xfs: validity check agbnos on the AGFL

Source kernel commit: 3148ebf2c0782340946732bfaf3073d23ac833fa If the agfl or the indexing in the AGF has been corrupted, getting a block form the AGFL could return an invalid block number. If this happens, bad things happen. Check the agbno we pull off the AGFL and return -EFSCORRUPTED if we find somethign bad. Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Darrick J. Wong <djwong@kernel.org> Signed-off-by: Dave Chinner <david@fromorbit.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Carlos Maiolino <cem@kernel.org>
author: Dave Chinner <dchinner@redhat.com> 2023-06-15 18:37:35 -0700
committer: Carlos Maiolino <cem@kernel.org> 2023-06-22 14:07:39 +0200
commit: 629d6b3df786a8a241b2cd72fb5885d66ea143d8 (patch)
tree: 941ef695b27a7ab90a910a6b6f64bd6c2a6b8270
parent: daa2d8205208dfafaa8dc29310f93f6c94803e24 (diff)
download: xfsprogs-dev-629d6b3df786a8a241b2cd72fb5885d66ea143d8.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libxfs/xfs_alloc.c b/libxfs/xfs_alloc.c
index 229b22e65d..40a36efa76 100644
--- a/libxfs/xfs_alloc.c
+++ b/libxfs/xfs_alloc.c
@@ -2776,6 +2776,9 @@ xfs_alloc_get_freelist(
 	 */
 	agfl_bno = xfs_buf_to_agfl_bno(agflbp);
 	bno = be32_to_cpu(agfl_bno[be32_to_cpu(agf->agf_flfirst)]);
+	if (XFS_IS_CORRUPT(tp->t_mountp, !xfs_verify_agbno(pag, bno)))
+		return -EFSCORRUPTED;
+
 	be32_add_cpu(&agf->agf_flfirst, 1);
 	xfs_trans_brelse(tp, agflbp);
 	if (be32_to_cpu(agf->agf_flfirst) == xfs_agfl_size(mp))
author	Dave Chinner <dchinner@redhat.com>	2023-06-15 18:37:35 -0700
committer	Carlos Maiolino <cem@kernel.org>	2023-06-22 14:07:39 +0200
commit	629d6b3df786a8a241b2cd72fb5885d66ea143d8 (patch)
tree	941ef695b27a7ab90a910a6b6f64bd6c2a6b8270
parent	daa2d8205208dfafaa8dc29310f93f6c94803e24 (diff)
download	xfsprogs-dev-629d6b3df786a8a241b2cd72fb5885d66ea143d8.tar.gz