From 8ad560d2565e64b8be0cf5901c1e8fe034ac5599 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" Date: Thu, 31 May 2018 09:07:21 -0700 Subject: [PATCH] xfs: strengthen rtalloc query range checks Strengthen the rtalloc range query checks to make sure that the keys do not run off the end of the realtime device inappropriately. Note that the query range functions require units of rt extents, not blocks, despite the type name. Signed-off-by: Darrick J. Wong Reviewed-by: Allison Henderson Reviewed-by: Bill O'Donnell --- fs/xfs/libxfs/xfs_rtbitmap.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/xfs/libxfs/xfs_rtbitmap.c b/fs/xfs/libxfs/xfs_rtbitmap.c index 7712f282d172..1855182c11ec 100644 --- a/fs/xfs/libxfs/xfs_rtbitmap.c +++ b/fs/xfs/libxfs/xfs_rtbitmap.c @@ -1038,8 +1038,11 @@ xfs_rtalloc_query_range( if (low_rec->ar_startblock > high_rec->ar_startblock) return -EINVAL; - else if (low_rec->ar_startblock == high_rec->ar_startblock) + if (low_rec->ar_startblock >= mp->m_sb.sb_rextents || + low_rec->ar_startblock == high_rec->ar_startblock) return 0; + if (high_rec->ar_startblock >= mp->m_sb.sb_rextents) + high_rec->ar_startblock = mp->m_sb.sb_rextents - 1; /* Iterate the bitmap, looking for discrepancies. */ rtstart = low_rec->ar_startblock; @@ -1083,7 +1086,7 @@ xfs_rtalloc_query_all( struct xfs_rtalloc_rec keys[2]; keys[0].ar_startblock = 0; - keys[1].ar_startblock = tp->t_mountp->m_sb.sb_rblocks; + keys[1].ar_startblock = tp->t_mountp->m_sb.sb_rextents - 1; keys[0].ar_blockcount = keys[1].ar_blockcount = 0; return xfs_rtalloc_query_range(tp, &keys[0], &keys[1], fn, priv);