diff options
author | Eric Sandeen <sandeen@sandeen.net> | 2013-09-09 22:33:29 +0200 |
---|---|---|
committer | Ben Myers <bpm@sgi.com> | 2013-10-30 22:38:29 +0100 |
commit | 10e6e65dfcedff63275c3d649d329c044caa8e26 (patch) | |
tree | c2b36e18acb66c25dd339538f6b5b6ab6e922367 /fs | |
parent | xfs: fix possible NULL dereference in xlog_verify_iclog (diff) | |
download | linux-10e6e65dfcedff63275c3d649d329c044caa8e26.tar.xz linux-10e6e65dfcedff63275c3d649d329c044caa8e26.zip |
xfs: be more forgiving of a v4 secondary sb w/ junk in v5 fields
Today, if xfs_sb_read_verify encounters a v4 superblock
with junk past v4 fields which includes data in sb_crc,
it will be treated as a failing checksum and a significant
corruption.
There are known prior bugs which leave junk at the end
of the V4 superblock; we don't need to actually fail the
verification in this case if other checks pan out ok.
So if this is a secondary superblock, and the primary
superblock doesn't indicate that this is a V5 filesystem,
don't treat this as an actual checksum failure.
We should probably check the garbage condition as
we do in xfs_repair, and possibly warn about it
or self-heal, but that's a different scope of work.
Stable folks: This can go back to v3.10, which is what
introduced the sb CRC checking that is tripped up by old,
stale, incorrect V4 superblocks w/ unzeroed bits.
Cc: stable@vger.kernel.org
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Acked-by: Dave Chinner <david@fromorbit.com>
Reviewed-by: Mark Tinguely <tinguely@sgi.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/xfs/xfs_sb.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/fs/xfs/xfs_sb.c b/fs/xfs/xfs_sb.c index 13c7834b0e65..b7c9aea77f8f 100644 --- a/fs/xfs/xfs_sb.c +++ b/fs/xfs/xfs_sb.c @@ -588,6 +588,11 @@ xfs_sb_verify( * single bit error could clear the feature bit and unused parts of the * superblock are supposed to be zero. Hence a non-null crc field indicates that * we've potentially lost a feature bit and we should check it anyway. + * + * However, past bugs (i.e. in growfs) left non-zeroed regions beyond the + * last field in V4 secondary superblocks. So for secondary superblocks, + * we are more forgiving, and ignore CRC failures if the primary doesn't + * indicate that the fs version is V5. */ static void xfs_sb_read_verify( @@ -608,8 +613,12 @@ xfs_sb_read_verify( if (!xfs_verify_cksum(bp->b_addr, be16_to_cpu(dsb->sb_sectsize), offsetof(struct xfs_sb, sb_crc))) { - error = EFSCORRUPTED; - goto out_error; + /* Only fail bad secondaries on a known V5 filesystem */ + if (bp->b_bn != XFS_SB_DADDR && + xfs_sb_version_hascrc(&mp->m_sb)) { + error = EFSCORRUPTED; + goto out_error; + } } } error = xfs_sb_verify(bp, true); |