linux/fs/xfs
Christoph Hellwig f754591b17 xfs: fix log recovery buffer allocation for the legacy h_size fixup
commit 45cf976008 upstream.

Commit a70f9fe52d ("xfs: detect and handle invalid iclog size set by
mkfs") added a fixup for incorrect h_size values used for the initial
umount record in old xfsprogs versions.  Later commit 0c771b99d6
("xfs: clean up calculation of LR header blocks") cleaned up the log
reover buffer calculation, but stoped using the fixed up h_size value
to size the log recovery buffer, which can lead to an out of bounds
access when the incorrect h_size does not come from the old mkfs
tool, but a fuzzer.

Fix this by open coding xlog_logrec_hblks and taking the fixed h_size
into account for this calculation.

Fixes: 0c771b99d6 ("xfs: clean up calculation of LR header blocks")
Reported-by: Sam Sun <samsun1006219@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Kevin Berry <kpberry@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-08-19 05:45:49 +02:00
..
libxfs xfs: fix exception caused by unexpected illegal bestcount in leaf dir 2023-11-28 16:56:26 +00:00
scrub xfs: disable reaping in fscounters scrub 2023-10-06 13:18:10 +02:00
Kconfig
kmem.c
kmem.h
Makefile
mrlock.h
xfs_acl.c overlayfs update for 5.15 2021-09-02 09:21:27 -07:00
xfs_acl.h vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
xfs_aops.c xfs: punch out data fork delalloc blocks on COW writeback failure 2022-07-02 16:41:13 +02:00
xfs_aops.h
xfs_attr_inactive.c xfs: fix use-after-free in xattr node block inactivation 2023-11-28 16:56:25 +00:00
xfs_attr_list.c xfs: replace XFS_FORCED_SHUTDOWN with xfs_is_shutdown 2021-08-19 10:07:13 -07:00
xfs_bio_io.c xfs: drop async cache flushes from CIL commits. 2022-07-21 21:24:15 +02:00
xfs_bmap_item.c xfs: fix potential log item leak 2023-02-22 12:57:03 +01:00
xfs_bmap_item.h
xfs_bmap_util.c xfs: set prealloc flag in xfs_alloc_file_space() 2023-03-17 08:49:00 +01:00
xfs_bmap_util.h
xfs_buf_item_recover.c xfs: convert buf_cancel_table allocation to kmalloc_array 2023-11-28 16:56:25 +00:00
xfs_buf_item.c xfs: convert bp->b_bn references to xfs_buf_daddr() 2021-08-19 10:07:15 -07:00
xfs_buf_item.h
xfs_buf.c New code for 5.15: 2021-09-02 08:26:03 -07:00
xfs_buf.h xfs: rename buffer cache index variable b_bn 2021-08-19 10:07:15 -07:00
xfs_dir2_readdir.c xfs: replace XFS_FORCED_SHUTDOWN with xfs_is_shutdown 2021-08-19 10:07:13 -07:00
xfs_discard.c xfs: convert mount flags to features 2021-08-19 10:07:12 -07:00
xfs_discard.h
xfs_dquot_item_recover.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_dquot_item.c
xfs_dquot_item.h
xfs_dquot.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_dquot.h
xfs_error.c xfs: fix memory leak in xfs_errortag_init 2023-11-28 16:56:26 +00:00
xfs_error.h xfs: add trace point for fs shutdown 2021-08-18 18:46:00 -07:00
xfs_export.c xfs: convert remaining mount flags to state flags 2021-08-19 10:07:13 -07:00
xfs_export.h
xfs_extent_busy.c
xfs_extent_busy.h
xfs_extfree_item.c xfs: use kmem_cache_free() for kmem_cache objects 2022-07-02 16:41:12 +02:00
xfs_extfree_item.h
xfs_file.c xfs: set prealloc flag in xfs_alloc_file_space() 2023-03-17 08:49:00 +01:00
xfs_filestream.c xfs: fix soft lockup via spinning in filestream ag selection loop 2022-08-25 11:40:48 +02:00
xfs_filestream.h xfs: convert mount flags to features 2021-08-19 10:07:12 -07:00
xfs_fsmap.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_fsmap.h
xfs_fsops.c xfs: fix overfilling of reserve pool 2022-08-25 11:40:48 +02:00
xfs_fsops.h
xfs_globals.c
xfs_health.c xfs: replace XFS_FORCED_SHUTDOWN with xfs_is_shutdown 2021-08-19 10:07:13 -07:00
xfs_icache.c xfs: fix xfs_inodegc_stop racing with mod_delayed_work 2023-10-06 13:18:10 +02:00
xfs_icache.h xfs: introduce xfs_inodegc_push() 2023-10-06 13:18:09 +02:00
xfs_icreate_item.c xfs: fix potential log item leak 2023-02-22 12:57:03 +01:00
xfs_icreate_item.h
xfs_inode_item_recover.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_inode_item.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_inode_item.h
xfs_inode.c xfs: use invalidate_lock to check the state of mmap_lock 2023-11-28 16:56:25 +00:00
xfs_inode.h New code for 5.15: 2021-09-02 08:26:03 -07:00
xfs_ioctl32.c xfs: convert xfs_fs_geometry to use mount feature checks 2021-08-19 10:07:13 -07:00
xfs_ioctl32.h
xfs_ioctl.c xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* 2022-08-25 11:40:48 +02:00
xfs_ioctl.h xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() 2022-07-29 17:25:09 +02:00
xfs_iomap.c xfs: only set IOMAP_F_SHARED when providing a srcmap to a write 2021-08-23 17:32:51 -07:00
xfs_iomap.h
xfs_iops.c xfs: don't expose internal symlink metadata buffers to the vfs 2023-10-25 11:58:54 +02:00
xfs_iops.h xfs: remove xfs_setattr_time() declaration 2023-03-17 08:49:04 +01:00
xfs_itable.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_itable.h
xfs_iwalk.c
xfs_iwalk.h
xfs_linux.h xfs: drop async cache flushes from CIL commits. 2022-07-21 21:24:15 +02:00
xfs_log_cil.c xfs: drop async cache flushes from CIL commits. 2022-07-21 21:24:15 +02:00
xfs_log_priv.h xfs: refactor buffer cancellation table allocation 2023-11-28 16:56:25 +00:00
xfs_log_recover.c xfs: fix log recovery buffer allocation for the legacy h_size fixup 2024-08-19 05:45:49 +02:00
xfs_log.c xfs: prevent a UAF when log IO errors race with unmount 2023-11-28 16:56:25 +00:00
xfs_log.h xfs: AIL needs asynchronous CIL forcing 2021-08-16 12:09:30 -07:00
xfs_message.c
xfs_message.h
xfs_mount.c xfs: don't include bnobt blocks when reserving free block pool 2022-07-21 21:24:15 +02:00
xfs_mount.h xfs: check that per-cpu inodegc workers actually run on that cpu 2023-10-06 13:18:10 +02:00
xfs_mru_cache.c
xfs_mru_cache.h
xfs_ondisk.h
xfs_pnfs.c xfs: remove XFS_PREALLOC_SYNC 2023-03-17 08:48:59 +01:00
xfs_pnfs.h
xfs_pwork.c
xfs_pwork.h
xfs_qm_bhv.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_qm_syscalls.c xfs: introduce xfs_inodegc_push() 2023-10-06 13:18:09 +02:00
xfs_qm.c xfs: fix intermittent hang during quotacheck 2023-11-28 16:56:26 +00:00
xfs_qm.h
xfs_quota.h
xfs_quotaops.c
xfs_refcount_item.c xfs: fix potential log item leak 2023-02-22 12:57:03 +01:00
xfs_refcount_item.h
xfs_reflink.c xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork 2023-11-28 16:56:26 +00:00
xfs_reflink.h xfs: convert xfs_sb_version_has checks to use mount features 2021-08-19 10:07:14 -07:00
xfs_rmap_item.c xfs: fix potential log item leak 2023-02-22 12:57:03 +01:00
xfs_rmap_item.h
xfs_rtalloc.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_rtalloc.h xfs: make the record pointer passed to query_range functions const 2021-08-18 18:46:01 -07:00
xfs_stats.c
xfs_stats.h
xfs_super.c xfs: read only mounts with fsopen mount API are busted 2024-02-23 08:54:32 +01:00
xfs_super.h
xfs_symlink.c xfs: don't expose internal symlink metadata buffers to the vfs 2023-10-25 11:58:54 +02:00
xfs_symlink.h
xfs_sysctl.c
xfs_sysctl.h
xfs_sysfs.c xfs: AIL needs asynchronous CIL forcing 2021-08-16 12:09:30 -07:00
xfs_sysfs.h xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() 2023-11-28 16:56:26 +00:00
xfs_trace.c xfs: add trace point for fs shutdown 2021-08-18 18:46:00 -07:00
xfs_trace.h xfs: introduce xfs_inodegc_push() 2023-10-06 13:18:09 +02:00
xfs_trans_ail.c xfs: replace XFS_FORCED_SHUTDOWN with xfs_is_shutdown 2021-08-19 10:07:13 -07:00
xfs_trans_buf.c xfs: introduce xfs_buf_daddr() 2021-08-19 10:07:14 -07:00
xfs_trans_dquot.c xfs: revert "xfs: actually bump warning counts when we send warnings" 2022-08-25 11:40:48 +02:00
xfs_trans_priv.h
xfs_trans.c xfs: reserve quota for dir expansion when linking/unlinking files 2022-08-25 11:40:47 +02:00
xfs_trans.h xfs: reserve quota for dir expansion when linking/unlinking files 2022-08-25 11:40:47 +02:00
xfs_xattr.c
xfs.h