xfs
[Top] [All Lists]

Re: [PATCH 2/4] xfs: validate untrusted inode numbers during lookup

To: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Subject: Re: [PATCH 2/4] xfs: validate untrusted inode numbers during lookup
From: Dave Chinner <david@xxxxxxxxxxxxx>
Date: Sat, 19 Jun 2010 10:07:07 +1000
Cc: xfs@xxxxxxxxxxx, security@xxxxxxxxxx
In-reply-to: <20100618114156.GA5417@xxxxxxxxxxxxx>
References: <1276846374-23916-1-git-send-email-david@xxxxxxxxxxxxx> <1276846374-23916-3-git-send-email-david@xxxxxxxxxxxxx> <20100618114156.GA5417@xxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-06-14)
On Fri, Jun 18, 2010 at 07:41:56AM -0400, Christoph Hellwig wrote:
> On Fri, Jun 18, 2010 at 05:32:52PM +1000, Dave Chinner wrote:
> > +static int
> > +xfs_imap_lookup(
> 
> STATIC to keep the gcc inliner from overdoing thing?

*Nod*.

> 
> > +   xfs_mount_t     *mp,
> > +   xfs_trans_t     *tp,
> 
> > +{
> > +   xfs_inobt_rec_incore_t rec;
> > +   xfs_btree_cur_t *cur;
> > +   xfs_buf_t       *agbp;
> 
> Please use the struct versions of these instead of the typedefs.

Copy-n-paste error - my bad.

> > +#ifdef DEBUG
> > +           xfs_fs_cmn_err(CE_ALERT, mp, "xfs_imap: "
> > +                           "xfs_inobt_get_rec() failed");
> > +#endif /* DEBUG */
> > +           error = XFS_ERROR(EINVAL);
> 
> No need to print these even for debug kernels I think.  And even then
> we shouldn't do it if the untrusted flag is set.

Ok, I killed all the prints - they don't tell us what inode number
the error occurred on anyway, so they aren't very useful anyway....

> > +   }
> > +error0:
> 
> I'd just call it out, or replace the goto by and if/else

Ok, I rearranged the code to kill the goto. I will repost
the series after a QA run.

Cheers,

Dave.
-- 
Dave Chinner
david@xxxxxxxxxxxxx

<Prev in Thread] Current Thread [Next in Thread>