commit 1920779e67cbf5ea8afef317777c5bf2b8096188 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED

Inode numbers may come from somewhere external to the filesystem
(e.g. file handles, bulkstat information) and so are inherently
untrusted. Rename the flag we use for these lookups to make it
obvious we are doing a lookup of an untrusted inode number and need
to verify it completely before trying to read it from disk.

Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>

authored by Dave Chinner and committed by Dave Chinner 15 years ago 1920779e 7124fe0a

+14 -12

5 changed files

expand all

unified split

xfs

linux-2.6

xfs_export.c

xfs_ialloc.c

xfs_inode.c

xfs_inode.h

xfs_itable.c

+4 -5

fs/xfs/linux-2.6/xfs_export.c

··· 128 128 return ERR_PTR(-ESTALE); 129 129 130 130 /* 131 - * The XFS_IGET_BULKSTAT means that an invalid inode number is just 132 - * fine and not an indication of a corrupted filesystem. Because 133 - * clients can send any kind of invalid file handle, e.g. after 134 - * a restore on the server we have to deal with this case gracefully. 131 + * The XFS_IGET_UNTRUSTED means that an invalid inode number is just 132 + * fine and not an indication of a corrupted filesystem as clients can 133 + * send invalid file handles and we have to handle it gracefully.. 135 134 */ 136 - error = xfs_iget(mp, NULL, ino, XFS_IGET_BULKSTAT, 135 + error = xfs_iget(mp, NULL, ino, XFS_IGET_UNTRUSTED, 137 136 XFS_ILOCK_SHARED, &ip, 0); 138 137 if (error) { 139 138 /*

+7 -4

fs/xfs/xfs_ialloc.c

··· 1251 1251 return error; 1252 1252 1253 1253 /* for untrusted inodes check it is allocated first */ 1254 - if ((flags & XFS_IGET_BULKSTAT) && 1254 + if ((flags & XFS_IGET_UNTRUSTED) && 1255 1255 (rec.ir_free & XFS_INOBT_MASK(agino - rec.ir_startino))) 1256 1256 return EINVAL; 1257 1257 ··· 1292 1292 if (agno >= mp->m_sb.sb_agcount || agbno >= mp->m_sb.sb_agblocks || 1293 1293 ino != XFS_AGINO_TO_INO(mp, agno, agino)) { 1294 1294 #ifdef DEBUG 1295 - /* no diagnostics for bulkstat, ino comes from userspace */ 1296 - if (flags & XFS_IGET_BULKSTAT) 1295 + /* 1296 + * Don't output diagnostic information for untrusted inodes 1297 + * as they can be invalid without implying corruption. 1298 + */ 1299 + if (flags & XFS_IGET_UNTRUSTED) 1297 1300 return XFS_ERROR(EINVAL); 1298 1301 if (agno >= mp->m_sb.sb_agcount) { 1299 1302 xfs_fs_cmn_err(CE_ALERT, mp, ··· 1332 1329 * inodes in stale state on disk. Hence we have to do a btree lookup 1333 1330 * in all cases where an untrusted inode number is passed. 1334 1331 */ 1335 - if (flags & XFS_IGET_BULKSTAT) { 1332 + if (flags & XFS_IGET_UNTRUSTED) { 1336 1333 error = xfs_imap_lookup(mp, tp, agno, agino, agbno, 1337 1334 &chunk_agbno, &offset_agbno, flags); 1338 1335 if (error)

+1 -1

fs/xfs/xfs_inode.c

··· 177 177 if (unlikely(XFS_TEST_ERROR(!di_ok, mp, 178 178 XFS_ERRTAG_ITOBP_INOTOBP, 179 179 XFS_RANDOM_ITOBP_INOTOBP))) { 180 - if (iget_flags & XFS_IGET_BULKSTAT) { 180 + if (iget_flags & XFS_IGET_UNTRUSTED) { 181 181 xfs_trans_brelse(tp, bp); 182 182 return XFS_ERROR(EINVAL); 183 183 }

+1 -1

fs/xfs/xfs_inode.h

··· 500 500 * Flags for xfs_iget() 501 501 */ 502 502 #define XFS_IGET_CREATE 0x1 503 - #define XFS_IGET_BULKSTAT 0x2 503 + #define XFS_IGET_UNTRUSTED 0x2 504 504 505 505 int xfs_inotobp(struct xfs_mount *, struct xfs_trans *, 506 506 xfs_ino_t, struct xfs_dinode **,

+1 -1

fs/xfs/xfs_itable.c

··· 80 80 return XFS_ERROR(ENOMEM); 81 81 82 82 error = xfs_iget(mp, NULL, ino, 83 - XFS_IGET_BULKSTAT, XFS_ILOCK_SHARED, &ip, bno); 83 + XFS_IGET_UNTRUSTED, XFS_ILOCK_SHARED, &ip, bno); 84 84 if (error) { 85 85 *stat = BULKSTAT_RV_NOTHING; 86 86 goto out_free;