Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp1131514iof;
        Mon, 6 Jun 2022 21:56:18 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzPnh6Y/XWYlCe69kcfalIcnq/mUnlAIvfBeNsyJZByLBETWlI7GPyMMRnwRhzDPQkJJwKr
X-Received: by 2002:a17:90a:e7cb:b0:1e8:65fb:3cd4 with SMTP id kb11-20020a17090ae7cb00b001e865fb3cd4mr14349593pjb.234.1654577777595;
        Mon, 06 Jun 2022 21:56:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1654577777; cv=none;
        d=google.com; s=arc-20160816;
        b=0yAgIJQBQC9WJUT1gd4knzCLMpUIZi8XhQ8x/gmsz/+lBOQXEKIsaSPZ123dqG+R+U
         bgh0ZHjHTRBGhHjqGk0XIQvwrlfn/2q1qE3v0vIVx6a3I706bauiHaErkXCk7hlnBbeM
         VdA5rYCbg+ZYvFx/heT8tCWIpXWKZJyH1bFO/BdZ3baC9LlnY3XFAuFE51vT8LzxLwWd
         vduI0WQpOfAojJe7p6/JHb3zRYEyAl69dhvvHl+2jxq2dm9/bHSEJlrMko/ckXgRKLv0
         qUjrMjlEbRiOJRzBDbu4xf65kRUsePcq0FG34KemMjUIVaYgakvx1BiT78oeol4K2iJk
         PHJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=1phfi+h3z1CXGQrojnEaWVd3MbzTtWwV0CEBPOs01Lk=;
        b=wdHJkeIE5lYtSbu9o6o403ctmjgeNaiT6z+PPUX6YNm5vAjCqQFz+NbvHBRwGIwmk0
         fa3VLsdZgzhcCYyrmlF93CSOqmrueSJw/30KfNawL6nJY4AxYOxbeL+VtYEJowxOEVpl
         zZkVgvwK7ly9mbKM6ddqMCcp8+TjTqL54PVTIxNMfGAbxTs1rbNAkvcpdsf7DzZfUUht
         RU1YAE572x5kD4q5U3GbwngfJczLGHtUP4fIw4mBiFZI5TBwqeUx+3h/d9WfAP5qoHKx
         8YBGWa7OE/usvkBGo+6MtKrqibZE2gK2o1+C4/OyPYSATqkbvQU6Euls76VFRAAl9g8V
         WIJg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@mit.edu header.s=outgoing header.b=HTGEhpge;
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mit.edu
Return-Path: <linux-ext4-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id e8-20020a17090a728800b001e2818ea430si25703685pjg.86.2022.06.06.21.55.50;
        Mon, 06 Jun 2022 21:56:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@mit.edu header.s=outgoing header.b=HTGEhpge;
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mit.edu
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236551AbiFGEZw (ORCPT <rfc822;qiancan31863@gmail.com>
        + 99 others); Tue, 7 Jun 2022 00:25:52 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54222 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236557AbiFGEZr (ORCPT
        <rfc822;linux-ext4@vger.kernel.org>); Tue, 7 Jun 2022 00:25:47 -0400
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6869FB82C1
        for <linux-ext4@vger.kernel.org>; Mon,  6 Jun 2022 21:25:44 -0700 (PDT)
Received: from cwcc.thunk.org (pool-108-7-220-252.bstnma.fios.verizon.net [108.7.220.252])
        (authenticated bits=0)
        (User authenticated as tytso@ATHENA.MIT.EDU)
        by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 2574PTee005590
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Tue, 7 Jun 2022 00:25:30 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing;
        t=1654575931; bh=1phfi+h3z1CXGQrojnEaWVd3MbzTtWwV0CEBPOs01Lk=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References;
        b=HTGEhpgem2pt63ip+YMSDw+Y55m0yUZXaJyqPEwVZdg5PizCkDNLGk164p5S32qTs
         8JmHfUNmf27jPKIoPJ+BHIkkyzDwvI2TvK0Pk29Lhq+/Ft1siExNrKWqMw/+Cv2LdV
         bqKPwDj7glsfSKEbc+PIuRWL0ssTS3ElrXtwBmy73M4qGh7P4sXT0BnbyQSkC/GZD3
         /0xQWaUveDScxp1saQWXFsYEUoMXHOtqjWBorbARkd0WJfilXS1fWiVXQ3QTfk/G3Q
         2w2Y9J1usYGmVphftMjHzFIztrmzYLTYPgLBYVJD0/VJpIIKEORzDhs+3+dXOjL9iE
         F4fw+oUVa2kag==
Received: by cwcc.thunk.org (Postfix, from userid 15806)
        id C89DF15C3EBE; Tue,  7 Jun 2022 00:25:27 -0400 (EDT)
From:   "Theodore Ts'o" <tytso@mit.edu>
To:     Ext4 Developers List <linux-ext4@vger.kernel.org>
Cc:     Nils Bars <nils.bars@rub.de>,
        =?UTF-8?q?Moritz=20Schl=C3=B6gel?= <moritz.schloegel@rub.de>,
        Nico Schiller <nico.schiller@rub.de>,
        "Theodore Ts'o" <tytso@mit.edu>
Subject: [PATCH 6/7] libext2fs: check for cyclic loops in the extent tree
Date:   Tue,  7 Jun 2022 00:24:43 -0400
Message-Id: <20220607042444.1798015-7-tytso@mit.edu>
X-Mailer: git-send-email 2.31.0
In-Reply-To: <20220607042444.1798015-1-tytso@mit.edu>
References: <20220607042444.1798015-1-tytso@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00,DKIM_INVALID,
        DKIM_SIGNED,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,
        T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-ext4.vger.kernel.org>
X-Mailing-List: linux-ext4@vger.kernel.org

In the extent tree handling code in libext2fs, when we go move down
the extent tree, if a cyclic loop is detected, return an error.

Reported-by: Nils Bars <nils.bars@rub.de>
Reported-by: Moritz Schlögel <moritz.schloegel@rub.de>
Reported-by: Nico Schiller <nico.schiller@rub.de>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 lib/ext2fs/ext2_err.et.in |  3 +++
 lib/ext2fs/extent.c       | 11 +++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/ext2fs/ext2_err.et.in b/lib/ext2fs/ext2_err.et.in
index cf0e00ea..bb1dcf14 100644
--- a/lib/ext2fs/ext2_err.et.in
+++ b/lib/ext2fs/ext2_err.et.in
@@ -551,4 +551,7 @@ ec	EXT2_ET_NO_GDESC,
 ec	EXT2_FILSYS_CORRUPTED,
 	"The internal ext2_filsys data structure appears to be corrupted"
 
+ec	EXT2_ET_EXTENT_CYCLE,
+	"Found cyclic loop in extent tree"
+
 	end
diff --git a/lib/ext2fs/extent.c b/lib/ext2fs/extent.c
index 1a206a16..82e75ccd 100644
--- a/lib/ext2fs/extent.c
+++ b/lib/ext2fs/extent.c
@@ -47,6 +47,7 @@ struct extent_path {
 	int		visit_num;
 	int		flags;
 	blk64_t		end_blk;
+	blk64_t		blk;
 	void		*curr;
 };
 
@@ -286,6 +287,7 @@ errcode_t ext2fs_extent_open2(ext2_filsys fs, ext2_ino_t ino,
 	handle->path[0].end_blk =
 		(EXT2_I_SIZE(handle->inode) + fs->blocksize - 1) >>
 		 EXT2_BLOCK_SIZE_BITS(fs->super);
+	handle->path[0].blk = 0;
 	handle->path[0].visit_num = 1;
 	handle->level = 0;
 	handle->magic = EXT2_ET_MAGIC_EXTENT_HANDLE;
@@ -305,14 +307,14 @@ errout:
 errcode_t ext2fs_extent_get(ext2_extent_handle_t handle,
 			    int flags, struct ext2fs_extent *extent)
 {
-	struct extent_path	*path, *newpath;
+	struct extent_path	*path, *newpath, *tp;
 	struct ext3_extent_header	*eh;
 	struct ext3_extent_idx		*ix = 0;
 	struct ext3_extent		*ex;
 	errcode_t			retval;
 	blk64_t				blk;
 	blk64_t				end_blk;
-	int				orig_op, op;
+	int				orig_op, op, l;
 	int				failed_csum = 0;
 
 	EXT2_CHECK_MAGIC(handle, EXT2_ET_MAGIC_EXTENT_HANDLE);
@@ -467,6 +469,11 @@ retry:
 		}
 		blk = ext2fs_le32_to_cpu(ix->ei_leaf) +
 			((__u64) ext2fs_le16_to_cpu(ix->ei_leaf_hi) << 32);
+		for (l = handle->level, tp = path; l > 0; l--, tp--) {
+			if (blk == tp->blk)
+				return EXT2_ET_EXTENT_CYCLE;
+		}
+		newpath->blk = blk;
 		if ((handle->fs->flags & EXT2_FLAG_IMAGE_FILE) &&
 		    (handle->fs->io != handle->fs->image_io))
 			memset(newpath->buf, 0, handle->fs->blocksize);
-- 
2.31.0