[PATCH] xfsprogs/repair: fix crash on zero record finobt reconstruction

To:	xfs@xxxxxxxxxxx
Subject:	[PATCH] xfsprogs/repair: fix crash on zero record finobt reconstruction
From:	Brian Foster <bfoster@xxxxxxxxxx>
Date:	Tue, 18 Nov 2014 09:08:10 -0500
Delivered-to:	xfs@xxxxxxxxxxx

The inode btrees are reconstructed in phase 5. init_ino_cursor() helps
determine the block requirements of the tree based on the number of
records. If the finobt is empty, we can crash in the btree blocks
calculation code due to a divide-by-zero error in the following line:

        lptr->modulo = num_recs % lptr->num_blocks;

This occurs if num_recs and in-turn lptr->num_blocks evaluate to zero.

We already have an execution path for the zero record btree scenario.
However, it is only invoked when no records are found in the in-core
tree. The finobt zero-record scenario can occur with a populated in-core
tree provided that none of the existing records contain free inodes.

Move the zero-record handling code after the loop and use the record
count to trigger it. This is safe because the loop iterator checks for
ino_rec != NULL. This allows reuse of the same code regardless of
whether the in-core tree is empty or non-empty but contains no records
that meet the requirements for the particular on-disk tree under
reconstruction (e.g., finobt).

Signed-off-by: Brian Foster <bfoster@xxxxxxxxxx>
---
 repair/phase5.c | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/repair/phase5.c b/repair/phase5.c
index 3d58936..3a2cdbb 100644
--- a/repair/phase5.c
+++ b/repair/phase5.c
@@ -914,26 +914,10 @@ init_ino_cursor(xfs_mount_t *mp, xfs_agnumber_t agno, 
bt_status_t *btree_curs,
        lptr = &btree_curs->level[0];
        btree_curs->init = 1;
 
-       if ((ino_rec = findfirst_inode_rec(agno)) == NULL)  {
-               /*
-                * easy corner-case -- no inode records
-                */
-               lptr->num_blocks = 1;
-               lptr->modulo = 0;
-               lptr->num_recs_pb = 0;
-               lptr->num_recs_tot = 0;
-
-               btree_curs->num_levels = 1;
-               btree_curs->num_tot_blocks = btree_curs->num_free_blocks = 1;
-
-               setup_cursor(mp, agno, btree_curs);
-
-               return;
-       }
-
        /*
         * build up statistics
         */
+       ino_rec = findfirst_inode_rec(agno);
        for (num_recs = 0; ino_rec != NULL; ino_rec = next_ino_rec(ino_rec))  {
                rec_nfinos = 0;
                for (i = 0; i < XFS_INODES_PER_CHUNK; i++)  {
@@ -953,6 +937,23 @@ init_ino_cursor(xfs_mount_t *mp, xfs_agnumber_t agno, 
bt_status_t *btree_curs,
                num_recs++;
        }
 
+       if (num_recs == 0) {
+               /*
+                * easy corner-case -- no inode records
+                */
+               lptr->num_blocks = 1;
+               lptr->modulo = 0;
+               lptr->num_recs_pb = 0;
+               lptr->num_recs_tot = 0;
+
+               btree_curs->num_levels = 1;
+               btree_curs->num_tot_blocks = btree_curs->num_free_blocks = 1;
+
+               setup_cursor(mp, agno, btree_curs);
+
+               return;
+       }
+
        blocks_allocated = lptr->num_blocks = howmany(num_recs,
                                        XR_INOBT_BLOCK_MAXRECS(mp, 0));
 
-- 
1.8.3.1

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] xfsprogs/repair: fix crash on zero record finobt reconstruction, Brian Foster <=

Previous by Date:	Re: How to determine the reserved blocks in xfs filesystem ?, Brian Foster
Next by Date:	Re: [PATCH 04/11] quota: Split ->set_xstate callback into two, Jan Kara
Previous by Thread:	How to determine the reserved blocks in xfs filesystem ?, Mukul Malhotra
Next by Thread:	[PATCH] xfs: catch invalid negative blknos in _xfs_buf_find(), Eric Sandeen
Indexes:	[Date] [Thread] [Top] [All Lists]