git: 8435a9b20684 - main - Updates to UFS/FFS superblock integrity checks when reading a superblock.

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mark Millard <marklmi_at_yahoo.com>
Date: Fri, 18 Nov 2022 02:06:54 UTC
Kirk McKusick <mckusick_at_FreeBSD.org> wrote on
Date: Thu, 17 Nov 2022 22:51:52 UTC :

> The branch main has been updated by mckusick:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=8435a9b20684ba8bcda3df31d06b4d5eac9431a7
> 
> commit 8435a9b20684ba8bcda3df31d06b4d5eac9431a7
> Author: Kirk McKusick <mckusick@FreeBSD.org>
> AuthorDate: 2022-11-17 22:50:27 +0000
> Commit: Kirk McKusick <mckusick@FreeBSD.org>
> CommitDate: 2022-11-17 22:51:15 +0000
> 
> Updates to UFS/FFS superblock integrity checks when reading a superblock.
> 
> Further updates adding casts to avoid 32-bit multiplication overflow
> inspired by fixes in commit 017367c1146a69.
> 
> No legitimate superblocks should fail as a result of these changes.
> 
> Sponsored by: The FreeBSD Foundation
> ---
> sys/ufs/ffs/ffs_subr.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/sys/ufs/ffs/ffs_subr.c b/sys/ufs/ffs/ffs_subr.c
> index b6b0be56fc73..67f4fcd92fd8 100644
> --- a/sys/ufs/ffs/ffs_subr.c
> +++ b/sys/ufs/ffs/ffs_subr.c
> @@ -473,13 +473,15 @@ validate_sblock(struct fs *fs, int flags)
> FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd);
> FCHK(fs->fs_ncg, <, 1, %jd);
> FCHK(fs->fs_ipg, <, fs->fs_inopb, %jd);
> - FCHK(fs->fs_ipg * fs->fs_ncg, >, (((int64_t)(1)) << 32) - INOPB(fs),
> - %jd);
> + FCHK((u_int64_t)fs->fs_ipg * fs->fs_ncg, >,
> + (((int64_t)(1)) << 32) - INOPB(fs), %jd);
> FCHK(fs->fs_cstotal.cs_nifree, <, 0, %jd);
> - FCHK(fs->fs_cstotal.cs_nifree, >, fs->fs_ipg * fs->fs_ncg, %jd);
> + FCHK(fs->fs_cstotal.cs_nifree, >, (u_int64_t)fs->fs_ipg * fs->fs_ncg,
> + %jd);
> FCHK(fs->fs_cstotal.cs_ndir, <, 0, %jd);
> FCHK(fs->fs_cstotal.cs_ndir, >,
> - (fs->fs_ipg * fs->fs_ncg) - fs->fs_cstotal.cs_nifree, %jd);
> + ((u_int64_t)fs->fs_ipg * fs->fs_ncg) - fs->fs_cstotal.cs_nifree,
> + %jd);
> FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd);
> FCHK(fs->fs_sbsize, <, (signed)sizeof(struct fs), %jd);
> FCHK(fs->fs_maxbsize, <, fs->fs_bsize, %jd);
> 

Just a note about C99+ vs. some details above.

Context: dioxXu conversion specifiers related material.

%j is from C99 for intmax_t and uintmax_t "expected argument type"

%ll is from C99 for long long and unsigned long long "expected
argument type"

From what I can tell, FreeBSD tends to avoid the "Format macro
constants" (not listed here) for trying to have system independent
notation and tends to use intmax_t/uintmax_t with %j . This
might (eventually) survive better than use of %j with int64_t and
u_int64_t . Technically intmax_t/uintmax_t could each be 128 bits
or some such, even now.

I'll also note that u_int64_t is not from C99. uint64_t is from
C99. I've no clue if that is important for this code. int64_t is
from C99.

===
Mark Millard
marklmi at yahoo.com