diff options
Diffstat (limited to 'fs/jbd2/recovery.c')
| -rw-r--r-- | fs/jbd2/recovery.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/fs/jbd2/recovery.c b/fs/jbd2/recovery.c index b5128c6e63ad..a9079d035ae5 100644 --- a/fs/jbd2/recovery.c +++ b/fs/jbd2/recovery.c | |||
| @@ -842,15 +842,23 @@ static int scan_revoke_records(journal_t *journal, struct buffer_head *bh, | |||
| 842 | { | 842 | { |
| 843 | jbd2_journal_revoke_header_t *header; | 843 | jbd2_journal_revoke_header_t *header; |
| 844 | int offset, max; | 844 | int offset, max; |
| 845 | int csum_size = 0; | ||
| 846 | __u32 rcount; | ||
| 845 | int record_len = 4; | 847 | int record_len = 4; |
| 846 | 848 | ||
| 847 | header = (jbd2_journal_revoke_header_t *) bh->b_data; | 849 | header = (jbd2_journal_revoke_header_t *) bh->b_data; |
| 848 | offset = sizeof(jbd2_journal_revoke_header_t); | 850 | offset = sizeof(jbd2_journal_revoke_header_t); |
| 849 | max = be32_to_cpu(header->r_count); | 851 | rcount = be32_to_cpu(header->r_count); |
| 850 | 852 | ||
| 851 | if (!jbd2_revoke_block_csum_verify(journal, header)) | 853 | if (!jbd2_revoke_block_csum_verify(journal, header)) |
| 852 | return -EINVAL; | 854 | return -EINVAL; |
| 853 | 855 | ||
| 856 | if (jbd2_journal_has_csum_v2or3(journal)) | ||
| 857 | csum_size = sizeof(struct jbd2_journal_revoke_tail); | ||
| 858 | if (rcount > journal->j_blocksize - csum_size) | ||
| 859 | return -EINVAL; | ||
| 860 | max = rcount; | ||
| 861 | |||
| 854 | if (JBD2_HAS_INCOMPAT_FEATURE(journal, JBD2_FEATURE_INCOMPAT_64BIT)) | 862 | if (JBD2_HAS_INCOMPAT_FEATURE(journal, JBD2_FEATURE_INCOMPAT_64BIT)) |
| 855 | record_len = 8; | 863 | record_len = 8; |
| 856 | 864 | ||