xfs_repair segfault

Viet Nguyen vietnguyen at gmail.com
Mon Oct 7 15:09:09 CDT 2013 

Thanks. That seemed to fix that bug.

Now I'm getting a lot of this:
xfs_da_do_buf(2): XFS_CORRUPTION_ERROR

fatal error -- can't read block 8388608 for directory inode 8628218

Then xfs_repair exits.

What I've been doing is what I saw in the FAQ where I would use xfs_db and
write core.mode 0 for these inodes. But there are just so many of them. And
is that even the right thing to do?

Thanks


On Fri, Oct 4, 2013 at 2:43 PM, Dave Chinner <david at fromorbit.com> wrote:

> On Fri, Oct 04, 2013 at 10:51:50AM -0700, Viet Nguyen wrote:
> > Hi,
> >
> > I was wondering if you got a chance to look at this and if one's
> available,
> > where can I get a patch?
>
> Can you try the patch below?
>
> Cheers,
>
> Dave.
> --
> Dave Chinner
> david at fromorbit.com
>
> libxfs: validity check the directory block leaf entry count
>
> From: Dave Chinner <dchinner at redhat.com>
>
> The directory block format verifier fails to check that the leaf
> entry count is in a valid range, and so if it is corrupted then it
> can lead to derefencing a pointer outside the block buffer. While we
> can't exactly validate the count without first walking the directory
> block, we can ensure the count lands in the valid area within the
> directory block and hence avoid out-of-block references.
>
> Signed-off-by: Dave Chinner <dchinner at redhat.com>
> ---
>  libxfs/xfs_dir2_data.c | 13 +++++++++++++
>  1 file changed, 13 insertions(+)
>
> diff --git a/libxfs/xfs_dir2_data.c b/libxfs/xfs_dir2_data.c
> index 189699f..1b5196b 100644
> --- a/libxfs/xfs_dir2_data.c
> +++ b/libxfs/xfs_dir2_data.c
> @@ -59,6 +59,18 @@ __xfs_dir3_data_check(
>                 btp = xfs_dir2_block_tail_p(mp, hdr);
>                 lep = xfs_dir2_block_leaf_p(btp);
>                 endp = (char *)lep;
> +
> +               /*
> +                * The number of leaf entries is limited by the size of the
> +                * block and the amount of space used by the data entries.
> +                * We don't know how much space is used by the data
> entries yet,
> +                * so just ensure that the count falls somewhere inside the
> +                * block right now.
> +                */
> +               XFS_WANT_CORRUPTED_RETURN(be32_to_cpu(btp->count) >
> +                               ((char *)btp - (char *)p) /
> +                                       sizeof(struct
> xfs_dir2_leaf_entry));
> +
>                 break;
>         case cpu_to_be32(XFS_DIR3_DATA_MAGIC):
>         case cpu_to_be32(XFS_DIR2_DATA_MAGIC):
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://oss.sgi.com/pipermail/xfs/attachments/20131007/c0d37bf5/attachment-0001.html>

More information about the xfs mailing list