Commit 3148ebf2 authored by Dave Chinner's avatar Dave Chinner Committed by Dave Chinner

xfs: validity check agbnos on the AGFL

If the agfl or the indexing in the AGF has been corrupted, getting a
block form the AGFL could return an invalid block number. If this
happens, bad things happen. Check the agbno we pull off the AGFL
and return -EFSCORRUPTED if we find somethign bad.
Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
parent e0a8de7d
...@@ -2780,6 +2780,9 @@ xfs_alloc_get_freelist( ...@@ -2780,6 +2780,9 @@ xfs_alloc_get_freelist(
*/ */
agfl_bno = xfs_buf_to_agfl_bno(agflbp); agfl_bno = xfs_buf_to_agfl_bno(agflbp);
bno = be32_to_cpu(agfl_bno[be32_to_cpu(agf->agf_flfirst)]); bno = be32_to_cpu(agfl_bno[be32_to_cpu(agf->agf_flfirst)]);
if (XFS_IS_CORRUPT(tp->t_mountp, !xfs_verify_agbno(pag, bno)))
return -EFSCORRUPTED;
be32_add_cpu(&agf->agf_flfirst, 1); be32_add_cpu(&agf->agf_flfirst, 1);
xfs_trans_brelse(tp, agflbp); xfs_trans_brelse(tp, agflbp);
if (be32_to_cpu(agf->agf_flfirst) == xfs_agfl_size(mp)) if (be32_to_cpu(agf->agf_flfirst) == xfs_agfl_size(mp))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment