[PATCH 0/3] ext4: fsmap: Improve key validation

From: Tudor Ambarus
Date: Wed Feb 22 2023 - 08:12:26 EST

Fix the bug reported at:
https://syzkaller.appspot.com/bug?id=79d5768e9bfe362911ac1a5057a36fc6b5c30002

Darrick J. Wong proposed a similar patch to address the same bug at:
https://lore.kernel.org/linux-ext4/3e125c64-da56-2a2b-1a20-fdcc5a0d3014@xxxxxxxxxx/

I think my version of the patch is better. It clearly indicates that
lower out of bounds requests are ignored. The high key should be greater
than the first data block for the ext4_getfsmap_datadev() handler,
otherwise there's no data to return, thus we exit early and ignore the
request. Darrick indirectly implied the same thing, but missed the case
where the high_key->fmr_phisical is equal to the first data block.

After the fix you'll find another patch that consolidates the validation
of the user provided data. Instead of having the checks scattered among
the fsmap representations, gather the code in a single method and do the
checks directly on the data received from user.
Similar patch can be done for xfs fsmap, but I'll wait for some
feedback first.

Tested the changes with kvm-xfstests: ext4/{027, 028, 029}, all passed,
output below.

Cheers,
ta

-------------------- Summary report
KERNEL: kernel 6.2.0-rc8-xfstests-00003-gc34cc283e325 #13 SMP PREEMPT_DYNAMIC Wed Feb 22 12:35:39 UTC 2023 x86_64
CMDLINE: ext4/027
CPUS: 2
MEM: 1975.3

ext4/4k: 1 tests, 1 seconds
ext4/027 Pass 1s
ext4/1k: 1 tests, 1 seconds
ext4/027 Pass 1s
ext4/ext3: 1 tests, 2 seconds
ext4/027 Pass 1s
ext4/encrypt: 1 tests, 1 seconds
ext4/027 Pass 0s
ext4/nojournal: 1 tests, 1 seconds
ext4/027 Pass 1s
ext4/ext3conv: 1 tests, 1 seconds
ext4/027 Pass 0s
ext4/adv: 1 tests, 1 seconds
ext4/027 Pass 1s
ext4/dioread_nolock: 1 tests, 1 seconds
ext4/027 Pass 1s
ext4/data_journal: 1 tests, 1 seconds
ext4/027 Pass 0s
ext4/bigalloc: 1 tests, 1 seconds
ext4/027 Pass 0s
ext4/bigalloc_1k: 1 tests, 1 seconds
ext4/027 Pass 0s
Totals: 11 tests, 0 skipped, 0 failures, 0 errors, 6s

FSTESTVER: blktests 4e07b0c (Fri, 15 Jul 2022 14:40:03 +0900)
FSTESTVER: fio fio-3.31 (Tue, 9 Aug 2022 14:41:25 -0600)
FSTESTVER: fsverity v1.5 (Sun, 6 Feb 2022 10:59:13 -0800)
FSTESTVER: ima-evm-utils v1.3.2 (Wed, 28 Oct 2020 13:18:08 -0400)
FSTESTVER: nvme-cli v1.16 (Thu, 11 Nov 2021 13:09:06 -0800)
FSTESTVER: quota v4.05-43-gd2256ac (Fri, 17 Sep 2021 14:04:16 +0200)
FSTESTVER: util-linux v2.38.1 (Thu, 4 Aug 2022 11:06:21 +0200)
FSTESTVER: xfsprogs v5.19.0 (Fri, 12 Aug 2022 13:45:01 -0500)
FSTESTVER: xfstests v2022.08.21-8-g289f50f8 (Sun, 21 Aug 2022 15:21:34 -0400)
FSTESTVER: xfstests-bld bb566bcf (Wed, 24 Aug 2022 23:07:24 -0400)
FSTESTVER: zz_build-distro bullseye
FSTESTCFG: all
FSTESTSET: ext4/027
FSTESTOPT: aex
[ 59.553199] ACPI: PM: Preparing to enter system sleep state S5
[ 59.557660] reboot: Power down

-------------------- Summary report
KERNEL: kernel 6.2.0-rc8-xfstests-00003-gc34cc283e325 #13 SMP PREEMPT_DYNAMIC Wed Feb 22 12:35:39 UTC 2023 x86_64
CMDLINE: ext4/028
CPUS: 2
MEM: 1975.31

ext4/4k: 1 tests, 1 seconds
ext4/028 Pass 1s
ext4/1k: 1 tests, 3 seconds
ext4/028 Pass 3s
ext4/ext3: 1 tests, 1 skipped, 1 seconds
ext4/028 Skipped 1s
ext4/encrypt: 0 tests, 0 seconds
ext4/nojournal: 1 tests, 4 seconds
ext4/028 Pass 4s
ext4/ext3conv: 1 tests, 5 seconds
ext4/028 Pass 4s
ext4/adv: 1 tests, 4 seconds
ext4/028 Pass 4s
ext4/dioread_nolock: 1 tests, 1 seconds
ext4/028 Pass 1s
ext4/data_journal: 1 tests, 1 seconds
ext4/028 Pass 1s
ext4/bigalloc: 1 tests, 5 seconds
ext4/028 Pass 5s
ext4/bigalloc_1k: 1 tests, 3 seconds
ext4/028 Pass 2s
Totals: 10 tests, 1 skipped, 0 failures, 0 errors, 26s

FSTESTVER: blktests 4e07b0c (Fri, 15 Jul 2022 14:40:03 +0900)
FSTESTVER: fio fio-3.31 (Tue, 9 Aug 2022 14:41:25 -0600)
FSTESTVER: fsverity v1.5 (Sun, 6 Feb 2022 10:59:13 -0800)
FSTESTVER: ima-evm-utils v1.3.2 (Wed, 28 Oct 2020 13:18:08 -0400)
FSTESTVER: nvme-cli v1.16 (Thu, 11 Nov 2021 13:09:06 -0800)
FSTESTVER: quota v4.05-43-gd2256ac (Fri, 17 Sep 2021 14:04:16 +0200)
FSTESTVER: util-linux v2.38.1 (Thu, 4 Aug 2022 11:06:21 +0200)
FSTESTVER: xfsprogs v5.19.0 (Fri, 12 Aug 2022 13:45:01 -0500)
FSTESTVER: xfstests v2022.08.21-8-g289f50f8 (Sun, 21 Aug 2022 15:21:34 -0400)
FSTESTVER: xfstests-bld bb566bcf (Wed, 24 Aug 2022 23:07:24 -0400)
FSTESTVER: zz_build-distro bullseye
FSTESTCFG: all
FSTESTSET: ext4/028
FSTESTOPT: aex
[ 76.557142] EXT4-fs (vdg): unmounting filesystem 3149a29d-9b44-4c17-82a6-c86addd7f1bb.
[ 76.592295] ACPI: PM: Preparing to enter system sleep state S5
[ 76.597019] reboot: Power down

-------------------- Summary report
KERNEL: kernel 6.2.0-rc8-xfstests-00003-gc34cc283e325 #13 SMP PREEMPT_DYNAMIC Wed Feb 22 12:35:39 UTC 2023 x86_64
CMDLINE: -c logdev ext4/029
CPUS: 2
MEM: 1975.31

ext4/logdev: 1 tests, 1 seconds
ext4/029 Pass 1s
Totals: 1 tests, 0 skipped, 0 failures, 0 errors, 1s

FSTESTVER: blktests 4e07b0c (Fri, 15 Jul 2022 14:40:03 +0900)
FSTESTVER: fio fio-3.31 (Tue, 9 Aug 2022 14:41:25 -0600)
FSTESTVER: fsverity v1.5 (Sun, 6 Feb 2022 10:59:13 -0800)
FSTESTVER: ima-evm-utils v1.3.2 (Wed, 28 Oct 2020 13:18:08 -0400)
FSTESTVER: nvme-cli v1.16 (Thu, 11 Nov 2021 13:09:06 -0800)
FSTESTVER: quota v4.05-43-gd2256ac (Fri, 17 Sep 2021 14:04:16 +0200)
FSTESTVER: util-linux v2.38.1 (Thu, 4 Aug 2022 11:06:21 +0200)
FSTESTVER: xfsprogs v5.19.0 (Fri, 12 Aug 2022 13:45:01 -0500)
FSTESTVER: xfstests v2022.08.21-8-g289f50f8 (Sun, 21 Aug 2022 15:21:34 -0400)
FSTESTVER: xfstests-bld bb566bcf (Wed, 24 Aug 2022 23:07:24 -0400)
FSTESTVER: zz_build-distro bullseye
FSTESTCFG: logdev
FSTESTSET: ext4/029
FSTESTOPT: aex
[ 8.217384] reboot: Power down

Tudor Ambarus (3):
ext4: fsmap: Fix crash caused by poor key validation
ext4: fsmap: Consolidate fsmap_head checks
ext4: fsmap: Remove duplicated initialization

fs/ext4/fsmap.c | 56 +++++++++++++++++++++++++++++++++++--------------
fs/ext4/fsmap.h | 3 +++
fs/ext4/ioctl.c | 17 +++------------
3 files changed, 46 insertions(+), 30 deletions(-)

--
2.39.2.637.g21b0678d19-goog