Page MenuHomeFreeBSD

ext2: Check for e2fs_first_dblock in ext2_compute_sb_data()
ClosedPublic

Authored by nc on Nov 16 2021, 11:01 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 6, 3:27 AM
Unknown Object (File)
Oct 15 2024, 5:25 AM
Unknown Object (File)
Oct 13 2024, 5:23 AM
Unknown Object (File)
Oct 7 2024, 5:21 PM
Unknown Object (File)
Oct 3 2024, 1:18 PM
Unknown Object (File)
Oct 2 2024, 2:00 PM
Unknown Object (File)
Oct 2 2024, 11:06 AM
Unknown Object (File)
Oct 1 2024, 4:31 PM
Subscribers

Details

Summary

This prevents a kernel panic on a damaged ext2 superblock.

PR: 259107
Reported by: Robert Morris <rtm@lcs.mit.edu>

Test Plan

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 42830
Build 39718: arc lint + arc unit

Event Timeline

nc requested review of this revision.Nov 16 2021, 11:01 PM
nc edited the test plan for this revision. (Show Details)

Oops, forgot one thing.

I have some good news, this works!

With patch:

root@fatbox:~ # mount -t ext2fs /dev/md0 /mnt
mount: /dev/md0: Invalid argument
root@fatbox:~ #

The first data block value check should be more complex. See s_first_data_block superblock field here:
https://ext4.wiki.kernel.org/index.php/Ext4_Disk_Layout

Thanks for the suggestions! I have (hopefully) incoroprated it in this patch.

This version of e2fs_first_dblock check will fail on 1k block size. The

fs->e2fs->e2fs_bcount >= 1024

is always true.

Ok, let's change e2fs_first_dblock check (ext2_vfsops.c, line 621) from:

	if (le32toh(es->e2fs_first_dblock) >= fs->e2fs_bcount) {
		SDT_PROBE1(ext2fs, , vfsops, ext2_compute_sb_data_error,
		    "first data block out of range");
		return (EINVAL);
	}

to

if (le32toh(es->e2fs_first_dblock) != (fs->e2fs_bsize > 1024 ? 0 : 1) ||
    le32toh(es->e2fs_first_dblock) >= fs->e2fs_bcount) {
         SDT_PROBE1(ext2fs, , vfsops, ext2_compute_sb_data_error,
            "first data block is invalid");
         return (EINVAL);
 }

Sorry for the delay. Thanks for the suggestion! Incorporated it!

This revision is now accepted and ready to land.Nov 28 2021, 2:41 PM