* [PATCH] xfsprogs/repair: fix crash on zero record finobt reconstruction
@ 2014-11-18 14:08 Brian Foster
0 siblings, 0 replies; only message in thread
From: Brian Foster @ 2014-11-18 14:08 UTC (permalink / raw)
To: xfs
The inode btrees are reconstructed in phase 5. init_ino_cursor() helps
determine the block requirements of the tree based on the number of
records. If the finobt is empty, we can crash in the btree blocks
calculation code due to a divide-by-zero error in the following line:
lptr->modulo = num_recs % lptr->num_blocks;
This occurs if num_recs and in-turn lptr->num_blocks evaluate to zero.
We already have an execution path for the zero record btree scenario.
However, it is only invoked when no records are found in the in-core
tree. The finobt zero-record scenario can occur with a populated in-core
tree provided that none of the existing records contain free inodes.
Move the zero-record handling code after the loop and use the record
count to trigger it. This is safe because the loop iterator checks for
ino_rec != NULL. This allows reuse of the same code regardless of
whether the in-core tree is empty or non-empty but contains no records
that meet the requirements for the particular on-disk tree under
reconstruction (e.g., finobt).
Signed-off-by: Brian Foster <bfoster@redhat.com>
---
repair/phase5.c | 35 ++++++++++++++++++-----------------
1 file changed, 18 insertions(+), 17 deletions(-)
diff --git a/repair/phase5.c b/repair/phase5.c
index 3d58936..3a2cdbb 100644
--- a/repair/phase5.c
+++ b/repair/phase5.c
@@ -914,26 +914,10 @@ init_ino_cursor(xfs_mount_t *mp, xfs_agnumber_t agno, bt_status_t *btree_curs,
lptr = &btree_curs->level[0];
btree_curs->init = 1;
- if ((ino_rec = findfirst_inode_rec(agno)) == NULL) {
- /*
- * easy corner-case -- no inode records
- */
- lptr->num_blocks = 1;
- lptr->modulo = 0;
- lptr->num_recs_pb = 0;
- lptr->num_recs_tot = 0;
-
- btree_curs->num_levels = 1;
- btree_curs->num_tot_blocks = btree_curs->num_free_blocks = 1;
-
- setup_cursor(mp, agno, btree_curs);
-
- return;
- }
-
/*
* build up statistics
*/
+ ino_rec = findfirst_inode_rec(agno);
for (num_recs = 0; ino_rec != NULL; ino_rec = next_ino_rec(ino_rec)) {
rec_nfinos = 0;
for (i = 0; i < XFS_INODES_PER_CHUNK; i++) {
@@ -953,6 +937,23 @@ init_ino_cursor(xfs_mount_t *mp, xfs_agnumber_t agno, bt_status_t *btree_curs,
num_recs++;
}
+ if (num_recs == 0) {
+ /*
+ * easy corner-case -- no inode records
+ */
+ lptr->num_blocks = 1;
+ lptr->modulo = 0;
+ lptr->num_recs_pb = 0;
+ lptr->num_recs_tot = 0;
+
+ btree_curs->num_levels = 1;
+ btree_curs->num_tot_blocks = btree_curs->num_free_blocks = 1;
+
+ setup_cursor(mp, agno, btree_curs);
+
+ return;
+ }
+
blocks_allocated = lptr->num_blocks = howmany(num_recs,
XR_INOBT_BLOCK_MAXRECS(mp, 0));
--
1.8.3.1
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2014-11-18 14:08 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-18 14:08 [PATCH] xfsprogs/repair: fix crash on zero record finobt reconstruction Brian Foster
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox