tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[XFS] prevent panic during log recovery due to bogus op_hdr length

A problem was reported where a system panicked in log recovery due to a
corrupt log record. The cause of the corruption is not known but this
change will at least prevent a crash for this specific scenario. Log
recovery definitely needs some more work in this area.

SGI-PV: 974151
SGI-Modid: xfs-linux-melb:xfs-kern:30318a

Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>

authored by

Lachlan McIlroy and committed by
Lachlan McIlroy 9742bb93 f71354bc

+6 -1
unified split
+6 -1
fs/xfs/xfs_log_recover.c
··· 2912 xlog_recover_new_tid(&rhash[hash], tid, 2913 be64_to_cpu(rhead->h_lsn)); 2914 } else { 2915 - ASSERT(dp + be32_to_cpu(ohead->oh_len) <= lp); 2916 flags = ohead->oh_flags & ~XLOG_END_TRANS; 2917 if (flags & XLOG_WAS_CONT_TRANS) 2918 flags &= ~XLOG_CONTINUE_TRANS;
··· 2912 xlog_recover_new_tid(&rhash[hash], tid, 2913 be64_to_cpu(rhead->h_lsn)); 2914 } else { 2915 + if (dp + be32_to_cpu(ohead->oh_len) > lp) { 2916 + xlog_warn( 2917 + "XFS: xlog_recover_process_data: bad length"); 2918 + WARN_ON(1); 2919 + return (XFS_ERROR(EIO)); 2920 + } 2921 flags = ohead->oh_flags & ~XLOG_END_TRANS; 2922 if (flags & XLOG_WAS_CONT_TRANS) 2923 flags &= ~XLOG_CONTINUE_TRANS;