From: Chandan Babu R <chandan.babu@oracle.com>
To: djwong@kernel.org
Cc: chandan.babu@oracle.com, linux-xfs@vger.kernel.org,
amir73il@gmail.com, leah.rumancik@gmail.com
Subject: [PATCH 5.4 CANDIDATE V2 06/17] xfs: range check ri_cnt when recovering log items
Date: Tue, 20 Sep 2022 18:18:25 +0530 [thread overview]
Message-ID: <20220920124836.1914918-7-chandan.babu@oracle.com> (raw)
In-Reply-To: <20220920124836.1914918-1-chandan.babu@oracle.com>
From: "Darrick J. Wong" <darrick.wong@oracle.com>
commit d6abecb82573fed5f7e4b595b5c0bd37707d2848 upstream.
Range check the region counter when we're reassembling regions from log
items during log recovery. In the old days ASSERT would halt the
kernel, but this isn't true any more so we have to make an explicit
error return.
Coverity-id: 1132508
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandan.babu@oracle.com>
---
fs/xfs/xfs_log_recover.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
index c1a514ffff55..094ae1a91c44 100644
--- a/fs/xfs/xfs_log_recover.c
+++ b/fs/xfs/xfs_log_recover.c
@@ -4293,7 +4293,16 @@ xlog_recover_add_to_trans(
kmem_zalloc(item->ri_total * sizeof(xfs_log_iovec_t),
0);
}
- ASSERT(item->ri_total > item->ri_cnt);
+
+ if (item->ri_total <= item->ri_cnt) {
+ xfs_warn(log->l_mp,
+ "log item region count (%d) overflowed size (%d)",
+ item->ri_cnt, item->ri_total);
+ ASSERT(0);
+ kmem_free(ptr);
+ return -EFSCORRUPTED;
+ }
+
/* Description region is ri_buf[0] */
item->ri_buf[item->ri_cnt].i_addr = ptr;
item->ri_buf[item->ri_cnt].i_len = len;
--
2.35.1
next prev parent reply other threads:[~2022-09-20 12:49 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-20 12:48 [PATCH 5.4 CANDIDATE V2 00/17] xfs stable candidate patches for 5.4.y (from v5.5) Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 01/17] MAINTAINERS: add Chandan as xfs maintainer for 5.4.y Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 02/17] iomap: iomap that extends beyond EOF should be marked dirty Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 03/17] xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 04/17] xfs: slightly tweak an assert in xfs_fs_map_blocks Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 05/17] xfs: add missing assert in xfs_fsmap_owner_from_rmap Chandan Babu R
2022-09-20 12:48 ` Chandan Babu R [this message]
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 07/17] xfs: attach dquots and reserve quota blocks during unwritten conversion Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 08/17] xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename() Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 09/17] xfs: convert EIO to EFSCORRUPTED when log contents are invalid Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 10/17] xfs: constify the buffer pointer arguments to error functions Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 11/17] xfs: always log corruption errors Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 12/17] xfs: fix some memory leaks in log recovery Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 13/17] xfs: stabilize insert range start boundary to avoid COW writeback race Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 14/17] xfs: use bitops interface for buf log item AIL flag check Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 15/17] xfs: refactor agfl length computation function Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 16/17] xfs: split the sunit parameter update into two parts Chandan Babu R
2022-09-20 12:48 ` [PATCH 5.4 CANDIDATE V2 17/17] xfs: don't commit sunit/swidth updates to disk if that would cause repair failures Chandan Babu R
2022-09-21 0:38 ` [PATCH 5.4 CANDIDATE V2 00/17] xfs stable candidate patches for 5.4.y (from v5.5) Darrick J. Wong
2022-09-21 2:13 ` Chandan Babu R
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220920124836.1914918-7-chandan.babu@oracle.com \
--to=chandan.babu@oracle.com \
--cc=amir73il@gmail.com \
--cc=djwong@kernel.org \
--cc=leah.rumancik@gmail.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox