tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

ocfs2: validate bg_free_bits_count after update

This patch adds a safe check to ensure bg_free_bits_count doesn't exceed
bg_bits in a group descriptor. This is to avoid on disk corruption that was
seen recently.

debugfs: group <52803072>
Group Chain: 179 Parent Inode: 11 Generation: 2959379682
CRC32: 00000000 ECC: 0000
## Block# Total Used Free Contig Size
0 52803072 32256 4294965350 34202 18207 4032
......

Signed-off-by: Srinivas Eeda <srinivas.eeda@oracle.com>
Signed-off-by: Joel Becker <joel.becker@oracle.com>

authored by Srinivas Eeda and committed by Joel Becker 9b5cd10e 93f3b86f

+16
unified split
+16
fs/ocfs2/suballoc.c
··· 1380 } 1381 1382 le16_add_cpu(&bg->bg_free_bits_count, -num_bits); 1383 while(num_bits--) 1384 ocfs2_set_bit(bit_off++, bitmap); 1385 ··· 2427 (unsigned long *) undo_bg->bg_bitmap); 2428 } 2429 le16_add_cpu(&bg->bg_free_bits_count, num_bits); 2430 2431 if (undo_fn) 2432 jbd_unlock_bh_state(group_bh);
··· 1380 } 1381 1382 le16_add_cpu(&bg->bg_free_bits_count, -num_bits); 1383 + if (le16_to_cpu(bg->bg_free_bits_count) > le16_to_cpu(bg->bg_bits)) { 1384 + ocfs2_error(alloc_inode->i_sb, "Group descriptor # %llu has bit" 1385 + " count %u but claims %u are freed. num_bits %d", 1386 + (unsigned long long)le64_to_cpu(bg->bg_blkno), 1387 + le16_to_cpu(bg->bg_bits), 1388 + le16_to_cpu(bg->bg_free_bits_count), num_bits); 1389 + return -EROFS; 1390 + } 1391 while(num_bits--) 1392 ocfs2_set_bit(bit_off++, bitmap); 1393 ··· 2419 (unsigned long *) undo_bg->bg_bitmap); 2420 } 2421 le16_add_cpu(&bg->bg_free_bits_count, num_bits); 2422 + if (le16_to_cpu(bg->bg_free_bits_count) > le16_to_cpu(bg->bg_bits)) { 2423 + ocfs2_error(alloc_inode->i_sb, "Group descriptor # %llu has bit" 2424 + " count %u but claims %u are freed. num_bits %d", 2425 + (unsigned long long)le64_to_cpu(bg->bg_blkno), 2426 + le16_to_cpu(bg->bg_bits), 2427 + le16_to_cpu(bg->bg_free_bits_count), num_bits); 2428 + return -EROFS; 2429 + } 2430 2431 if (undo_fn) 2432 jbd_unlock_bh_state(group_bh);