tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

XFS bug in log recover with quota (bugzilla id 855)

Hi,
I was hit by a bug in linux 2.6.31 when XFS is not able to recover the
log after a crash if fs was mounted with quotas. Gory details in XFS
bugzilla: http://oss.sgi.com/bugzilla/show_bug.cgi?id=855.

It looks like wrong struct is used in buffer length check, and the following
patch should fix the problem.

xfs_dqblk_t has a size of 104+32 bytes, while xfs_disk_dquot_t is 104 bytes
long, and this is exactly what I see in system logs - "XFS: dquot too small
(104) in xlog_recover_do_dquot_trans."

Signed-off-by: Jan Rekorajski <baggins@sith.mimuw.edu.pl>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>

authored by Jan Rekorajski and committed by Alex Elder 8ec6dba2 a9366e61

+2 -2
unified split
+2 -2
fs/xfs/xfs_log_recover.c
··· 1980 "XFS: NULL dquot in %s.", __func__); 1981 goto next; 1982 } 1983 - if (item->ri_buf[i].i_len < sizeof(xfs_dqblk_t)) { 1984 cmn_err(CE_ALERT, 1985 "XFS: dquot too small (%d) in %s.", 1986 item->ri_buf[i].i_len, __func__); ··· 2635 "XFS: NULL dquot in %s.", __func__); 2636 return XFS_ERROR(EIO); 2637 } 2638 - if (item->ri_buf[1].i_len < sizeof(xfs_dqblk_t)) { 2639 cmn_err(CE_ALERT, 2640 "XFS: dquot too small (%d) in %s.", 2641 item->ri_buf[1].i_len, __func__);
··· 1980 "XFS: NULL dquot in %s.", __func__); 1981 goto next; 1982 } 1983 + if (item->ri_buf[i].i_len < sizeof(xfs_disk_dquot_t)) { 1984 cmn_err(CE_ALERT, 1985 "XFS: dquot too small (%d) in %s.", 1986 item->ri_buf[i].i_len, __func__); ··· 2635 "XFS: NULL dquot in %s.", __func__); 2636 return XFS_ERROR(EIO); 2637 } 2638 + if (item->ri_buf[1].i_len < sizeof(xfs_disk_dquot_t)) { 2639 cmn_err(CE_ALERT, 2640 "XFS: dquot too small (%d) in %s.", 2641 item->ri_buf[1].i_len, __func__);