A check for a valid value for bits_per_field is performed for each field before computing packed_max.
If bits_per_field is invalid for any field the whole format is deemed
invalid.
Reported-by: [email protected]
Signed-off-by: Camila Alvarez <[email protected]>
---
fs/bcachefs/bcachefs_format.h | 8 ++++++++
fs/bcachefs/bkey.c | 18 ++++++++++++++++--
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/fs/bcachefs/bcachefs_format.h b/fs/bcachefs/bcachefs_format.h
index d5b90439e581..9e688a8d780f 100644
--- a/fs/bcachefs/bcachefs_format.h
+++ b/fs/bcachefs/bcachefs_format.h
@@ -318,6 +318,14 @@ enum bch_bkey_fields {
#define bkey_format_field(name, field) \
[BKEY_FIELD_##name] = (sizeof(((struct bkey *) NULL)->field) * 8)
+#define BCH_BKEY_FIELDS() \
+ x(INODE, p.inode) \
+ x(OFFSET, p.offset) \
+ x(SNAPSHOT, p.snapshot) \
+ x(SIZE, size) \
+ x(VERSION_HI, version.hi) \
+ x(VERSION_LO, version.lo)
+
#define BKEY_FORMAT_CURRENT \
((struct bkey_format) { \
.key_u64s = BKEY_U64s, \
diff --git a/fs/bcachefs/bkey.c b/fs/bcachefs/bkey.c
index 76e79a15ba08..f7847c96a105 100644
--- a/fs/bcachefs/bkey.c
+++ b/fs/bcachefs/bkey.c
@@ -638,6 +638,13 @@ struct bkey_format bch2_bkey_format_done(struct bkey_format_state *s)
return ret;
}
+static unsigned bch2_max_bits_per_field[] = {
+#define x(name, field) \
+ bkey_format_field(name, field),
+ BCH_BKEY_FIELDS()
+#undef x
+};
+
int bch2_bkey_format_invalid(struct bch_fs *c,
struct bkey_format *f,
enum bkey_invalid_flags flags,
@@ -659,8 +666,15 @@ int bch2_bkey_format_invalid(struct bch_fs *c,
if (!c || c->sb.version_min >= bcachefs_metadata_version_snapshot) {
unsigned unpacked_bits = bch2_bkey_format_current.bits_per_field[i];
u64 unpacked_max = ~((~0ULL << 1) << (unpacked_bits - 1));
- u64 packed_max = f->bits_per_field[i]
- ? ~((~0ULL << 1) << (f->bits_per_field[i] - 1))
+ unsigned bits_per_field = f->bits_per_field[i];
+
+ if (bits_per_field > bch2_max_bits_per_field[i]) {
+ prt_printf(err, "field %u uses more bits than allowed: %u > %u",
+ i, bits_per_field, bch2_max_bits_per_field[i]);
+ return -BCH_ERR_invalid;
+ }
+ u64 packed_max = bits_per_field
+ ? ~((~0ULL << 1) << (bits_per_field - 1))
: 0;
u64 field_offset = le64_to_cpu(f->field_offset[i]);
--
2.34.1