xfs: actually abort log recovery on corrupt intent-done log items

If log recovery picks up intent-done log items that are not of the
correct size it needs to abort recovery and fail the mount.  Debug
assertions are not good enough.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>

diff --git a/fs/xfs/xfs_extfree_item.c b/fs/xfs/xfs_extfree_item.c
index f7e52db8da667cbbb3b4c26770014828d1c8579f..18c2243513434bf5a8a6bf4193618c43178d1c9c 100644 (file)
--- a/fs/xfs/xfs_extfree_item.c
+++ b/fs/xfs/xfs_extfree_item.c
@@ -751,12 +751,24 @@ xlog_recover_efd_commit_pass2(
        xfs_lsn_t                       lsn)
 {
        struct xfs_efd_log_format       *efd_formatp;
+       int                             buflen = item->ri_buf[0].i_len;
 
        efd_formatp = item->ri_buf[0].i_addr;
-       ASSERT(item->ri_buf[0].i_len == xfs_efd_log_format32_sizeof(
-                                               efd_formatp->efd_nextents) ||
-              item->ri_buf[0].i_len == xfs_efd_log_format64_sizeof(
-                                               efd_formatp->efd_nextents));
+
+       if (buflen < sizeof(struct xfs_efd_log_format)) {
+               XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, log->l_mp,
+                               efd_formatp, buflen);
+               return -EFSCORRUPTED;
+       }
+
+       if (item->ri_buf[0].i_len != xfs_efd_log_format32_sizeof(
+                                               efd_formatp->efd_nextents) &&
+           item->ri_buf[0].i_len != xfs_efd_log_format64_sizeof(
+                                               efd_formatp->efd_nextents)) {
+               XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, log->l_mp,
+                               efd_formatp, buflen);
+               return -EFSCORRUPTED;
+       }
 
        xlog_recover_release_intent(log, XFS_LI_EFI, efd_formatp->efd_efi_id);
        return 0;

diff --git a/fs/xfs/xfs_rmap_item.c b/fs/xfs/xfs_rmap_item.c
index 27047e73f58290219f2ded72f186fa98291537cc..5a360c384ea5c32cb92a913407d404213fdb27d7 100644 (file)
--- a/fs/xfs/xfs_rmap_item.c
+++ b/fs/xfs/xfs_rmap_item.c
@@ -707,7 +707,11 @@ xlog_recover_rud_commit_pass2(
        struct xfs_rud_log_format       *rud_formatp;
 
        rud_formatp = item->ri_buf[0].i_addr;
-       ASSERT(item->ri_buf[0].i_len == sizeof(struct xfs_rud_log_format));
+       if (item->ri_buf[0].i_len != sizeof(struct xfs_rud_log_format)) {
+               XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, log->l_mp,
+                               rud_formatp, item->ri_buf[0].i_len);
+               return -EFSCORRUPTED;
+       }
 
        xlog_recover_release_intent(log, XFS_LI_RUI, rud_formatp->rud_rui_id);
        return 0;