Commit 4cc929ee authored by Nathan Scott's avatar Nathan Scott Committed by Tim Shimmin

[XFS] Don't grow filesystems past the size they can index.

When growing a filesystem we don't check to see if the new size overflows
the page cache index range, so we can do silly things like grow a
filesystem page 16TB on a 32bit. Check new filesystem sizes against the
limits the kernel can support.

SGI-PV: 957886
SGI-Modid: xfs-linux-melb:xfs-kern:28563a
Signed-Off-By: default avatarNathan Scott <nscott@aconex.com>
Signed-off-by: default avatarDavid Chinner <dgc@sgi.com>
Signed-off-by: default avatarTim Shimmin <tes@sgi.com>
parent 1fa40b01
...@@ -140,6 +140,8 @@ xfs_growfs_data_private( ...@@ -140,6 +140,8 @@ xfs_growfs_data_private(
pct = in->imaxpct; pct = in->imaxpct;
if (nb < mp->m_sb.sb_dblocks || pct < 0 || pct > 100) if (nb < mp->m_sb.sb_dblocks || pct < 0 || pct > 100)
return XFS_ERROR(EINVAL); return XFS_ERROR(EINVAL);
if ((error = xfs_sb_validate_fsb_count(&mp->m_sb, nb)))
return error;
dpct = pct - mp->m_sb.sb_imax_pct; dpct = pct - mp->m_sb.sb_imax_pct;
error = xfs_read_buf(mp, mp->m_ddev_targp, error = xfs_read_buf(mp, mp->m_ddev_targp,
XFS_FSB_TO_BB(mp, nb) - XFS_FSS_TO_BB(mp, 1), XFS_FSB_TO_BB(mp, nb) - XFS_FSS_TO_BB(mp, 1),
......
...@@ -202,6 +202,27 @@ xfs_mount_free( ...@@ -202,6 +202,27 @@ xfs_mount_free(
kmem_free(mp, sizeof(xfs_mount_t)); kmem_free(mp, sizeof(xfs_mount_t));
} }
/*
* Check size of device based on the (data/realtime) block count.
* Note: this check is used by the growfs code as well as mount.
*/
int
xfs_sb_validate_fsb_count(
xfs_sb_t *sbp,
__uint64_t nblocks)
{
ASSERT(PAGE_SHIFT >= sbp->sb_blocklog);
ASSERT(sbp->sb_blocklog >= BBSHIFT);
#if XFS_BIG_BLKNOS /* Limited by ULONG_MAX of page cache index */
if (nblocks >> (PAGE_CACHE_SHIFT - sbp->sb_blocklog) > ULONG_MAX)
return E2BIG;
#else /* Limited by UINT_MAX of sectors */
if (nblocks << (sbp->sb_blocklog - BBSHIFT) > UINT_MAX)
return E2BIG;
#endif
return 0;
}
/* /*
* Check the validity of the SB found. * Check the validity of the SB found.
...@@ -284,18 +305,8 @@ xfs_mount_validate_sb( ...@@ -284,18 +305,8 @@ xfs_mount_validate_sb(
return XFS_ERROR(EFSCORRUPTED); return XFS_ERROR(EFSCORRUPTED);
} }
ASSERT(PAGE_SHIFT >= sbp->sb_blocklog); if (xfs_sb_validate_fsb_count(sbp, sbp->sb_dblocks) ||
ASSERT(sbp->sb_blocklog >= BBSHIFT); xfs_sb_validate_fsb_count(sbp, sbp->sb_rblocks)) {
#if XFS_BIG_BLKNOS /* Limited by ULONG_MAX of page cache index */
if (unlikely(
(sbp->sb_dblocks >> (PAGE_SHIFT - sbp->sb_blocklog)) > ULONG_MAX ||
(sbp->sb_rblocks >> (PAGE_SHIFT - sbp->sb_blocklog)) > ULONG_MAX)) {
#else /* Limited by UINT_MAX of sectors */
if (unlikely(
(sbp->sb_dblocks << (sbp->sb_blocklog - BBSHIFT)) > UINT_MAX ||
(sbp->sb_rblocks << (sbp->sb_blocklog - BBSHIFT)) > UINT_MAX)) {
#endif
xfs_fs_mount_cmn_err(flags, xfs_fs_mount_cmn_err(flags,
"file system too large to be mounted on this system."); "file system too large to be mounted on this system.");
return XFS_ERROR(E2BIG); return XFS_ERROR(E2BIG);
......
...@@ -624,6 +624,7 @@ extern int xfs_sync_inodes(xfs_mount_t *, int, int *); ...@@ -624,6 +624,7 @@ extern int xfs_sync_inodes(xfs_mount_t *, int, int *);
extern xfs_agnumber_t xfs_initialize_perag(struct bhv_vfs *, xfs_mount_t *, extern xfs_agnumber_t xfs_initialize_perag(struct bhv_vfs *, xfs_mount_t *,
xfs_agnumber_t); xfs_agnumber_t);
extern void xfs_xlatesb(void *, struct xfs_sb *, int, __int64_t); extern void xfs_xlatesb(void *, struct xfs_sb *, int, __int64_t);
extern int xfs_sb_validate_fsb_count(struct xfs_sb *, __uint64_t);
extern struct xfs_dmops xfs_dmcore_stub; extern struct xfs_dmops xfs_dmcore_stub;
extern struct xfs_qmops xfs_qmcore_stub; extern struct xfs_qmops xfs_qmcore_stub;
......
...@@ -1882,11 +1882,13 @@ xfs_growfs_rt( ...@@ -1882,11 +1882,13 @@ xfs_growfs_rt(
(nrblocks = in->newblocks) <= sbp->sb_rblocks || (nrblocks = in->newblocks) <= sbp->sb_rblocks ||
(sbp->sb_rblocks && (in->extsize != sbp->sb_rextsize))) (sbp->sb_rblocks && (in->extsize != sbp->sb_rextsize)))
return XFS_ERROR(EINVAL); return XFS_ERROR(EINVAL);
if ((error = xfs_sb_validate_fsb_count(sbp, nrblocks)))
return error;
/* /*
* Read in the last block of the device, make sure it exists. * Read in the last block of the device, make sure it exists.
*/ */
error = xfs_read_buf(mp, mp->m_rtdev_targp, error = xfs_read_buf(mp, mp->m_rtdev_targp,
XFS_FSB_TO_BB(mp, in->newblocks - 1), XFS_FSB_TO_BB(mp, nrblocks - 1),
XFS_FSB_TO_BB(mp, 1), 0, &bp); XFS_FSB_TO_BB(mp, 1), 0, &bp);
if (error) if (error)
return error; return error;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment