xfs: check log iovec size to make sure it's plausibly a buffer log format

STATIC void	xfs_buf_do_callbacks(struct xfs_buf *bp);

/* Is this log iovec plausibly large enough to contain the buffer log format? */

bool

xfs_buf_log_check_iovec(

	struct xfs_log_iovec		*iovec)

{

	struct xfs_buf_log_format	*blfp = iovec->i_addr;

	char				*bmp_end;

	char				*item_end;

	if (offsetof(struct xfs_buf_log_format, blf_data_map) > iovec->i_len)

		return false;

	item_end = (char *)iovec->i_addr + iovec->i_len;

	bmp_end = (char *)&blfp->blf_data_map[blfp->blf_map_size];

	return bmp_end <= item_end;

}

static inline int

xfs_buf_log_format_size(

	struct xfs_buf_log_format *blfp)

void	xfs_buf_iodone(struct xfs_buf *, struct xfs_log_item *);

bool	xfs_buf_resubmit_failed_buffers(struct xfs_buf *,

					struct list_head *);

bool	xfs_buf_log_check_iovec(struct xfs_log_iovec *iovec);

extern kmem_zone_t	*xfs_buf_item_zone;

	struct list_head	*bucket;

	struct xfs_buf_cancel	*bcp;

	if (!xfs_buf_log_check_iovec(&item->ri_buf[0])) {

		xfs_err(log->l_mp, "bad buffer log item size (%d)",

				item->ri_buf[0].i_len);

		return -EFSCORRUPTED;

	}

	/*

	 * If this isn't a cancel buffer item, then just return.

	 */