xfs: forbid AG btrees with level == 0

There is no such thing as a zero-level AG btree since even a single-node zero-records btree has one level. Btree cursor constructors read cur_nlevels straight from disk and then access things like cur_bufs[cur_nlevels - 1] which is /really/ bad if cur_nlevels is zero! Therefore, strengthen the verifiers to prevent this possibility. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Dave Chinner <david@fromorbit.com>
author: Darrick J. Wong <darrick.wong@oracle.com> 2016-12-05 12:32:50 +1100
committer: Dave Chinner <david@fromorbit.com> 2016-12-05 12:32:50 +1100
commit: d2a047f31e86941fa896e0e3271536d50aba415e (patch)
tree: 0ff8117d63fcf7b839a3facd7f2ca307efdb60c0 /fs/xfs/libxfs/xfs_ialloc.c
parent: f7a136aee3c1c3f7daf87197b3b3c361744a2812 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/fs/xfs/libxfs/xfs_ialloc.c b/fs/xfs/libxfs/xfs_ialloc.c
index c482b9716347..d45c03779dae 100644
--- a/fs/xfs/libxfs/xfs_ialloc.c
+++ b/fs/xfs/libxfs/xfs_ialloc.c
@@ -2510,8 +2510,15 @@ xfs_agi_verify(
 	if (!XFS_AGI_GOOD_VERSION(be32_to_cpu(agi->agi_versionnum)))
 		return false;
 
-	if (be32_to_cpu(agi->agi_level) > XFS_BTREE_MAXLEVELS)
+	if (be32_to_cpu(agi->agi_level) < 1 ||
+	    be32_to_cpu(agi->agi_level) > XFS_BTREE_MAXLEVELS)
 		return false;
+
+	if (xfs_sb_version_hasfinobt(&mp->m_sb) &&
+	    (be32_to_cpu(agi->agi_free_level) < 1 ||
+	     be32_to_cpu(agi->agi_free_level) > XFS_BTREE_MAXLEVELS))
+		return false;
+
 	/*
 	 * during growfs operations, the perag is not fully initialised,
 	 * so we can't use it for any useful checking. growfs ensures we can't
author	Darrick J. Wong <darrick.wong@oracle.com>	2016-12-05 12:32:50 +1100
committer	Dave Chinner <david@fromorbit.com>	2016-12-05 12:32:50 +1100
commit	d2a047f31e86941fa896e0e3271536d50aba415e (patch)
tree	0ff8117d63fcf7b839a3facd7f2ca307efdb60c0 /fs/xfs/libxfs/xfs_ialloc.c
parent	f7a136aee3c1c3f7daf87197b3b3c361744a2812 (diff)