* Tue Jun 30 2009 Eric Sandeen <sandeen@redhat.com> 3.0.1-9

- Fix block overflows in xfs_repair and xfs_metadump
2009-07-09 16:22:40 +00:00 · 2009-07-09 16:22:40 +00:00 · e9b290532b
commit e9b290532b
parent bea2a0f462
2 changed files with 91 additions and 2 deletions
--- a/xfsprogs-3.0.1-overflows.patch
+++ b/xfsprogs-3.0.1-overflows.patch
@ -0,0 +1,84 @@
 From: Eric Sandeen <sandeen@sandeen.net>
 Date: Thu, 2 Jul 2009 05:29:36 +0000 (-0500)
 Subject: xfs_repair: fix agcount*agblocks overflows
 X-Git-Url: http://git.kernel.org/?p=fs%2Fxfs%2Fxfsprogs-dev.git;a=commitdiff_plain;h=003e8e41124707f55b20b376a6359dc7f6292991
 xfs_repair: fix agcount*agblocks overflows
 The last test in verify_ag_bno() may overflow:
 return (agbno >= (sbp->sb_dblocks -
 		((sbp->sb_agcount - 1) * sbp->sb_agblocks)));
 because sb_agcount & sb_agblocks are 32-bit integers; this
 may then miss corrupt agbnos for the last ag, which can in
 turn lead to out of bounds memory accesses later, for example
 when the block nr is used to offset in set_agbno_state():
 	addr = ba_bmap[(agno)] + (ag_blockno)/XR_BB_NUM;
 Similar problems in mk_incore_fstree
 Reported-by: Jesse Stroik <jstroik@ssec.wisc.edu>
 Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
 Reviewed-by: Felix Blyakher <felixb@sgi.com>
 ---
 From: Eric Sandeen <sandeen@sandeen.net>
 Date: Mon, 6 Jul 2009 19:53:35 +0000 (-0500)
 Subject: xfs_metadump: agcount*agblocks overflow
 X-Git-Url: http://git.kernel.org/?p=fs%2Fxfs%2Fxfsprogs-dev.git;a=commitdiff_plain;h=66be354ed0dfb73566f504ac7301fab7915e9475
 xfs_metadump: agcount*agblocks overflow
 Found another potential overflow in xfs_metadump,
 similar to those just fixed in repair.
 Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
 Reviewed-by: Christoph Hellwig <hch@infradead.org>
 ---
 diff --git a/repair/dinode.c b/repair/dinode.c
 index fdf52db..84e1d05 100644
 --- a/repair/dinode.c
 +++ b/repair/dinode.c
@@ -319,7 +319,8 @@ verify_ag_bno(xfs_sb_t *sbp,
 		return (agbno >= sbp->sb_agblocks);
 	if (agno == (sbp->sb_agcount - 1)) 
 		return (agbno >= (sbp->sb_dblocks -
 -				((sbp->sb_agcount - 1) * sbp->sb_agblocks)));
 +				((xfs_drfsbno_t)(sbp->sb_agcount - 1) *
 +				 sbp->sb_agblocks)));
 	return 1;
 }
 diff --git a/repair/phase5.c b/repair/phase5.c
 index 2c243b6..26f5aa2 100644
 --- a/repair/phase5.c
 +++ b/repair/phase5.c
@@ -113,7 +113,8 @@ mk_incore_fstree(xfs_mount_t *mp, xfs_agnumber_t agno)
 		ag_end = mp->m_sb.sb_agblocks;
 	else
 		ag_end = mp->m_sb.sb_dblocks -
 -			mp->m_sb.sb_agblocks * (mp->m_sb.sb_agcount - 1);
 +			(xfs_drfsbno_t)mp->m_sb.sb_agblocks *
 +                       (mp->m_sb.sb_agcount - 1);
 	/*
 	 * ok, now find the number of extents, keep track of the
 diff --git a/db/metadump.c b/db/metadump.c
 index 19aed4f..ef6e571 100644
 --- a/db/metadump.c
 +++ b/db/metadump.c
@@ -222,7 +222,8 @@ valid_bno(
 		return 1;
 	if (agno == (mp->m_sb.sb_agcount - 1) && agbno > 0 &&
 			agbno <= (mp->m_sb.sb_dblocks -
 -			 (mp->m_sb.sb_agcount - 1) * mp->m_sb.sb_agblocks))
 +			 (xfs_drfsbno_t)(mp->m_sb.sb_agcount - 1) *
 +			 mp->m_sb.sb_agblocks))
 		return 1;
 	return 0;
--- a/xfsprogs.spec
+++ b/xfsprogs.spec
@ -1,7 +1,7 @@
 Summary:	Utilities for managing the XFS filesystem
 Name:		xfsprogs
 Version:	3.0.1
-Release:	8%{?dist}
+Release:	9%{?dist}
 # Licensing based on generic "GNU GENERAL PUBLIC LICENSE"
 # in source, with no mention of version.
 # doc/COPYING file specifies what is GPL and what is LGPL
@ -20,8 +20,9 @@ Conflicts:	xfsdump < 3.0.1
 # These are upstream
 Patch0:		xfsprogs-3.0.1-readline.patch
 Patch1:		xfsprogs-3.0.1-fallocate.patch
 Patch2:		xfsprogs-3.0.1-overflows.patch
 # This one, not yet
-Patch2:		xfsprogs-3.0.1-mkfs-lazy-count-default.patch
+Patch3:		xfsprogs-3.0.1-mkfs-lazy-count-default.patch
 %description
 A set of commands to use the XFS filesystem, including mkfs.xfs.
@ -69,6 +70,7 @@ in building or running the xfstests QA suite.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %build
 export tagname=CC DEBUG=-DNDEBUG
@ -195,6 +197,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_includedir}/xfs/xfs_types.h
 %changelog
 * Tue Jun 30 2009 Eric Sandeen <sandeen@redhat.com> 3.0.1-9
 - Fix block overflows in xfs_repair and xfs_metadump
 * Tue Jun 30 2009 Eric Sandeen <sandeen@redhat.com> 3.0.1-8
 - Fix up build-requires after e2fsprogs splitup