Eric,
Eric Sandeen wrote:
> While playing with some filesystem corruption testers, I ran into this.
>
> http://sandeen.net/xfs.31.img.bz2
>
> If you try to mount, it gets into xfs_buf_get_noaddr via log replay with
> a len of 0, and I think this causes an infinite loop in the goto:
>
> try_again:
> data = kmem_alloc(malloc_len, KM_SLEEP | KM_MAYFAIL);
> if (unlikely(data == NULL))
> goto fail_free_buf;
>
> /* check whether alignment matches.. */
> if ((__psunsigned_t)data !=
> ((__psunsigned_t)data & ~target->bt_smask)) {
> /* .. else double the size and try again */
> kmem_free(data, malloc_len);
> malloc_len <<= 1;
> goto try_again;
> }
>
> Up the callchain a bit there is an ASSERT that the size is > 0, but of
> course that doesn't help on a non-debug kernel...
>
> haven't had time to investigate beyond that.
>
> -Eric
>
I assume the loop is further up the chain since kmem_alloc should return NULL
when asked to alloc 0. So then the problem also lies further up the chain in
checking for a 0 length before calling down, and/or not assuming we are out of
memory when xfs_buf_get_noaddr fails.
David
--
David Chatterton
XFS Engineering Manager
SGI Australia
|