From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 265B3C48260 for ; Tue, 13 Feb 2024 22:44:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AA0B76B008A; Tue, 13 Feb 2024 17:44:44 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A50A76B0095; Tue, 13 Feb 2024 17:44:44 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8F2128D0001; Tue, 13 Feb 2024 17:44:44 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 7F6FD6B008A for ; Tue, 13 Feb 2024 17:44:44 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 4F658C0D32 for ; Tue, 13 Feb 2024 22:44:44 +0000 (UTC) X-FDA: 81788261688.10.E4296A0 Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by imf05.hostedemail.com (Postfix) with ESMTP id 5BB1F100003 for ; Tue, 13 Feb 2024 22:44:42 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=fromorbit-com.20230601.gappssmtp.com header.s=20230601 header.b=nVCR88Ep; dmarc=pass (policy=quarantine) header.from=fromorbit.com; spf=pass (imf05.hostedemail.com: domain of david@fromorbit.com designates 209.85.210.179 as permitted sender) smtp.mailfrom=david@fromorbit.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1707864282; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=u1sKZkLPjgDOF5m3bXTmn29vEuAR6iiKektHF/NRrR0=; b=0MYbuIcS0YEe4SivaYGVRzZApaO8RQUD9HM8LD07CtEW7E07FOMjbZ6xll8hMNTyE21e3a z4LUMoJStLF0YWv1ZTSsx8Dl2wihGGhZC+g6wX5xqZUPMsze2cMXg4IqDj4V/YH281TPiv sTvdeGAFA3ehzjhI/UOUmNxMoeTYqIM= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=fromorbit-com.20230601.gappssmtp.com header.s=20230601 header.b=nVCR88Ep; dmarc=pass (policy=quarantine) header.from=fromorbit.com; spf=pass (imf05.hostedemail.com: domain of david@fromorbit.com designates 209.85.210.179 as permitted sender) smtp.mailfrom=david@fromorbit.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1707864282; a=rsa-sha256; cv=none; b=JrILFPpb2aa5jASHOnWltS3JXb+t3i8Xii6QrkiSnxyb1za5WwUb0kLNDOlfmH/RZ48AxB 0XoFhSdGhPMgVOzsuxnw1rmSI9WGfUhYYqUQFCdKNqcxsZPRFhO/upxq5oPVGiY+axLWu/ KGjg2sK2kiC2VmRoKMF63SEL6v19Vqo= Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-6e10746c6f4so325703b3a.2 for ; Tue, 13 Feb 2024 14:44:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fromorbit-com.20230601.gappssmtp.com; s=20230601; t=1707864281; x=1708469081; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=u1sKZkLPjgDOF5m3bXTmn29vEuAR6iiKektHF/NRrR0=; b=nVCR88Epu7GqFhuV395ZfClP2vNX0OwaZ5bwW5ARZoxnmLeemLx3ttc72LKQhoaE2Q MfsWNAEng7S6afMBH4k96QvFHkfOM0bxmTEJBuwJn2ZIFqP7Aq0AdwDBSbTHAmQLdSBP V5Wr7JxuCu3e6o1iF0JtDCqg8nTLZJajMwVVhEDiLBFXGir0c89plcYFVNY+pmOrr/zd tAfqUDO02rvtcRLDis30xoPVj3Ghe94542h+WSZbaB3WhEjrTnQP9kyrtI8DySQ/x7Zc NtEfHNI5dGzZkxzzxirFor5MD8ScxOQRFm6lWrBZomkO+DgqHg4I6iMJW5w41nS83Ztp 4TZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707864281; x=1708469081; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=u1sKZkLPjgDOF5m3bXTmn29vEuAR6iiKektHF/NRrR0=; b=cA2YEG6eUl+PR1q5R1F7CsSxyDIMtS1ZjmJtsPqnPJRyn37rWja6rFo4aUZBXtSumx 33o294HlexZnXJrfbLWcKLWZ9jhx0WSUSybnfqnvFZrNi7D2nX3TbRcDtaAo0b3OnOYw z4yh9SzhjOqgD1C9Cl5ah7vE00S0htQkL0AlPbC2AFjkI0fCYjWOo935/Z1kO4iDvzxZ QYrT50Hy1x0J2xZzba/OeYTO9+By8nM8SmIT3MH96c7GTkBS0rmD9U/GUAo2BHDRqalq YT1SS4Hc6p1/Jvg2aEZRZoPs1Jju+Wk1k/lrToiLkQuQJ/rCJ2OfjIvOHDgs+Z30GVus awEQ== X-Forwarded-Encrypted: i=1; AJvYcCVkMCnn/yc4Xe7shHVvNNIGYIWdR3EP5WOoC0NIa2ARKcBCyqZCAwPFnf+eODMF7wnDDq0bXNxCObKuBdr2abjNwpM= X-Gm-Message-State: AOJu0YxZpMzvUd4JdrWacIuHkaIsvtAZYTyULK4URVAsdU9ZF/vGXJ+n vS16Vfyarg9QOhnv/CecjxBR6lv4jiB2Uak0/A7IYyoXzsaM5zLTwtfcGVogv1w= X-Google-Smtp-Source: AGHT+IEEfZk2QvJm0SnvWBUF2nizLOAjdHL84kGnsQEnz4ta77+jkalKGer0Gupu4/rPGedCeEooAA== X-Received: by 2002:a05:6a20:d809:b0:19e:ba40:83e9 with SMTP id iv9-20020a056a20d80900b0019eba4083e9mr1461948pzb.17.1707864281250; Tue, 13 Feb 2024 14:44:41 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCXLIL+5HbWfGdrbIFKF29jZ7ekgxR3Cem75R2GxM2SCb2adZY4DmlDpHJDBxWhw5qcwpLxmaOOHL13+l7ewRF6slNN34C0Dtmv4tppu8BPbrWlpYoN/mBus0eEZiBc1GirGPpePLR0PlbCqHsiYq5lvQJXhvVqnSMv2vAaToodBoUu2x2ERjz0mmPTt5yMJJjIW3/heHmiJ/lzYRKmcpK/r91qVHRI999G5V14FkT+8zJ+jaFFRJG4d7vnpV2knDFWXhjsAZNapkWUR2hOeNE/U/hnSnjXPepPqJ0c4o4+0UWNP0k/LhCAb4F3qrPFni1SK8Oudg3w4mRVLSxOXM5nqMmjP/ZzTEydIiaMjBGttWrNbAx19Rdby6PC1gqcsA5JQlSFLhjCotVJgdF61kXdSTJfD7PdXFJ8Z70zB8WBzOBfyvw== Received: from dread.disaster.area (pa49-181-38-249.pa.nsw.optusnet.com.au. [49.181.38.249]) by smtp.gmail.com with ESMTPSA id n8-20020aa78a48000000b006e06936c7a6sm7948075pfa.200.2024.02.13.14.44.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 14:44:40 -0800 (PST) Received: from dave by dread.disaster.area with local (Exim 4.96) (envelope-from ) id 1ra1W2-0068M2-0u; Wed, 14 Feb 2024 09:44:38 +1100 Date: Wed, 14 Feb 2024 09:44:38 +1100 From: Dave Chinner To: "Pankaj Raghav (Samsung)" Cc: "Darrick J. Wong" , linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, mcgrof@kernel.org, gost.dev@samsung.com, akpm@linux-foundation.org, kbusch@kernel.org, chandan.babu@oracle.com, p.raghav@samsung.com, linux-kernel@vger.kernel.org, hare@suse.de, willy@infradead.org, linux-mm@kvack.org Subject: Re: [RFC v2 12/14] xfs: make the calculation generic in xfs_sb_validate_fsb_count() Message-ID: References: <20240213093713.1753368-1-kernel@pankajraghav.com> <20240213093713.1753368-13-kernel@pankajraghav.com> <20240213162611.GP6184@frogsfrogsfrogs> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 5BB1F100003 X-Stat-Signature: x3thai6qxyxum6ejgptf8b5p6smkwswz X-Rspam-User: X-HE-Tag: 1707864282-255741 X-HE-Meta: U2FsdGVkX18WlIhRYx4lyp8Qvz4SjuyowZGvzlylG/ZxmXjufaGilIGw9XMzD4GK3fhXeimAietIpxFILwVfKjqv4OG90Ol2GkLwEmQR6cpdHEYKJqF5vS/jp4jegYMHtgrZfGN2wONOwopXUPPv7fYJ4T1rBTQIG9dhc86GXIcMXTiKfsmKGPlJV+SXUk5qyIwNG2Kt2rSsBnD+vvPIu6BNectsJnS7GWlIHzENMSinSSNafeHqhHGRyG1j9eXUDKn9VMY1Mh0DkgNerazD7N1QZqGTN2m+/FNr773RmIZ0GyCffS8vlk/zi9sCPCjdBMvG9060liIJihMfZNKl0x2/bnHHhIwDnu4AklTXrDgQCaLwLAmiT57PIFvjzPqJ6suWo4bl3gJnDY68imh8gnSh9Dua86CChF8DWFl00xvZV0+qgNRZr6bGQHB8mIEWvJ7dO/JzAgP/KpBVFJkLKPv29CPvoYt720qTtZlzERwzFCRoboeUaPXUzc2NO8b7kW7pk7gVZ1ImWSH43bXlJBlUSP/dbu4apbRZy4rxosEGBU4JzFK+4i3rAxdK9crQHr3rt6uW0cp4Lm6ZOktYDjesANG6TuyzZg9NneGYMcd8BSgyV+iRxzHWQ8gDxKMIc4ZcgTHZbUH7m9yaZ2rMn1gyHtxRkI7r6gj2DenBGSbQmzvzAj9qTG8FybUcNBtA9/SrNX4IUK9TN3pfiXZLotDJWSL4+s44NJ+Qdtf3K7YD+R9CHylpmb6saIB850fVRB0D+2JgUtRtdcbB7YM7fIiWJ31SLUFReqavubzov7Uk4B54XoGY2Y+XAmnf2sZGjVJ9V1VFSixPk+ev2ENQNqRwHbkfnmT+OJYb5iPMLyFdgX8w9IgnP8UVAN8HMdy1RqgFKHrUFLMAjxdkLsCjv4hK8iMhBj5NyHNzqofB1xkK/uqh4udunolV5RKzD3RPh8EFkoZrlITerIugoti AxgW5gqH G0WRlIrBKSrRJ4GCGXZSKGWC+SHhaToy+c/g447wI+EEiOdvoN9fwPEej3aRJojDluSVQF/HtNrWzoca7+N7RcrjrmAsf7SQRw27MGVJJA1Fde44ixIVLiUzvPWx0tg5RPPZheFpSBNg0Hz8r1DO2vZkwKDW5TKpIomAu7uA4a9RWctl6EPsZ59KSxllRNF5+ZlGTPQcgUmjZhrRqv/8v+liJYLkRRCCmPPY8Hbz28lUwmUcG5rSPtj+47PrOTgBXKIJ/Y8JzPb62rN+1yU/ADmkWE2o3D1H9u8tEdjiAxZ6svGs+D7noDPVTinyE8qpkz6y3rljOtLRgtIrCzoyAHXRsn44VaXfO8ZphYHnF5Ew2g1XMaQ25gSJEZ1kid7f+Bm/feMwjuGUT9QokQZsYYWMKjgn6CdehNLjsj3YlMdrvKsQ7XFAQo5fvcmf2mx79M7jmnxpjMcpSs1ob848iI7qZLWHFPjLXabttbg3nu3Y2rexUVNCrD6+rgV2XKXPmb6arQR9oPx9xcIQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000007, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Feb 13, 2024 at 10:48:17PM +0100, Pankaj Raghav (Samsung) wrote: > On Tue, Feb 13, 2024 at 08:26:11AM -0800, Darrick J. Wong wrote: > > On Tue, Feb 13, 2024 at 10:37:11AM +0100, Pankaj Raghav (Samsung) wrote: > > > From: Pankaj Raghav > > > > > > Instead of assuming that PAGE_SHIFT is always higher than the blocklog, > > > make the calculation generic so that page cache count can be calculated > > > correctly for LBS. > > > > > > Signed-off-by: Pankaj Raghav > > > --- > > > fs/xfs/xfs_mount.c | 6 +++++- > > > 1 file changed, 5 insertions(+), 1 deletion(-) > > > > > > diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c > > > index aabb25dc3efa..bfbaaecaf668 100644 > > > --- a/fs/xfs/xfs_mount.c > > > +++ b/fs/xfs/xfs_mount.c > > > @@ -133,9 +133,13 @@ xfs_sb_validate_fsb_count( > > > { > > > ASSERT(PAGE_SHIFT >= sbp->sb_blocklog); > > > ASSERT(sbp->sb_blocklog >= BBSHIFT); > > > + unsigned long mapping_count; > > > > Nit: indenting > > > > unsigned long mapping_count; > > I will add this in the next revision. > > > > > + uint64_t bytes = nblocks << sbp->sb_blocklog; > > > > What happens if someone feeds us a garbage fs with sb_blocklog > 64? > > Or did we check that previously, so an overflow isn't possible? > > > I was thinking of possibility of an overflow but at the moment the > blocklog is capped at 16 (65536 bytes) right? mkfs refuses any block > sizes more than 64k. And we have check for this in xfs_validate_sb_common() > in the kernel, which will catch it before this happens? The sb_blocklog is checked in the superblock verifier when we first read in the superblock: sbp->sb_blocksize < XFS_MIN_BLOCKSIZE || sbp->sb_blocksize > XFS_MAX_BLOCKSIZE || sbp->sb_blocklog < XFS_MIN_BLOCKSIZE_LOG || sbp->sb_blocklog > XFS_MAX_BLOCKSIZE_LOG || sbp->sb_blocksize != (1 << sbp->sb_blocklog) || #define XFS_MAX_BLOCKSIZE_LOG 16 However, we pass mp->m_sb.sb_dblocks or m_sb.sb_rblocks to this function, and they are validated by the same verifier as invalid if: sbp->sb_dblocks > XFS_MAX_DBLOCKS(sbp) #define XFS_MAX_DBLOCKS(s) ((xfs_rfsblock_t)(s)->sb_agcount * (s)->sb_agblocks) Which means as long as someone can corrupt some combination of sb_dblocks, sb_agcount and sb_agblocks that allows sb_dblocks to be greater than 2^48 on a 64kB fsb fs, then that the above code: uint64_t bytes = nblocks << sbp->sb_blocklog; will overflow. I also suspect that we can feed a huge rtdev to this new code and have it overflow without needing to corrupt the superblock in any way.... -Dave. -- Dave Chinner david@fromorbit.com