From: Dave Chinner <dchinner@redhat.com>
Date: Tue, 20 Jul 2010 01:14:02 -0400
Subject: [fs] xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
Message-id: <1279588442-3741-4-git-send-email-dchinner@redhat.com>
Patchwork-id: 26954
O-Subject: [RHEL5.6 3/3] xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
Bugzilla: 607032
RH-Acked-by: Christoph Hellwig <chellwig@redhat.com>
Upstream Commit: 1920779e67cbf5ea8afef317777c5bf2b8096188
RH BZ: 607032
Inode numbers may come from somewhere external to the filesystem
(e.g. file handles, bulkstat information) and so are inherently
untrusted. Rename the flag we use for these lookups to make it
obvious we are doing a lookup of an untrusted inode number and need
to verify it completely before trying to read it from disk.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
diff --git a/fs/xfs/linux-2.6/xfs_export.c b/fs/xfs/linux-2.6/xfs_export.c
index c46e1df..8f0586f 100644
--- a/fs/xfs/linux-2.6/xfs_export.c
+++ b/fs/xfs/linux-2.6/xfs_export.c
@@ -149,8 +149,13 @@ xfs_fs_get_dentry(
*/
if (xfid->fid_ino == 0)
return ERR_PTR(-ESTALE);
-
- error = xfs_iget(mp, NULL, xfid->fid_ino, 0, XFS_ILOCK_SHARED, &ip, 0);
+ /*
+ * The XFS_IGET_UNTRUSTED means that an invalid inode number is just
+ * fine and not an indication of a corrupted filesystem as clients can
+ * send invalid file handles and we have to handle it gracefully..
+ */
+ error = xfs_iget(mp, NULL, xfid->fid_ino, XFS_IGET_UNTRUSTED,
+ XFS_ILOCK_SHARED, &ip, 0);
if (error)
return ERR_PTR(-error);
if (!ip)
diff --git a/fs/xfs/xfs_ialloc.c b/fs/xfs/xfs_ialloc.c
index 541e3c1..049ba18 100644
--- a/fs/xfs/xfs_ialloc.c
+++ b/fs/xfs/xfs_ialloc.c
@@ -1211,7 +1211,7 @@ xfs_imap_lookup(
return error;
/* for untrusted inodes check it is allocated first */
- if ((flags & XFS_IGET_BULKSTAT) &&
+ if ((flags & XFS_IGET_UNTRUSTED) &&
(chunk_free & XFS_INOBT_MASK(agino - chunk_agino)))
return EINVAL;
@@ -1254,8 +1254,11 @@ xfs_dilocate(
if (agno >= mp->m_sb.sb_agcount || agbno >= mp->m_sb.sb_agblocks ||
ino != XFS_AGINO_TO_INO(mp, agno, agino)) {
#ifdef DEBUG
- /* no diagnostics for bulkstat, ino comes from userspace */
- if (flags & XFS_IMAP_BULKSTAT)
+ /*
+ * Don't output diagnostic information for untrusted inodes
+ * as they can be invalid without implying corruption.
+ */
+ if (flags & XFS_IGET_UNTRUSTED)
return XFS_ERROR(EINVAL);
if (agno >= mp->m_sb.sb_agcount) {
xfs_fs_cmn_err(CE_ALERT, mp,
@@ -1291,7 +1294,7 @@ xfs_dilocate(
* inodes in stale state on disk. Hence we have to do a btree lookup
* in all cases where an untrusted inode number is passed.
*/
- if (flags & XFS_IGET_BULKSTAT) {
+ if (flags & XFS_IGET_UNTRUSTED) {
error = xfs_imap_lookup(mp, tp, agno, agino, agbno,
&chunk_agbno, &offset_agbno, flags);
if (error)
diff --git a/fs/xfs/xfs_iget.c b/fs/xfs/xfs_iget.c
index e229e9e..9e048e1 100644
--- a/fs/xfs/xfs_iget.c
+++ b/fs/xfs/xfs_iget.c
@@ -202,7 +202,7 @@ finish_inode:
* a new vnode for it. This should also initialize i_ino and i_mount.
*/
error = xfs_iread(mp, tp, ino, &ip, bno,
- (flags & XFS_IGET_BULKSTAT) ? XFS_IMAP_BULKSTAT : 0);
+ (flags & XFS_IGET_UNTRUSTED) ? XFS_IMAP_UNTRUSTED : 0);
if (error) {
xfs_put_perag(mp, pag);
return error;
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
index 2c1f102..5b3149e 100644
--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c
@@ -178,7 +178,7 @@ xfs_imap_to_bp(
if (unlikely(XFS_TEST_ERROR(!di_ok, mp,
XFS_ERRTAG_ITOBP_INOTOBP,
XFS_RANDOM_ITOBP_INOTOBP))) {
- if (imap_flags & XFS_IMAP_BULKSTAT) {
+ if (imap_flags & XFS_IMAP_UNTRUSTED) {
xfs_trans_brelse(tp, bp);
return XFS_ERROR(EINVAL);
}
diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h
index 1420c49..e8280da 100644
--- a/fs/xfs/xfs_inode.h
+++ b/fs/xfs/xfs_inode.h
@@ -101,7 +101,7 @@ typedef struct xfs_ifork {
* Flags for xfs_itobp(), xfs_imap() and xfs_dilocate().
*/
#define XFS_IMAP_LOOKUP 0x1
-#define XFS_IMAP_BULKSTAT 0x2
+#define XFS_IMAP_UNTRUSTED 0x2
#ifdef __KERNEL__
struct bhv_desc;
@@ -463,7 +463,7 @@ xfs_iflags_test_and_clear(xfs_inode_t *ip, unsigned short flags)
* Flags for xfs_iget()
*/
#define XFS_IGET_CREATE 0x1
-#define XFS_IGET_BULKSTAT 0x2
+#define XFS_IGET_UNTRUSTED 0x2
/*
* xfs_iget.c prototypes.
diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c
index 84c5f7e..8ce2e38 100644
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -79,7 +79,7 @@ xfs_bulkstat_one_int(
return XFS_ERROR(ENOMEM);
error = xfs_iget(mp, NULL, ino,
- XFS_IGET_BULKSTAT, XFS_ILOCK_SHARED, &ip, bno);
+ XFS_IGET_UNTRUSTED, XFS_ILOCK_SHARED, &ip, bno);
if (error) {
*stat = BULKSTAT_RV_NOTHING;
goto out_free;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
27922b4260f65d317aabda37e42bbbff
>
files
>
1222
