From: Brian Foster <bfoster@redhat.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: xfs@oss.sgi.com
Subject: Re: [PATCH 2/2] xfs: validate transaction header length on log recovery
Date: Sun, 21 Jun 2015 16:25:29 -0400 [thread overview]
Message-ID: <20150621202526.GA3955@bfoster.bfoster> (raw)
In-Reply-To: <20150621092722.GA7914@infradead.org>
On Sun, Jun 21, 2015 at 02:27:22AM -0700, Christoph Hellwig wrote:
> This looks sensible to me, but I still can't make sense of the old
> code which just conditionally copied it even after taking a brief
> look at the pre-git history of this code. Does anyone understand why
> the code was like this? Fixing code that seems to have had an
> intention I can't make sense of always feel dangerous.
>
Yeah, I couldn't really make much sense of the original code either. My
reasoning at the time was that the memcpy() seemed superfluous in this
case, as we wouldn't add anything to trans->r_itemq and end up doing the
memcpy() again the next time around.
Taking another look at other xlog_recover_add_item() callsites, there is
this in the xlog_recover_add_to_cont_trans() case:
if (list_empty(&trans->r_itemq)) {
/* finish copying rest of trans header */
xlog_recover_add_item(&trans->r_itemq);
ptr = (xfs_caddr_t) &trans->r_theader +
sizeof(xfs_trans_header_t) - len;
memcpy(ptr, dp, len);
return 0;
}
... which according to the code/comment, seems to imply that the
transaction header could be split across op records..? I'm not terribly
familiar with the log on-disk format. Does this sound sane?
If so, perhaps the patch is wrong and we should only bail if the length
in either of these two cases is obviously invalid (e.g., it exceeds the
size of the full in-core structure). Perhaps there's also more
validation that can occur here: can we assert that this should mean
we're at the end of the operation record in the first short copy
instance? I'll probably have to stare at this some more with regard to
that.
Brian
> _______________________________________________
> xfs mailing list
> xfs@oss.sgi.com
> http://oss.sgi.com/mailman/listinfo/xfs
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2015-06-21 20:25 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-18 12:48 [PATCH 0/2] xfs: misc. attribute and log recovery fixes Brian Foster
2015-06-18 12:49 ` [PATCH 1/2] xfs: don't truncate attribute extents if no extents exist Brian Foster
2015-06-19 15:14 ` Christoph Hellwig
2015-06-19 15:45 ` Brian Foster
2015-06-21 9:22 ` Christoph Hellwig
2015-06-22 13:38 ` [PATCH v2] " Brian Foster
2015-06-18 12:49 ` [PATCH 2/2] xfs: validate transaction header length on log recovery Brian Foster
2015-06-21 9:27 ` Christoph Hellwig
2015-06-21 20:25 ` Brian Foster [this message]
2015-06-21 23:05 ` Dave Chinner
2015-06-22 13:59 ` Brian Foster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150621202526.GA3955@bfoster.bfoster \
--to=bfoster@redhat.com \
--cc=hch@infradead.org \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox