diff options
author | Eric Biggers <ebiggers@google.com> | 2023-10-25 21:00:10 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-10-27 03:34:37 +0000 |
commit | 5e9581aba3e27eff789aae30f4829d15dd420892 (patch) | |
tree | 211911b40f11a7e070e60d26679c3e092115c465 | |
parent | d6685696902d2d23c9d63a4400862ec3b3eceda1 (diff) | |
download | f2fs-tools-5e9581aba3e27eff789aae30f4829d15dd420892.tar.gz |
DO NOT MERGE - f2fs-tools: ensure that unused xattr space is zeroized
Also add a missing free() to fix a memory leak.
Bug: 305658663
Test: - On kernel with bug:
- Created an f2fs filesystem
- Created 250-byte xattr on a directory
- Deleted the xattr
- Ran fsck.f2fs -f
- Mounted filesystem
- On kernel without bug:
- Created 200-byte xattr on the directory
- Listed xattrs
The last step shows corruption before this change, but not after it.
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f7c0ca9f8b02cbb199d0277c8aefb5098df9a867)
Merged-In: I5ae77803113683887b3aaec804a0547ceb3d80c4
Change-Id: I5ae77803113683887b3aaec804a0547ceb3d80c4
-rw-r--r-- | fsck/fsck.c | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/fsck/fsck.c b/fsck/fsck.c index 4a18ecb..d38ad1e 100644 --- a/fsck/fsck.c +++ b/fsck/fsck.c @@ -685,6 +685,17 @@ void fsck_reada_all_direct_node_blocks(struct f2fs_sb_info *sbi, } } +static bool is_zeroed(const u8 *p, size_t size) +{ + size_t i; + + for (i = 0; i < size; i++) { + if (p[i]) + return false; + } + return true; +} + int chk_extended_attributes(struct f2fs_sb_info *sbi, u32 nid, struct f2fs_node *inode) { @@ -692,6 +703,7 @@ int chk_extended_attributes(struct f2fs_sb_info *sbi, u32 nid, void *last_base_addr; struct f2fs_xattr_entry *ent; __u32 xattr_size = XATTR_SIZE(&inode->i); + bool need_fix = false; if (xattr_size == 0) return 0; @@ -707,18 +719,24 @@ int chk_extended_attributes(struct f2fs_sb_info *sbi, u32 nid, ASSERT_MSG("[0x%x] last xattr entry (offset: %lx) " "crosses the boundary", nid, (long int)((void *)ent - xattr)); - if (c.fix_on) { - memset(ent, 0, - (char *)last_base_addr - (char *)ent); - write_all_xattrs(sbi, inode, xattr_size, xattr); - FIX_MSG("[0x%x] nullify wrong xattr entries", - nid); - return 1; - } + need_fix = true; break; } } - + if (!need_fix && + !is_zeroed((u8 *)ent, (u8 *)last_base_addr - (u8 *)ent)) { + ASSERT_MSG("[0x%x] nonzero bytes in xattr space after " + "end of list", nid); + need_fix = true; + } + if (need_fix && c.fix_on) { + memset(ent, 0, (u8 *)last_base_addr - (u8 *)ent); + write_all_xattrs(sbi, inode, xattr_size, xattr); + FIX_MSG("[0x%x] nullify wrong xattr entries", nid); + free(xattr); + return 1; + } + free(xattr); return 0; } |