From nobody Thu Apr 2 11:40:39 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11D21C07E9D for ; Sat, 24 Sep 2022 07:42:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233570AbiIXHmA (ORCPT ); Sat, 24 Sep 2022 03:42:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58352 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233559AbiIXHly (ORCPT ); Sat, 24 Sep 2022 03:41:54 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D53491181F0; Sat, 24 Sep 2022 00:41:51 -0700 (PDT) Received: from canpemm500010.china.huawei.com (unknown [172.30.72.57]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4MZLTH2609zlXK8; Sat, 24 Sep 2022 15:37:39 +0800 (CST) Received: from huawei.com (10.175.127.227) by canpemm500010.china.huawei.com (7.192.105.118) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sat, 24 Sep 2022 15:41:49 +0800 From: Ye Bin To: , , CC: , , Ye Bin Subject: [PATCH -next 1/3] ext4: introduce EXT4_FC_TAG_BASE_LEN helper Date: Sat, 24 Sep 2022 15:52:31 +0800 Message-ID: <20220924075233.2315259-2-yebin10@huawei.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220924075233.2315259-1-yebin10@huawei.com> References: <20220924075233.2315259-1-yebin10@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To canpemm500010.china.huawei.com (7.192.105.118) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Introduce EXT4_FC_TAG_BASE_LEN helper for calculate length of struct ext4_fc_tl. Signed-off-by: Ye Bin --- fs/ext4/fast_commit.c | 54 ++++++++++++++++++++++--------------------- fs/ext4/fast_commit.h | 3 +++ 2 files changed, 31 insertions(+), 26 deletions(-) diff --git a/fs/ext4/fast_commit.c b/fs/ext4/fast_commit.c index 54ccc61c713a..a65772c22f6d 100644 --- a/fs/ext4/fast_commit.c +++ b/fs/ext4/fast_commit.c @@ -702,10 +702,10 @@ static u8 *ext4_fc_reserve_space(struct super_block *= sb, int len, u32 *crc) * After allocating len, we should have space at least for a 0 byte * padding. */ - if (len + sizeof(struct ext4_fc_tl) > bsize) + if (len + EXT4_FC_TAG_BASE_LEN > bsize) return NULL; =20 - if (bsize - off - 1 > len + sizeof(struct ext4_fc_tl)) { + if (bsize - off - 1 > len + EXT4_FC_TAG_BASE_LEN) { /* * Only allocate from current buffer if we have enough space for * this request AND we have space to add a zero byte padding. @@ -722,10 +722,10 @@ static u8 *ext4_fc_reserve_space(struct super_block *= sb, int len, u32 *crc) /* Need to add PAD tag */ tl =3D (struct ext4_fc_tl *)(sbi->s_fc_bh->b_data + off); tl->fc_tag =3D cpu_to_le16(EXT4_FC_TAG_PAD); - pad_len =3D bsize - off - 1 - sizeof(struct ext4_fc_tl); + pad_len =3D bsize - off - 1 - EXT4_FC_TAG_BASE_LEN; tl->fc_len =3D cpu_to_le16(pad_len); if (crc) - *crc =3D ext4_chksum(sbi, *crc, tl, sizeof(*tl)); + *crc =3D ext4_chksum(sbi, *crc, tl, EXT4_FC_TAG_BASE_LEN); if (pad_len > 0) ext4_fc_memzero(sb, tl + 1, pad_len, crc); ext4_fc_submit_bh(sb, false); @@ -767,7 +767,7 @@ static int ext4_fc_write_tail(struct super_block *sb, u= 32 crc) * ext4_fc_reserve_space takes care of allocating an extra block if * there's no enough space on this block for accommodating this tail. */ - dst =3D ext4_fc_reserve_space(sb, sizeof(tl) + sizeof(tail), &crc); + dst =3D ext4_fc_reserve_space(sb, EXT4_FC_TAG_BASE_LEN + sizeof(tail), &c= rc); if (!dst) return -ENOSPC; =20 @@ -777,8 +777,8 @@ static int ext4_fc_write_tail(struct super_block *sb, u= 32 crc) tl.fc_len =3D cpu_to_le16(bsize - off - 1 + sizeof(struct ext4_fc_tail)); sbi->s_fc_bytes =3D round_up(sbi->s_fc_bytes, bsize); =20 - ext4_fc_memcpy(sb, dst, &tl, sizeof(tl), &crc); - dst +=3D sizeof(tl); + ext4_fc_memcpy(sb, dst, &tl, EXT4_FC_TAG_BASE_LEN, &crc); + dst +=3D EXT4_FC_TAG_BASE_LEN; tail.fc_tid =3D cpu_to_le32(sbi->s_journal->j_running_transaction->t_tid); ext4_fc_memcpy(sb, dst, &tail.fc_tid, sizeof(tail.fc_tid), &crc); dst +=3D sizeof(tail.fc_tid); @@ -800,15 +800,15 @@ static bool ext4_fc_add_tlv(struct super_block *sb, u= 16 tag, u16 len, u8 *val, struct ext4_fc_tl tl; u8 *dst; =20 - dst =3D ext4_fc_reserve_space(sb, sizeof(tl) + len, crc); + dst =3D ext4_fc_reserve_space(sb, EXT4_FC_TAG_BASE_LEN + len, crc); if (!dst) return false; =20 tl.fc_tag =3D cpu_to_le16(tag); tl.fc_len =3D cpu_to_le16(len); =20 - ext4_fc_memcpy(sb, dst, &tl, sizeof(tl), crc); - ext4_fc_memcpy(sb, dst + sizeof(tl), val, len, crc); + ext4_fc_memcpy(sb, dst, &tl, EXT4_FC_TAG_BASE_LEN, crc); + ext4_fc_memcpy(sb, dst + EXT4_FC_TAG_BASE_LEN, val, len, crc); =20 return true; } @@ -820,8 +820,8 @@ static bool ext4_fc_add_dentry_tlv(struct super_block *= sb, u32 *crc, struct ext4_fc_dentry_info fcd; struct ext4_fc_tl tl; int dlen =3D fc_dentry->fcd_name.len; - u8 *dst =3D ext4_fc_reserve_space(sb, sizeof(tl) + sizeof(fcd) + dlen, - crc); + u8 *dst =3D ext4_fc_reserve_space(sb, + EXT4_FC_TAG_BASE_LEN + sizeof(fcd) + dlen, crc); =20 if (!dst) return false; @@ -830,8 +830,8 @@ static bool ext4_fc_add_dentry_tlv(struct super_block *= sb, u32 *crc, fcd.fc_ino =3D cpu_to_le32(fc_dentry->fcd_ino); tl.fc_tag =3D cpu_to_le16(fc_dentry->fcd_op); tl.fc_len =3D cpu_to_le16(sizeof(fcd) + dlen); - ext4_fc_memcpy(sb, dst, &tl, sizeof(tl), crc); - dst +=3D sizeof(tl); + ext4_fc_memcpy(sb, dst, &tl, EXT4_FC_TAG_BASE_LEN, crc); + dst +=3D EXT4_FC_TAG_BASE_LEN; ext4_fc_memcpy(sb, dst, &fcd, sizeof(fcd), crc); dst +=3D sizeof(fcd); ext4_fc_memcpy(sb, dst, fc_dentry->fcd_name.name, dlen, crc); @@ -868,13 +868,13 @@ static int ext4_fc_write_inode(struct inode *inode, u= 32 *crc) =20 ret =3D -ECANCELED; dst =3D ext4_fc_reserve_space(inode->i_sb, - sizeof(tl) + inode_len + sizeof(fc_inode.fc_ino), crc); + EXT4_FC_TAG_BASE_LEN + inode_len + sizeof(fc_inode.fc_ino), crc); if (!dst) goto err; =20 - if (!ext4_fc_memcpy(inode->i_sb, dst, &tl, sizeof(tl), crc)) + if (!ext4_fc_memcpy(inode->i_sb, dst, &tl, EXT4_FC_TAG_BASE_LEN, crc)) goto err; - dst +=3D sizeof(tl); + dst +=3D EXT4_FC_TAG_BASE_LEN; if (!ext4_fc_memcpy(inode->i_sb, dst, &fc_inode, sizeof(fc_inode), crc)) goto err; dst +=3D sizeof(fc_inode); @@ -2026,9 +2026,10 @@ static int ext4_fc_replay_scan(journal_t *journal, } =20 state->fc_replay_expected_off++; - for (cur =3D start; cur < end; cur =3D cur + sizeof(tl) + le16_to_cpu(tl.= fc_len)) { - memcpy(&tl, cur, sizeof(tl)); - val =3D cur + sizeof(tl); + for (cur =3D start; cur < end; + cur =3D cur + EXT4_FC_TAG_BASE_LEN + le16_to_cpu(tl.fc_len)) { + memcpy(&tl, cur, EXT4_FC_TAG_BASE_LEN); + val =3D cur + EXT4_FC_TAG_BASE_LEN; ext4_debug("Scan phase, tag:%s, blk %lld\n", tag2str(le16_to_cpu(tl.fc_tag)), bh->b_blocknr); switch (le16_to_cpu(tl.fc_tag)) { @@ -2051,13 +2052,13 @@ static int ext4_fc_replay_scan(journal_t *journal, case EXT4_FC_TAG_PAD: state->fc_cur_tag++; state->fc_crc =3D ext4_chksum(sbi, state->fc_crc, cur, - sizeof(tl) + le16_to_cpu(tl.fc_len)); + EXT4_FC_TAG_BASE_LEN + le16_to_cpu(tl.fc_len)); break; case EXT4_FC_TAG_TAIL: state->fc_cur_tag++; memcpy(&tail, val, sizeof(tail)); state->fc_crc =3D ext4_chksum(sbi, state->fc_crc, cur, - sizeof(tl) + + EXT4_FC_TAG_BASE_LEN + offsetof(struct ext4_fc_tail, fc_crc)); if (le32_to_cpu(tail.fc_tid) =3D=3D expected_tid && @@ -2084,7 +2085,7 @@ static int ext4_fc_replay_scan(journal_t *journal, } state->fc_cur_tag++; state->fc_crc =3D ext4_chksum(sbi, state->fc_crc, cur, - sizeof(tl) + le16_to_cpu(tl.fc_len)); + EXT4_FC_TAG_BASE_LEN + le16_to_cpu(tl.fc_len)); break; default: ret =3D state->fc_replay_num_tags ? @@ -2139,9 +2140,10 @@ static int ext4_fc_replay(journal_t *journal, struct= buffer_head *bh, start =3D (u8 *)bh->b_data; end =3D (__u8 *)bh->b_data + journal->j_blocksize - 1; =20 - for (cur =3D start; cur < end; cur =3D cur + sizeof(tl) + le16_to_cpu(tl.= fc_len)) { - memcpy(&tl, cur, sizeof(tl)); - val =3D cur + sizeof(tl); + for (cur =3D start; cur < end; + cur =3D cur + EXT4_FC_TAG_BASE_LEN + le16_to_cpu(tl.fc_len)) { + memcpy(&tl, cur, EXT4_FC_TAG_BASE_LEN); + val =3D cur + EXT4_FC_TAG_BASE_LEN; =20 if (state->fc_replay_num_tags =3D=3D 0) { ret =3D JBD2_FC_REPLAY_STOP; diff --git a/fs/ext4/fast_commit.h b/fs/ext4/fast_commit.h index 1db12847a83b..a6154c3ed135 100644 --- a/fs/ext4/fast_commit.h +++ b/fs/ext4/fast_commit.h @@ -70,6 +70,9 @@ struct ext4_fc_tail { __le32 fc_crc; }; =20 +/* Tag base length */ +#define EXT4_FC_TAG_BASE_LEN (sizeof(struct ext4_fc_tl)) + /* * Fast commit status codes */ --=20 2.31.1 From nobody Thu Apr 2 11:40:39 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23070C32771 for ; Sat, 24 Sep 2022 07:42:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233574AbiIXHmN (ORCPT ); Sat, 24 Sep 2022 03:42:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58410 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233564AbiIXHl4 (ORCPT ); Sat, 24 Sep 2022 03:41:56 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6DBBA11DFFC; Sat, 24 Sep 2022 00:41:52 -0700 (PDT) Received: from canpemm500010.china.huawei.com (unknown [172.30.72.55]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4MZLTH5B0rzlXPL; Sat, 24 Sep 2022 15:37:39 +0800 (CST) Received: from huawei.com (10.175.127.227) by canpemm500010.china.huawei.com (7.192.105.118) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sat, 24 Sep 2022 15:41:50 +0800 From: Ye Bin To: , , CC: , , Ye Bin Subject: [PATCH -next 2/3] ext4: factor out ext4_fc_get_tl() Date: Sat, 24 Sep 2022 15:52:32 +0800 Message-ID: <20220924075233.2315259-3-yebin10@huawei.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220924075233.2315259-1-yebin10@huawei.com> References: <20220924075233.2315259-1-yebin10@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To canpemm500010.china.huawei.com (7.192.105.118) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Factor out ext4_fc_get_tl() to fill 'tl' with host byte order. Signed-off-by: Ye Bin --- fs/ext4/fast_commit.c | 46 +++++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/fs/ext4/fast_commit.c b/fs/ext4/fast_commit.c index a65772c22f6d..54622005a0c8 100644 --- a/fs/ext4/fast_commit.c +++ b/fs/ext4/fast_commit.c @@ -1338,7 +1338,7 @@ struct dentry_info_args { }; =20 static inline void tl_to_darg(struct dentry_info_args *darg, - struct ext4_fc_tl *tl, u8 *val) + struct ext4_fc_tl *tl, u8 *val) { struct ext4_fc_dentry_info fcd; =20 @@ -1347,8 +1347,14 @@ static inline void tl_to_darg(struct dentry_info_arg= s *darg, darg->parent_ino =3D le32_to_cpu(fcd.fc_parent_ino); darg->ino =3D le32_to_cpu(fcd.fc_ino); darg->dname =3D val + offsetof(struct ext4_fc_dentry_info, fc_dname); - darg->dname_len =3D le16_to_cpu(tl->fc_len) - - sizeof(struct ext4_fc_dentry_info); + darg->dname_len =3D tl->fc_len - sizeof(struct ext4_fc_dentry_info); +} + +static inline void ext4_fc_get_tl(struct ext4_fc_tl *tl, u8 *val) +{ + memcpy(tl, val, EXT4_FC_TAG_BASE_LEN); + tl->fc_len =3D le16_to_cpu(tl->fc_len); + tl->fc_tag =3D le16_to_cpu(tl->fc_tag); } =20 /* Unlink replay function */ @@ -1513,7 +1519,7 @@ static int ext4_fc_replay_inode(struct super_block *s= b, struct ext4_fc_tl *tl, struct ext4_inode *raw_fc_inode; struct inode *inode =3D NULL; struct ext4_iloc iloc; - int inode_len, ino, ret, tag =3D le16_to_cpu(tl->fc_tag); + int inode_len, ino, ret, tag =3D tl->fc_tag; struct ext4_extent_header *eh; =20 memcpy(&fc_inode, val, sizeof(fc_inode)); @@ -1538,7 +1544,7 @@ static int ext4_fc_replay_inode(struct super_block *s= b, struct ext4_fc_tl *tl, if (ret) goto out; =20 - inode_len =3D le16_to_cpu(tl->fc_len) - sizeof(struct ext4_fc_inode); + inode_len =3D tl->fc_len - sizeof(struct ext4_fc_inode); raw_inode =3D ext4_raw_inode(&iloc); =20 memcpy(raw_inode, raw_fc_inode, offsetof(struct ext4_inode, i_block)); @@ -2027,12 +2033,12 @@ static int ext4_fc_replay_scan(journal_t *journal, =20 state->fc_replay_expected_off++; for (cur =3D start; cur < end; - cur =3D cur + EXT4_FC_TAG_BASE_LEN + le16_to_cpu(tl.fc_len)) { - memcpy(&tl, cur, EXT4_FC_TAG_BASE_LEN); + cur =3D cur + EXT4_FC_TAG_BASE_LEN + tl.fc_len) { + ext4_fc_get_tl(&tl, cur); val =3D cur + EXT4_FC_TAG_BASE_LEN; ext4_debug("Scan phase, tag:%s, blk %lld\n", - tag2str(le16_to_cpu(tl.fc_tag)), bh->b_blocknr); - switch (le16_to_cpu(tl.fc_tag)) { + tag2str(tl.fc_tag), bh->b_blocknr); + switch (tl.fc_tag) { case EXT4_FC_TAG_ADD_RANGE: memcpy(&ext, val, sizeof(ext)); ex =3D (struct ext4_extent *)&ext.fc_ex; @@ -2052,7 +2058,7 @@ static int ext4_fc_replay_scan(journal_t *journal, case EXT4_FC_TAG_PAD: state->fc_cur_tag++; state->fc_crc =3D ext4_chksum(sbi, state->fc_crc, cur, - EXT4_FC_TAG_BASE_LEN + le16_to_cpu(tl.fc_len)); + EXT4_FC_TAG_BASE_LEN + tl.fc_len); break; case EXT4_FC_TAG_TAIL: state->fc_cur_tag++; @@ -2085,7 +2091,7 @@ static int ext4_fc_replay_scan(journal_t *journal, } state->fc_cur_tag++; state->fc_crc =3D ext4_chksum(sbi, state->fc_crc, cur, - EXT4_FC_TAG_BASE_LEN + le16_to_cpu(tl.fc_len)); + EXT4_FC_TAG_BASE_LEN + tl.fc_len); break; default: ret =3D state->fc_replay_num_tags ? @@ -2141,8 +2147,8 @@ static int ext4_fc_replay(journal_t *journal, struct = buffer_head *bh, end =3D (__u8 *)bh->b_data + journal->j_blocksize - 1; =20 for (cur =3D start; cur < end; - cur =3D cur + EXT4_FC_TAG_BASE_LEN + le16_to_cpu(tl.fc_len)) { - memcpy(&tl, cur, EXT4_FC_TAG_BASE_LEN); + cur =3D cur + EXT4_FC_TAG_BASE_LEN + tl.fc_len) { + ext4_fc_get_tl(&tl, cur); val =3D cur + EXT4_FC_TAG_BASE_LEN; =20 if (state->fc_replay_num_tags =3D=3D 0) { @@ -2150,10 +2156,9 @@ static int ext4_fc_replay(journal_t *journal, struct= buffer_head *bh, ext4_fc_set_bitmaps_and_counters(sb); break; } - ext4_debug("Replay phase, tag:%s\n", - tag2str(le16_to_cpu(tl.fc_tag))); + ext4_debug("Replay phase, tag:%s\n", tag2str(tl.fc_tag)); state->fc_replay_num_tags--; - switch (le16_to_cpu(tl.fc_tag)) { + switch (tl.fc_tag) { case EXT4_FC_TAG_LINK: ret =3D ext4_fc_replay_link(sb, &tl, val); break; @@ -2174,19 +2179,18 @@ static int ext4_fc_replay(journal_t *journal, struc= t buffer_head *bh, break; case EXT4_FC_TAG_PAD: trace_ext4_fc_replay(sb, EXT4_FC_TAG_PAD, 0, - le16_to_cpu(tl.fc_len), 0); + tl.fc_len, 0); break; case EXT4_FC_TAG_TAIL: - trace_ext4_fc_replay(sb, EXT4_FC_TAG_TAIL, 0, - le16_to_cpu(tl.fc_len), 0); + trace_ext4_fc_replay(sb, EXT4_FC_TAG_TAIL, + 0, tl.fc_len, 0); memcpy(&tail, val, sizeof(tail)); WARN_ON(le32_to_cpu(tail.fc_tid) !=3D expected_tid); break; case EXT4_FC_TAG_HEAD: break; default: - trace_ext4_fc_replay(sb, le16_to_cpu(tl.fc_tag), 0, - le16_to_cpu(tl.fc_len), 0); + trace_ext4_fc_replay(sb, tl.fc_tag, 0, tl.fc_len, 0); ret =3D -ECANCELED; break; } --=20 2.31.1 From nobody Thu Apr 2 11:40:39 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EFF5DC07E9D for ; Sat, 24 Sep 2022 07:42:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233614AbiIXHmP (ORCPT ); Sat, 24 Sep 2022 03:42:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58412 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233567AbiIXHl4 (ORCPT ); Sat, 24 Sep 2022 03:41:56 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6DDB711E5C1; Sat, 24 Sep 2022 00:41:52 -0700 (PDT) Received: from canpemm500010.china.huawei.com (unknown [172.30.72.55]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4MZLTJ1H7szlXPP; Sat, 24 Sep 2022 15:37:40 +0800 (CST) Received: from huawei.com (10.175.127.227) by canpemm500010.china.huawei.com (7.192.105.118) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sat, 24 Sep 2022 15:41:50 +0800 From: Ye Bin To: , , CC: , , Ye Bin Subject: [PATCH -next 3/3] ext4: fix potential out of bound read in ext4_fc_replay_scan() Date: Sat, 24 Sep 2022 15:52:33 +0800 Message-ID: <20220924075233.2315259-4-yebin10@huawei.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220924075233.2315259-1-yebin10@huawei.com> References: <20220924075233.2315259-1-yebin10@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [10.175.127.227] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To canpemm500010.china.huawei.com (7.192.105.118) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" For scan loop must ensure that at least EXT4_FC_TAG_BASE_LEN space. If rema= in space less than EXT4_FC_TAG_BASE_LEN which will lead to out of bound read when mounting corrupt file system image. ADD_RANGE/HEAD/TAIL is needed to add extra check when do journal scan, as t= his three tags will read data during scan, tag length couldn't less than data l= ength which will read. Signed-off-by: Ye Bin --- fs/ext4/fast_commit.c | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/fs/ext4/fast_commit.c b/fs/ext4/fast_commit.c index 54622005a0c8..ef05bfa87798 100644 --- a/fs/ext4/fast_commit.c +++ b/fs/ext4/fast_commit.c @@ -1976,6 +1976,34 @@ void ext4_fc_replay_cleanup(struct super_block *sb) kfree(sbi->s_fc_replay_state.fc_modified_inodes); } =20 +static inline bool ext4_fc_tag_len_isvalid(struct ext4_fc_tl *tl, + u8 *val, u8 *end) +{ + if (val + tl->fc_len > end) + return false; + + /* Here only check ADD_RANGE/TAIL/HEAD which will read data when do + * journal rescan before do CRC check. Other tags length check will + * rely on CRC check. + */ + switch (tl->fc_tag) { + case EXT4_FC_TAG_ADD_RANGE: + return (sizeof(struct ext4_fc_add_range) =3D=3D tl->fc_len); + case EXT4_FC_TAG_TAIL: + return (sizeof(struct ext4_fc_tail) <=3D tl->fc_len); + case EXT4_FC_TAG_HEAD: + return (sizeof(struct ext4_fc_head) =3D=3D tl->fc_len); + case EXT4_FC_TAG_DEL_RANGE: + case EXT4_FC_TAG_LINK: + case EXT4_FC_TAG_UNLINK: + case EXT4_FC_TAG_CREAT: + case EXT4_FC_TAG_INODE: + case EXT4_FC_TAG_PAD: + default: + return true; + } +} + /* * Recovery Scan phase handler * @@ -2032,10 +2060,15 @@ static int ext4_fc_replay_scan(journal_t *journal, } =20 state->fc_replay_expected_off++; - for (cur =3D start; cur < end; + for (cur =3D start; cur < end - EXT4_FC_TAG_BASE_LEN; cur =3D cur + EXT4_FC_TAG_BASE_LEN + tl.fc_len) { ext4_fc_get_tl(&tl, cur); val =3D cur + EXT4_FC_TAG_BASE_LEN; + if (!ext4_fc_tag_len_isvalid(&tl, val, end)) { + ret =3D state->fc_replay_num_tags ? + JBD2_FC_REPLAY_STOP : -ECANCELED; + goto out_err; + } ext4_debug("Scan phase, tag:%s, blk %lld\n", tag2str(tl.fc_tag), bh->b_blocknr); switch (tl.fc_tag) { @@ -2146,7 +2179,7 @@ static int ext4_fc_replay(journal_t *journal, struct = buffer_head *bh, start =3D (u8 *)bh->b_data; end =3D (__u8 *)bh->b_data + journal->j_blocksize - 1; =20 - for (cur =3D start; cur < end; + for (cur =3D start; cur < end - EXT4_FC_TAG_BASE_LEN; cur =3D cur + EXT4_FC_TAG_BASE_LEN + tl.fc_len) { ext4_fc_get_tl(&tl, cur); val =3D cur + EXT4_FC_TAG_BASE_LEN; @@ -2156,6 +2189,7 @@ static int ext4_fc_replay(journal_t *journal, struct = buffer_head *bh, ext4_fc_set_bitmaps_and_counters(sb); break; } + ext4_debug("Replay phase, tag:%s\n", tag2str(tl.fc_tag)); state->fc_replay_num_tags--; switch (tl.fc_tag) { --=20 2.31.1