XFS bug in log recover with quota (bugzilla id 855) (8ec6dba2) · Commits · 戴 / test

Hi, I was hit by a bug in linux 2.6.31 when XFS is not able to recover the log after a crash if fs was mounted with quotas. Gory details in XFS bugzilla: http://oss.sgi.com/bugzilla/show_bug.cgi?id=855 . It looks like wrong struct is used in buffer length check, and the following patch should fix the problem. xfs_dqblk_t has a size of 104+32 bytes, while xfs_disk_dquot_t is 104 bytes long, and this is exactly what I see in system logs - "XFS: dquot too small (104) in xlog_recover_do_dquot_trans." Signed-off-by:

Jan Rekorajski <baggins@sith.mimuw.edu.pl> Reviewed-by:

Christoph Hellwig <hch@lst.de> Signed-off-by:

Alex Elder <aelder@sgi.com>

fs/xfs/xfs_log_recover.c

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -1980,7 +1980,7 @@ xlog_recover_do_reg_buffer(
	"XFS: NULL dquot in %s.", __func__);		"XFS: NULL dquot in %s.", __func__);
	goto next;		goto next;
	}		}
	if (item->ri_buf[i].i_len < sizeof(xfs_dqblk_t)) {		if (item->ri_buf[i].i_len < sizeof(xfs_disk_dquot_t)) {
	cmn_err(CE_ALERT,		cmn_err(CE_ALERT,
	"XFS: dquot too small (%d) in %s.",		"XFS: dquot too small (%d) in %s.",
	item->ri_buf[i].i_len, __func__);		item->ri_buf[i].i_len, __func__);
	@@ -2635,7 +2635,7 @@ xlog_recover_do_dquot_trans(
	"XFS: NULL dquot in %s.", __func__);		"XFS: NULL dquot in %s.", __func__);
	return XFS_ERROR(EIO);		return XFS_ERROR(EIO);
	}		}
	if (item->ri_buf[1].i_len < sizeof(xfs_dqblk_t)) {		if (item->ri_buf[1].i_len < sizeof(xfs_disk_dquot_t)) {
	cmn_err(CE_ALERT,		cmn_err(CE_ALERT,
	"XFS: dquot too small (%d) in %s.",		"XFS: dquot too small (%d) in %s.",
	item->ri_buf[1].i_len, __func__);		item->ri_buf[1].i_len, __func__);

Admin message