xfs
[Top] [All Lists]

Re: [PATCH] xfs_repair: catch bad depth in traverse_int_dir2block

To: Eric Sandeen <sandeen@xxxxxxxxxxx>
Subject: Re: [PATCH] xfs_repair: catch bad depth in traverse_int_dir2block
From: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Date: Mon, 8 Jun 2009 03:42:30 -0400
Cc: xfs-oss <xfs@xxxxxxxxxxx>, Richard Kolkovich <richard@xxxxxxxxxxxxx>
In-reply-to: <4A2C8AD8.9030107@xxxxxxxxxxx>
References: <4A2C8AD8.9030107@xxxxxxxxxxx>
User-agent: Mutt/1.5.18 (2008-05-17)
On Sun, Jun 07, 2009 at 10:51:52PM -0500, Eric Sandeen wrote:
> A bad on-disk tree depth in traverse_int_dir2block() can
> later cause a segfault when it's used as an array index in
> this function; if we get something beyond the max depth,
> just error out and the dir will get rebuilt.
> 
> Reported-by: Richard Kolkovich <richard@xxxxxxxxxxxxx>
> Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxxx>
> ---
> 
> diff --git a/repair/dir2.c b/repair/dir2.c
> index 9575fb1..2723e3b 100644
> --- a/repair/dir2.c
> +++ b/repair/dir2.c
> @@ -339,9 +339,17 @@ traverse_int_dir2block(xfs_mount_t       *mp,
>               /*
>                * maintain level counter
>                */
> -             if (i == -1)
> +             if (i == -1) {
>                       i = da_cursor->active = be16_to_cpu(node->hdr.level);
> -             else  {
> +                     if (i >= XFS_DA_NODE_MAXDEPTH) {
> +                             do_warn(_("bad header depth for directory "
> +                                       "inode %llu\n"),
> +                                     da_cursor->ino);
> +                             da_brelse(bp);
> +                             i = -1;
> +                             goto error_out;
> +                     }
> +             } else {

>From reading the surrounding code this means the dir is now flagged
as corrupted and we attemp to rebuild it.  Which is the only thing we
can do here for now.


Reviewed-by: Christoph Hellwig <hch@xxxxxx>

It would be very good to have an xfsqa testcase with a forcibly
corrupted directoty (checked in image or using xfs_db) to verify this
behaviour.

<Prev in Thread] Current Thread [Next in Thread>