summaryrefslogtreecommitdiffstats
path: root/fs/xfs/xfs_log_recover.c
diff options
context:
space:
mode:
authorDarrick J. Wong <darrick.wong@oracle.com>2020-01-14 01:33:46 +0100
committerDarrick J. Wong <darrick.wong@oracle.com>2020-01-16 17:07:24 +0100
commit8a6453a89dc10269adb1fc0cd0ceba928d557c21 (patch)
tree9436eaf0077cc793ca8ebc34405d36633febfdae /fs/xfs/xfs_log_recover.c
parentxfs: make struct xfs_buf_log_format have a consistent size (diff)
downloadlinux-8a6453a89dc10269adb1fc0cd0ceba928d557c21.tar.xz
linux-8a6453a89dc10269adb1fc0cd0ceba928d557c21.zip
xfs: check log iovec size to make sure it's plausibly a buffer log format
When log recovery is processing buffer log items, we should check that the incoming iovec actually describes a region of memory large enough to contain the log format and the dirty map. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
Diffstat (limited to 'fs/xfs/xfs_log_recover.c')
-rw-r--r--fs/xfs/xfs_log_recover.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
index 99ec3fba4548..0d683fb96396 100644
--- a/fs/xfs/xfs_log_recover.c
+++ b/fs/xfs/xfs_log_recover.c
@@ -1934,6 +1934,12 @@ xlog_recover_buffer_pass1(
struct list_head *bucket;
struct xfs_buf_cancel *bcp;
+ if (!xfs_buf_log_check_iovec(&item->ri_buf[0])) {
+ xfs_err(log->l_mp, "bad buffer log item size (%d)",
+ item->ri_buf[0].i_len);
+ return -EFSCORRUPTED;
+ }
+
/*
* If this isn't a cancel buffer item, then just return.
*/