diff options
| author | Darrick J. Wong <darrick.wong@oracle.com> | 2022-09-24 18:26:43 +0530 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-09-28 11:04:10 +0200 |
| commit | a33bcad48b48fa413039be1bf3266c3c8a38dc69 (patch) | |
| tree | 2fedbee539e94fc15814039b75111e8c783d340e | |
| parent | a102869fb173b8b1fcbe782c7effa6d738f41b86 (diff) | |
| download | linux-stable-a33bcad48b48fa413039be1bf3266c3c8a38dc69.tar.gz linux-stable-a33bcad48b48fa413039be1bf3266c3c8a38dc69.tar.bz2 linux-stable-a33bcad48b48fa413039be1bf3266c3c8a38dc69.zip | |
xfs: range check ri_cnt when recovering log items
commit d6abecb82573fed5f7e4b595b5c0bd37707d2848 upstream.
Range check the region counter when we're reassembling regions from log
items during log recovery. In the old days ASSERT would halt the
kernel, but this isn't true any more so we have to make an explicit
error return.
Coverity-id: 1132508
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandan.babu@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | fs/xfs/xfs_log_recover.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c index c1a514ffff55..094ae1a91c44 100644 --- a/fs/xfs/xfs_log_recover.c +++ b/fs/xfs/xfs_log_recover.c @@ -4293,7 +4293,16 @@ xlog_recover_add_to_trans( kmem_zalloc(item->ri_total * sizeof(xfs_log_iovec_t), 0); } - ASSERT(item->ri_total > item->ri_cnt); + + if (item->ri_total <= item->ri_cnt) { + xfs_warn(log->l_mp, + "log item region count (%d) overflowed size (%d)", + item->ri_cnt, item->ri_total); + ASSERT(0); + kmem_free(ptr); + return -EFSCORRUPTED; + } + /* Description region is ri_buf[0] */ item->ri_buf[item->ri_cnt].i_addr = ptr; item->ri_buf[item->ri_cnt].i_len = len; |