dyejSHOBgTPhHsGVYvU3VAFJAU0TMDinXPjJTm37g1pZSCkAS9xfK16ZJevHBQRMRKlvqYIPS881vSCI8r7M1gYhYP9spAPFD5kNal8LUAgqfN8ue0LOTvQAAzBiGAFt4mkJOM+SlvJl0QB25U4oGzDwIAl9faHFxnGElWKhTeV2FnhTlhD62esZl6I0eq7pd0ve5qvbhzE3sKJ3lxtyWEV8p yyx2i0i/ wv0lzdyqnYSz6ctZD6wcMw+lr2XZHkaq7PNp/tC6b1qVb1xiODn7bn8Sq9UucRpueUaWwifZJGFc+jtX3g7+6voCTBJIZ2Aos8HAXF1KRkr5bPearXMTJjUXIkLlh5A8+gTv/C3HIauTgZ2tM2ZDsnscHdrpF0wjFF4oPaLNguNQtYYsujX92Qpnop2ctSufIBilvjoK5f3unA8kBXqHNl7dZ8xd35pHyUAAWKsFbfcoDlZZmQVRpLBSse1rsWxgO2Ea2 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000044, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > > I was thinking of possibility of an overflow but at the moment the > > blocklog is capped at 16 (65536 bytes) right? mkfs refuses any block > > sizes more than 64k. And we have check for this in xfs_validate_sb_common() > > in the kernel, which will catch it before this happens? > > The sb_blocklog is checked in the superblock verifier when we first read in the > superblock: > > sbp->sb_blocksize < XFS_MIN_BLOCKSIZE || > sbp->sb_blocksize > XFS_MAX_BLOCKSIZE || > sbp->sb_blocklog < XFS_MIN_BLOCKSIZE_LOG || > sbp->sb_blocklog > XFS_MAX_BLOCKSIZE_LOG || > sbp->sb_blocksize != (1 << sbp->sb_blocklog) || > > #define XFS_MAX_BLOCKSIZE_LOG 16 > > However, we pass mp->m_sb.sb_dblocks or m_sb.sb_rblocks to this > function, and they are validated by the same verifier as invalid > if: > > sbp->sb_dblocks > XFS_MAX_DBLOCKS(sbp) > > #define XFS_MAX_DBLOCKS(s) ((xfs_rfsblock_t)(s)->sb_agcount * > (s)->sb_agblocks) > > Which means as long as someone can corrupt some combination of > sb_dblocks, sb_agcount and sb_agblocks that allows sb_dblocks to be > greater than 2^48 on a 64kB fsb fs, then that the above code: > > uint64_t bytes = nblocks << sbp->sb_blocklog; > > will overflow. > > I also suspect that we can feed a huge rtdev to this new code > and have it overflow without needing to corrupt the superblock in > any way.... So we could use the check_mul_overflow to detect these cases: diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c index 596aa2cdefbc..23faa993fb80 100644 --- a/fs/xfs/xfs_mount.c +++ b/fs/xfs/xfs_mount.c @@ -132,8 +132,12 @@ xfs_sb_validate_fsb_count( uint64_t nblocks) { ASSERT(sbp->sb_blocklog >= BBSHIFT); - unsigned long mapping_count; - uint64_t bytes = nblocks << sbp->sb_blocklog; + uint64_t mapping_count; + uint64_t bytes; + + if (check_mul_overflow(nblocks, (1 << sbp->sb_blocklog), &bytes)) + return -EFBIG; if (!IS_ENABLED(CONFIG_XFS_LBS)) ASSERT(PAGE_SHIFT >= sbp->sb_blocklog); > > -Dave. > -- > Dave Chinner > david@fromorbit.com