If agi->agi_level exceeds XFS_BTREE_MAXLEVELS (8), bad things happen. For
example in xfs_inobt_init_cursor() we read it directly off disk into a btree
cursor:
xfs_inobt_init_cursor()
cur->bc_nlevels = be32_to_cpu(agi->agi_level);
and then when it's time to tear it down we'll index into bc_bufs[] buy whatever
it said:
xfs_btree_del_cursor()
for (i = 0; i < cur->bc_nlevels; i++) {
if (cur->bc_bufs[i])
xfs_trans_brelse(cur->bc_tp, cur->bc_bufs[i]);
but bc_bufs[] in the xfs_btree_cur is of fixed size:
struct xfs_buf *bc_bufs[XFS_BTREE_MAXLEVELS]; /* buf ptr per level */
where
#define XFS_BTREE_MAXLEVELS 8 /* max of all btrees */
(which means this limits any btree depth, not just agi, right...)
...
So I ran across this on an intentionally corrupted image, but I don't know what
stops us from going past XFS_BTREE_MAXLEVELS in normal operations (unless we
just hit filesystem limits before then?)
i.e. xfs_btree_new_root() does:
/* Set the root in the holding structure increasing the level by 1. */
cur->bc_ops->set_root(cur, &lptr, 1);
and ->set_root / xfs_inobt_set_root() will happily increase agi_level; I don't
see anything limiting it to XFS_BTREE_MAXLEVELS.
I guess XFS_BTREE_MAXLEVELS is just an arbitrary in-memory limit, not a limit
of the underlying disk structures, but as it stands, we should be sure that we
don't exceed it, right?
I was going to put that limit into xfs_agi_verify, but realized that I wasn't
sure if we could actually exceed that depth in normal operations.
(cue dchinner working out that 9 levels is 59 bazillion jillion items, and will
never be hit?)
Thanks,
-Eric
|