Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuis R. Rodriguez <mcgrof@suse.com>2017-09-13 14:11:10 -0700
committerLuis R. Rodriguez <mcgrof@suse.com>2017-09-18 23:38:15 -0700
commit9db523a9dad117d7dddb39931688a43fbd792dc3 (patch)
tree8b311831e261c31f8c9ac6c36320ebeed90f6fb2
parentc407b7e7b6a5b123bf44a02a0747e8018224147d (diff)
Revert "xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598)."
-rw-r--r--patches.fixes/0001-xfs-detect-and-handle-invalid-iclog-size-set-by-mkfs.patch90
-rw-r--r--series.conf3
2 files changed, 1 insertions, 92 deletions
diff --git a/patches.fixes/0001-xfs-detect-and-handle-invalid-iclog-size-set-by-mkfs.patch b/patches.fixes/0001-xfs-detect-and-handle-invalid-iclog-size-set-by-mkfs.patch
deleted file mode 100644
index 0df927c685..0000000000
--- a/patches.fixes/0001-xfs-detect-and-handle-invalid-iclog-size-set-by-mkfs.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 8496384bcc156995ca89a913967f8ec4da5c999a Mon Sep 17 00:00:00 2001
-From: Brian Foster <bfoster@redhat.com>
-Date: Sat, 29 Jul 2017 15:22:37 -0400
-Subject: [PATCH 1/6] xfs: detect and handle invalid iclog size set by mkfs
-Git-commit: 8496384bcc156995ca89a913967f8ec4da5c999a
-Patch-mainline: v4.5-rc1
-References: bsc#1043598
-
-XFS log records have separate fields for the record size and the iclog
-size used to write the record. mkfs.xfs zeroes the log and writes an
-unmount record to generate a clean log for the subsequent mount. The
-userspace record logging code has a bug where the iclog size (h_size)
-field of the log record is hardcoded to 32k, even if a log stripe unit
-is specified. The log record length is correctly extended to the stripe
-unit. Since the kernel log recovery code uses the h_size field to
-determine the log buffer size, this means that the kernel can attempt to
-read/process records larger than the buffer size and overrun the buffer.
-
-This has historically not been a problem because the kernel doesn't
-actually run through log recovery in the clean unmount case. Instead,
-the kernel detects that a single unmount record exists between the head
-and tail and pushes the tail forward such that the log is viewed as
-clean (head == tail). Once CRC verification is enabled, however, all
-records at the head of the log are verified for CRC errors and thus we
-are susceptible to overrun problems if the iclog field is not correct.
-
-While the core problem must be fixed in userspace, this is historical
-behavior that must be detected in the kernel to avoid severe side
-effects such as memory corruption and crashes. Update the log buffer
-size calculation code to detect this condition, warn the user and resize
-the log buffer based on the log stripe unit. Return a corruption error
-in cases where this does not look like a clean filesystem (i.e., the log
-record header indicates more than one operation).
-
-Signed-off-by: Brian Foster <bfoster@redhat.com>
-Reviewed-by: Dave Chinner <dchinner@redhat.com>
-Signed-off-by: Dave Chinner <david@fromorbit.com>
-Signed-off-by: Luis R. Rodriguez <mcgrof@suse.com>
----
- fs/xfs/xfs_log_recover.c | 26 +++++++++++++++++++++++++-
- 1 file changed, 25 insertions(+), 1 deletion(-)
-
-diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
-index 229f4a7a18fb..b46fdd26ff42 100644
---- a/fs/xfs/xfs_log_recover.c
-+++ b/fs/xfs/xfs_log_recover.c
-@@ -4340,7 +4340,7 @@ xlog_do_recovery_pass(
- xfs_daddr_t blk_no;
- char *offset;
- xfs_buf_t *hbp, *dbp;
-- int error = 0, h_size;
-+ int error = 0, h_size, h_len;
- int error2 = 0;
- int bblks, split_bblks;
- int hblks, split_hblks, wrapped_hblks;
-@@ -4371,7 +4371,31 @@ xlog_do_recovery_pass(
- error = xlog_valid_rec_header(log, rhead, tail_blk);
- if (error)
- goto bread_err1;
-+
-+ /*
-+ * xfsprogs has a bug where record length is based on lsunit but
-+ * h_size (iclog size) is hardcoded to 32k. Now that we
-+ * unconditionally CRC verify the unmount record, this means the
-+ * log buffer can be too small for the record and cause an
-+ * overrun.
-+ *
-+ * Detect this condition here. Use lsunit for the buffer size as
-+ * long as this looks like the mkfs case. Otherwise, return an
-+ * error to avoid a buffer overrun.
-+ */
- h_size = be32_to_cpu(rhead->h_size);
-+ h_len = be32_to_cpu(rhead->h_len);
-+ if (h_len > h_size) {
-+ if (h_len <= log->l_mp->m_logbsize &&
-+ be32_to_cpu(rhead->h_num_logops) == 1) {
-+ xfs_warn(log->l_mp,
-+ "invalid iclog size (%d bytes), using lsunit (%d bytes)",
-+ h_size, log->l_mp->m_logbsize);
-+ h_size = log->l_mp->m_logbsize;
-+ } else
-+ return -EFSCORRUPTED;
-+ }
-+
- if ((be32_to_cpu(rhead->h_version) & XLOG_VERSION_2) &&
- (h_size > XLOG_HEADER_CYCLE_SIZE)) {
- hblks = h_size / XLOG_HEADER_CYCLE_SIZE;
---
-2.11.0
-
diff --git a/series.conf b/series.conf
index 3fb67e177d..861f5f8177 100644
--- a/series.conf
+++ b/series.conf
@@ -4173,8 +4173,7 @@
patches.fixes/xfs-update-metadata-LSN-in-buffers-during-log-recove.patch
patches.fixes/xfs-log-recovery-tracepoints-to-track-current-lsn-an.patch
- # bsc#1036215
- patches.fixes/0001-xfs-detect-and-handle-invalid-iclog-size-set-by-mkfs.patch
+
# bsc#989056 - XFS DMAPI fixes
patches.fixes/xfs-fix-buffer-overflow-dm_get_dirattrs.patch