xfs: directory scrubber must walk through data block to offset
In xfs_scrub_dir_rec, we must walk through the directory block entries to arrive at the offset given by the hash structure. If we blindly trust the hash address, we can end up midway into a directory entry and stray outside the block. Found by lastbit fuzzing lents[3].address in xfs/390 with KASAN enabled. Signed-off-by:Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by:
Dave Chinner <dchinner@redhat.com>
Showing
- fs/xfs/libxfs/xfs_dir2.h 2 additions, 0 deletionsfs/xfs/libxfs/xfs_dir2.h
- fs/xfs/libxfs/xfs_dir2_data.c 24 additions, 19 deletionsfs/xfs/libxfs/xfs_dir2_data.c
- fs/xfs/libxfs/xfs_dir2_sf.c 1 addition, 3 deletionsfs/xfs/libxfs/xfs_dir2_sf.c
- fs/xfs/scrub/dir.c 30 additions, 8 deletionsfs/xfs/scrub/dir.c
- fs/xfs/xfs_dir2_readdir.c 1 addition, 3 deletionsfs/xfs/xfs_dir2_readdir.c
Please register or sign in to comment