1 commit cbd7508db4c9597889ad98d5f027542002e0e57c
2 Author: Eric Sandeen <sandeen@redhat.com>
3 Date: Thu Aug 15 02:26:40 2013 +0000
5 xfs_repair: zero out unused parts of superblocks
8 1375cb65 xfs: growfs: don't read garbage for new secondary superblocks
10 we ran the risk of allowing garbage in secondary superblocks
11 beyond the in-use sb fields. With kernels 3.10 and beyond, the
12 verifiers will kick these out as invalid, but xfs_repair does
13 not detect or repair this condition.
15 There is superblock stale-data zeroing code, but it is under a
16 narrow conditional - the bug addressed in the above commit did not
17 meet that conditional. So change this to check unconditionally.
19 Further, the checking code was looking at the in-memory
20 superblock buffer, which was zeroed prior to population, and
21 would therefore never possibly show any stale data beyond the
22 last up-rev superblock field.
24 So instead, check the disk buffer for this garbage condition.
26 If we detect garbage, we must zero out both the in-memory sb
27 and the disk buffer; the former may contain unused data
28 in up-rev sb fields which will be written back out; the latter
29 may contain garbage beyond all fields, which won't be updated
30 when we translate the in-memory sb back to disk.
32 The V4 superblock case was zeroing out the sb_bad_features2
33 field; we also fix that to leave that field alone.
35 Lastly, use offsetof() instead of the tortured (__psint_t)
38 Reported-by: Michael Maier <m1278468@allmail.net>
39 Signed-off-by: Eric Sandeen <sandeen@redhat.com>
40 Reviewed-by: Rich Johnston <rjohnston@sgi.com>
41 Signed-off-by: Rich Johnston <rjohnston@sgi.com>
43 diff --git a/repair/agheader.c b/repair/agheader.c
44 index b0f38ba..53e47b6 100644
45 --- a/repair/agheader.c
46 +++ b/repair/agheader.c
47 @@ -256,60 +256,63 @@ secondary_sb_wack(xfs_mount_t *mp, xfs_buf_t *sbuf, xfs_sb_t *sb,
51 - * mkfs's that stamped a feature bit besides the ones in the mask
52 - * (e.g. were pre-6.5 beta) could leave garbage in the secondary
53 - * superblock sectors. Anything stamping the shared fs bit or better
54 - * into the secondaries is ok and should generate clean secondary
55 - * superblock sectors. so only run the zero check on the
56 - * potentially garbaged secondaries.
57 + * Check for garbage beyond the last valid field.
58 + * Use field addresses instead so this code will still
59 + * work against older filesystems when the superblock
60 + * gets rev'ed again with new fields appended.
62 + * size is the size of data which is valid for this sb.
65 - (sb->sb_versionnum & XR_GOOD_SECSB_VNMASK) == 0 ||
66 - sb->sb_versionnum < XFS_SB_VERSION_4) {
68 - * Check for garbage beyond the last field.
69 - * Use field addresses instead so this code will still
70 - * work against older filesystems when the superblock
71 - * gets rev'ed again with new fields appended.
73 - if (xfs_sb_version_hasmorebits(sb))
74 - size = (__psint_t)&sb->sb_features2
75 - + sizeof(sb->sb_features2) - (__psint_t)sb;
76 - else if (xfs_sb_version_haslogv2(sb))
77 - size = (__psint_t)&sb->sb_logsunit
78 - + sizeof(sb->sb_logsunit) - (__psint_t)sb;
79 - else if (xfs_sb_version_hassector(sb))
80 - size = (__psint_t)&sb->sb_logsectsize
81 - + sizeof(sb->sb_logsectsize) - (__psint_t)sb;
82 - else if (xfs_sb_version_hasdirv2(sb))
83 - size = (__psint_t)&sb->sb_dirblklog
84 - + sizeof(sb->sb_dirblklog) - (__psint_t)sb;
86 - size = (__psint_t)&sb->sb_width
87 - + sizeof(sb->sb_width) - (__psint_t)sb;
88 - for (ip = (char *)((__psint_t)sb + size);
89 - ip < (char *)((__psint_t)sb + mp->m_sb.sb_sectsize);
98 - rval |= XR_AG_SB_SEC;
101 - _("zeroing unused portion of %s superblock (AG #%u)\n"),
102 - !i ? _("primary") : _("secondary"), i);
103 - memset((void *)((__psint_t)sb + size), 0,
104 - mp->m_sb.sb_sectsize - size);
107 - _("would zero unused portion of %s superblock (AG #%u)\n"),
108 - !i ? _("primary") : _("secondary"), i);
109 + if (xfs_sb_version_hascrc(sb))
110 + size = offsetof(xfs_sb_t, sb_lsn)
111 + + sizeof(sb->sb_lsn);
112 + else if (xfs_sb_version_hasmorebits(sb))
113 + size = offsetof(xfs_sb_t, sb_bad_features2)
114 + + sizeof(sb->sb_bad_features2);
115 + else if (xfs_sb_version_haslogv2(sb))
116 + size = offsetof(xfs_sb_t, sb_logsunit)
117 + + sizeof(sb->sb_logsunit);
118 + else if (xfs_sb_version_hassector(sb))
119 + size = offsetof(xfs_sb_t, sb_logsectsize)
120 + + sizeof(sb->sb_logsectsize);
121 + else if (xfs_sb_version_hasdirv2(sb))
122 + size = offsetof(xfs_sb_t, sb_dirblklog)
123 + + sizeof(sb->sb_dirblklog);
125 + size = offsetof(xfs_sb_t, sb_width)
126 + + sizeof(sb->sb_width);
128 + /* Check the buffer we read from disk for garbage outside size */
129 + for (ip = XFS_BUF_PTR(sbuf) + size;
130 + ip < XFS_BUF_PTR(sbuf) + mp->m_sb.sb_sectsize;
138 + rval |= XR_AG_SB_SEC;
141 + _("zeroing unused portion of %s superblock (AG #%u)\n"),
142 + !i ? _("primary") : _("secondary"), i);
144 + * zero both the in-memory sb and the disk buffer,
145 + * because the former was read from disk and
146 + * may contain newer version fields that shouldn't
147 + * be set, and the latter is never updated past
148 + * the last field - just zap them both.
150 + memset((void *)((__psint_t)sb + size), 0,
151 + mp->m_sb.sb_sectsize - size);
152 + memset(XFS_BUF_PTR(sbuf) + size, 0,
153 + mp->m_sb.sb_sectsize - size);
156 + _("would zero unused portion of %s superblock (AG #%u)\n"),
157 + !i ? _("primary") : _("secondary"), i);
161 * now look for the fields we can manipulate directly.