Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
Inode numbers may come from somewhere external to the filesystem
(e.g. file handles, bulkstat information) and so are inherently
untrusted. Rename the flag we use for these lookups to make it
obvious we are doing a lookup of an untrusted inode number and need
to verify it completely before trying to read it from disk.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
authored by Dave Chinner and committed by Dave Chinner 1920779e 7124fe0a
+4
-5
fs/xfs/linux-2.6/xfs_export.c
+4
-5
fs/xfs/linux-2.6/xfs_export.c
···
128
return ERR_PTR(-ESTALE);
129
130
/*
131
-
* The XFS_IGET_BULKSTAT means that an invalid inode number is just
132
-
* fine and not an indication of a corrupted filesystem. Because
133
-
* clients can send any kind of invalid file handle, e.g. after
134
-
* a restore on the server we have to deal with this case gracefully.
135
*/
136
-
error = xfs_iget(mp, NULL, ino, XFS_IGET_BULKSTAT,
137
XFS_ILOCK_SHARED, &ip, 0);
138
if (error) {
139
/*
···
128
return ERR_PTR(-ESTALE);
129
130
/*
131
+
* The XFS_IGET_UNTRUSTED means that an invalid inode number is just
132
+
* fine and not an indication of a corrupted filesystem as clients can
133
+
* send invalid file handles and we have to handle it gracefully..
134
*/
135
+
error = xfs_iget(mp, NULL, ino, XFS_IGET_UNTRUSTED,
136
XFS_ILOCK_SHARED, &ip, 0);
137
if (error) {
138
/*
+7
-4
fs/xfs/xfs_ialloc.c
+7
-4
fs/xfs/xfs_ialloc.c
···
1251
return error;
1252
1253
/* for untrusted inodes check it is allocated first */
1254
-
if ((flags & XFS_IGET_BULKSTAT) &&
1255
(rec.ir_free & XFS_INOBT_MASK(agino - rec.ir_startino)))
1256
return EINVAL;
1257
···
1292
if (agno >= mp->m_sb.sb_agcount || agbno >= mp->m_sb.sb_agblocks ||
1293
ino != XFS_AGINO_TO_INO(mp, agno, agino)) {
1294
#ifdef DEBUG
1295
-
/* no diagnostics for bulkstat, ino comes from userspace */
1296
-
if (flags & XFS_IGET_BULKSTAT)
1297
return XFS_ERROR(EINVAL);
1298
if (agno >= mp->m_sb.sb_agcount) {
1299
xfs_fs_cmn_err(CE_ALERT, mp,
···
1332
* inodes in stale state on disk. Hence we have to do a btree lookup
1333
* in all cases where an untrusted inode number is passed.
1334
*/
1335
-
if (flags & XFS_IGET_BULKSTAT) {
1336
error = xfs_imap_lookup(mp, tp, agno, agino, agbno,
1337
&chunk_agbno, &offset_agbno, flags);
1338
if (error)
···
1251
return error;
1252
1253
/* for untrusted inodes check it is allocated first */
1254
+
if ((flags & XFS_IGET_UNTRUSTED) &&
1255
(rec.ir_free & XFS_INOBT_MASK(agino - rec.ir_startino)))
1256
return EINVAL;
1257
···
1292
if (agno >= mp->m_sb.sb_agcount || agbno >= mp->m_sb.sb_agblocks ||
1293
ino != XFS_AGINO_TO_INO(mp, agno, agino)) {
1294
#ifdef DEBUG
1295
+
/*
1296
+
* Don't output diagnostic information for untrusted inodes
1297
+
* as they can be invalid without implying corruption.
1298
+
*/
1299
+
if (flags & XFS_IGET_UNTRUSTED)
1300
return XFS_ERROR(EINVAL);
1301
if (agno >= mp->m_sb.sb_agcount) {
1302
xfs_fs_cmn_err(CE_ALERT, mp,
···
1329
* inodes in stale state on disk. Hence we have to do a btree lookup
1330
* in all cases where an untrusted inode number is passed.
1331
*/
1332
+
if (flags & XFS_IGET_UNTRUSTED) {
1333
error = xfs_imap_lookup(mp, tp, agno, agino, agbno,
1334
&chunk_agbno, &offset_agbno, flags);
1335
if (error)
+1
-1
fs/xfs/xfs_inode.c
+1
-1
fs/xfs/xfs_inode.c
+1
-1
fs/xfs/xfs_inode.h
+1
-1
fs/xfs/xfs_inode.h
+1
-1
fs/xfs/xfs_itable.c
+1
-1
fs/xfs/xfs_itable.c