diff options
| author | Barry Naujok <bnaujok@sgi.com> | 2008-10-30 02:05:49 -0400 |
|---|---|---|
| committer | Lachlan McIlroy <lachlan@sgi.com> | 2008-10-30 02:05:49 -0400 |
| commit | 89b2839319cb0c0364d55dc6fd6d3838e864ab54 (patch) | |
| tree | 495f9ce90c83f5af8d594814ba4a12a389d8f8cc | |
| parent | 847fff5ca881670ca8ec617afeb943950f0c804b (diff) | |
[XFS] Check agf_btreeblks is valid when reading in the AGF
SGI-PV: 987683
SGI-Modid: xfs-linux-melb:xfs-kern:32232a
Signed-off-by: Barry Naujok <bnaujok@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
| -rw-r--r-- | fs/xfs/xfs_alloc.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/xfs/xfs_alloc.c b/fs/xfs/xfs_alloc.c index 54fa69e27761..0a2a87208b17 100644 --- a/fs/xfs/xfs_alloc.c +++ b/fs/xfs/xfs_alloc.c | |||
| @@ -2272,6 +2272,9 @@ xfs_alloc_read_agf( | |||
| 2272 | be32_to_cpu(agf->agf_flfirst) < XFS_AGFL_SIZE(mp) && | 2272 | be32_to_cpu(agf->agf_flfirst) < XFS_AGFL_SIZE(mp) && |
| 2273 | be32_to_cpu(agf->agf_fllast) < XFS_AGFL_SIZE(mp) && | 2273 | be32_to_cpu(agf->agf_fllast) < XFS_AGFL_SIZE(mp) && |
| 2274 | be32_to_cpu(agf->agf_flcount) <= XFS_AGFL_SIZE(mp); | 2274 | be32_to_cpu(agf->agf_flcount) <= XFS_AGFL_SIZE(mp); |
| 2275 | if (xfs_sb_version_haslazysbcount(&mp->m_sb)) | ||
| 2276 | agf_ok = agf_ok && be32_to_cpu(agf->agf_btreeblks) <= | ||
| 2277 | be32_to_cpu(agf->agf_length); | ||
| 2275 | if (unlikely(XFS_TEST_ERROR(!agf_ok, mp, XFS_ERRTAG_ALLOC_READ_AGF, | 2278 | if (unlikely(XFS_TEST_ERROR(!agf_ok, mp, XFS_ERRTAG_ALLOC_READ_AGF, |
| 2276 | XFS_RANDOM_ALLOC_READ_AGF))) { | 2279 | XFS_RANDOM_ALLOC_READ_AGF))) { |
| 2277 | XFS_CORRUPTION_ERROR("xfs_alloc_read_agf", | 2280 | XFS_CORRUPTION_ERROR("xfs_alloc_read_agf", |
| @@ -2297,6 +2300,7 @@ xfs_alloc_read_agf( | |||
| 2297 | #ifdef DEBUG | 2300 | #ifdef DEBUG |
| 2298 | else if (!XFS_FORCED_SHUTDOWN(mp)) { | 2301 | else if (!XFS_FORCED_SHUTDOWN(mp)) { |
| 2299 | ASSERT(pag->pagf_freeblks == be32_to_cpu(agf->agf_freeblks)); | 2302 | ASSERT(pag->pagf_freeblks == be32_to_cpu(agf->agf_freeblks)); |
| 2303 | ASSERT(pag->pagf_btreeblks == be32_to_cpu(agf->agf_btreeblks)); | ||
| 2300 | ASSERT(pag->pagf_flcount == be32_to_cpu(agf->agf_flcount)); | 2304 | ASSERT(pag->pagf_flcount == be32_to_cpu(agf->agf_flcount)); |
| 2301 | ASSERT(pag->pagf_longest == be32_to_cpu(agf->agf_longest)); | 2305 | ASSERT(pag->pagf_longest == be32_to_cpu(agf->agf_longest)); |
| 2302 | ASSERT(pag->pagf_levels[XFS_BTNUM_BNOi] == | 2306 | ASSERT(pag->pagf_levels[XFS_BTNUM_BNOi] == |