fs/xfs: Handle non-continuous data blocks in directory extents

Related: #2254370
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>

0360-fs-xfs-Handle-non-continuous-data-blocks-in-director.patch

@@ -0,0 +1,54 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Jon DeVree <nuxi@vault24.org>
+Date: Sun, 11 Feb 2024 10:34:58 -0500
+Subject: [PATCH] fs/xfs: Handle non-continuous data blocks in directory
+ extents
+
+The directory extent list does not have to be a continuous list of data
+blocks. When GRUB tries to read a non-existant member of the list,
+grub_xfs_read_file() will return a block of zero'ed memory. Checking for
+a zero'ed magic number is sufficient to skip this non-existant data block.
+
+Prior to commit 07318ee7e (fs/xfs: Fix XFS directory extent parsing)
+this was handled as a subtle side effect of reading the (non-existant)
+tail data structure. Since the block was zero'ed the computation of the
+number of directory entries in the block would return 0 as well.
+
+Fixes: 07318ee7e (fs/xfs: Fix XFS directory extent parsing)
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2254370
+
+Signed-off-by: Jon DeVree <nuxi@vault24.org>
+Reviewed-By: Vladimir Serbinenko <phcoder@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/fs/xfs.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
+index bc2224dbb463..8e02ab4a3014 100644
+--- a/grub-core/fs/xfs.c
++++ b/grub-core/fs/xfs.c
+@@ -902,6 +902,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
+ 					grub_xfs_first_de(dir->data, dirblock);
+ 	    int entries = -1;
+ 	    char *end = dirblock + dirblk_size;
++	    grub_uint32_t magic;
+ 
+ 	    numread = grub_xfs_read_file (dir, 0, 0,
+ 					  blk << dirblk_log2,
+@@ -912,6 +913,15 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
+ 	        return 0;
+ 	      }
+ 
++	    /*
++	     * If this data block isn't actually part of the extent list then
++	     * grub_xfs_read_file() returns a block of zeros. So, if the magic
++	     * number field is all zeros then this block should be skipped.
++	     */
++	    magic = *(grub_uint32_t *)(void *) dirblock;
++	    if (!magic)
++	      continue;
++
+ 	    /*
+ 	     * Leaf and tail information are only in the data block if the number
+ 	     * of extents is 1.

grub.patches

@@ -357,3 +357,4 @@ Patch0356: 0356-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
 Patch0357: 0357-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
 Patch0358: 0358-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
 Patch0359: 0359-fs-ntfs-Make-code-more-readable.patch
+Patch0360: 0360-fs-xfs-Handle-non-continuous-data-blocks-in-director.patch

grub2.spec

@@ -17,7 +17,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.06
-Release:	120%{?dist}
+Release:	121%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPL-3.0-or-later
 URL:		http://www.gnu.org/software/grub/
@@ -554,6 +554,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 %endif
 
 %changelog
+* Fri Apr 12 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-121
+- fs/xfs: Handle non-continuous data blocks in directory extents
+- Related: #2254370
+
 * Fri Mar 8 2024 Nicolas Frayer <nfrayer@redhat.com> - 2.06-120
 - GRUB2 NTFS driver vulnerabilities
 - (CVE-2023-4692)