diff options
author | Darrick J. Wong <darrick.wong@oracle.com> | 2020-01-08 01:12:24 +0100 |
---|---|---|
committer | Darrick J. Wong <darrick.wong@oracle.com> | 2020-01-16 17:07:23 +0100 |
commit | c3d5f0c2fb85351a1017b23692d3d6ab561b1f32 (patch) | |
tree | 98a405563d1d9789b2529b7f2e19abdb6df7e91e /fs/xfs | |
parent | xfs: clean up xfs_buf_item_get_format return value (diff) | |
download | linux-c3d5f0c2fb85351a1017b23692d3d6ab561b1f32.tar.xz linux-c3d5f0c2fb85351a1017b23692d3d6ab561b1f32.zip |
xfs: complain if anyone tries to create a too-large buffer log item
Complain if someone calls xfs_buf_item_init on a buffer that is larger
than the dirty bitmap can handle, or tries to log a region that's past
the end of the dirty bitmap.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Diffstat (limited to 'fs/xfs')
-rw-r--r-- | fs/xfs/xfs_buf_item.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c index 9737f177a49b..be691d1d9fad 100644 --- a/fs/xfs/xfs_buf_item.c +++ b/fs/xfs/xfs_buf_item.c @@ -763,6 +763,15 @@ xfs_buf_item_init( XFS_BLF_CHUNK); map_size = DIV_ROUND_UP(chunks, NBWORD); + if (map_size > XFS_BLF_DATAMAP_SIZE) { + kmem_cache_free(xfs_buf_item_zone, bip); + xfs_err(mp, + "buffer item dirty bitmap (%u uints) too small to reflect %u bytes!", + map_size, + BBTOB(bp->b_maps[i].bm_len)); + return -EFSCORRUPTED; + } + bip->bli_formats[i].blf_type = XFS_LI_BUF; bip->bli_formats[i].blf_blkno = bp->b_maps[i].bm_bn; bip->bli_formats[i].blf_len = bp->b_maps[i].bm_len; @@ -795,6 +804,9 @@ xfs_buf_item_log_segment( uint end_bit; uint mask; + ASSERT(first < XFS_BLF_DATAMAP_SIZE * XFS_BLF_CHUNK * NBWORD); + ASSERT(last < XFS_BLF_DATAMAP_SIZE * XFS_BLF_CHUNK * NBWORD); + /* * Convert byte offsets to bit numbers. */ |