xfs: strengthen rtalloc query range checks

Strengthen the rtalloc range query checks to make sure that the keys do
not run off the end of the realtime device inappropriately.  Note that
the query range functions require units of rt extents, not blocks,
despite the type name.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Allison Henderson <allison.henderson@oracle.com>
Reviewed-by: Bill O'Donnell <billodo@redhat.com>

diff --git a/fs/xfs/libxfs/xfs_rtbitmap.c b/fs/xfs/libxfs/xfs_rtbitmap.c
index 7712f282d172229f96470b7be4d52d4a09d69f32..1855182c11ec97a917baf696032973aac321b390 100644 (file)
--- a/fs/xfs/libxfs/xfs_rtbitmap.c
+++ b/fs/xfs/libxfs/xfs_rtbitmap.c
@@ -1038,8 +1038,11 @@ xfs_rtalloc_query_range(
 
        if (low_rec->ar_startblock > high_rec->ar_startblock)
                return -EINVAL;
-       else if (low_rec->ar_startblock == high_rec->ar_startblock)
+       if (low_rec->ar_startblock >= mp->m_sb.sb_rextents ||
+           low_rec->ar_startblock == high_rec->ar_startblock)
                return 0;
+       if (high_rec->ar_startblock >= mp->m_sb.sb_rextents)
+               high_rec->ar_startblock = mp->m_sb.sb_rextents - 1;
 
        /* Iterate the bitmap, looking for discrepancies. */
        rtstart = low_rec->ar_startblock;
@@ -1083,7 +1086,7 @@ xfs_rtalloc_query_all(
        struct xfs_rtalloc_rec          keys[2];
 
        keys[0].ar_startblock = 0;
-       keys[1].ar_startblock = tp->t_mountp->m_sb.sb_rblocks;
+       keys[1].ar_startblock = tp->t_mountp->m_sb.sb_rextents - 1;
        keys[0].ar_blockcount = keys[1].ar_blockcount = 0;
 
        return xfs_rtalloc_query_range(tp, &keys[0], &keys[1], fn, priv);