xfs: complain if anyone tries to create a too-large buffer log item (c3d5f0c2) · Commits · 戴 / test

Complain if someone calls xfs_buf_item_init on a buffer that is larger than the dirty bitmap can handle, or tries to log a region that's past the end of the dirty bitmap. Signed-off-by:

Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by:

Christoph Hellwig <hch@lst.de>

fs/xfs/xfs_buf_item.c

+12 −0

Original line number	Diff line number	Diff line
		@@ -763,6 +763,15 @@ xfs_buf_item_init(
		XFS_BLF_CHUNK);
		map_size = DIV_ROUND_UP(chunks, NBWORD);

		if (map_size > XFS_BLF_DATAMAP_SIZE) {
		kmem_cache_free(xfs_buf_item_zone, bip);
		xfs_err(mp,
		"buffer item dirty bitmap (%u uints) too small to reflect %u bytes!",
		map_size,
		BBTOB(bp->b_maps[i].bm_len));
		return -EFSCORRUPTED;
		}

		bip->bli_formats[i].blf_type = XFS_LI_BUF;
		bip->bli_formats[i].blf_blkno = bp->b_maps[i].bm_bn;
		bip->bli_formats[i].blf_len = bp->b_maps[i].bm_len;
		@@ -795,6 +804,9 @@ xfs_buf_item_log_segment(
		uint end_bit;
		uint mask;

		ASSERT(first < XFS_BLF_DATAMAP_SIZE * XFS_BLF_CHUNK * NBWORD);
		ASSERT(last < XFS_BLF_DATAMAP_SIZE * XFS_BLF_CHUNK * NBWORD);

		/*
		* Convert byte offsets to bit numbers.
		*/

Admin message