diff options
| author | Brian Foster <bfoster@redhat.com> | 2020-04-02 08:18:57 -0700 |
|---|---|---|
| committer | Darrick J. Wong <darrick.wong@oracle.com> | 2020-04-02 08:19:25 -0700 |
| commit | d9fdd0adf932c8d615cfe52bbc689c373a95377f (patch) | |
| tree | df9d4d4fdfaa06a14a738d522a75b69d1e415865 /fs/xfs | |
| parent | d8fcb6f1346c36316ccb20f887081299a61bbcc8 (diff) | |
xfs: fix inode number overflow in ifree cluster helper
Qian Cai reports seemingly random buffer read verifier errors during
filesystem writeback. This was isolated to a recent patch that
factored out some inode cluster freeing code and happened to cast an
unsigned inode number type to a signed value. If the inode number
value overflows, we can skip marking in-core inodes associated with
the underlying buffer stale at the time the physical inodes are
freed. If such an inode happens to be dirty, xfsaild will eventually
attempt to write it back over non-inode blocks. The invalidation of
the underlying inode buffer causes writeback to read the buffer from
disk. This fails the read verifier (preventing eventual corruption)
if the buffer no longer looks like an inode cluster. Analysis by
Dave Chinner.
Fix up the helper to use the proper type for inode number values.
Fixes: 5806165a6663 ("xfs: factor inode lookup from xfs_ifree_cluster")
Reported-by: Qian Cai <cai@lca.pw>
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Diffstat (limited to 'fs/xfs')
| -rw-r--r-- | fs/xfs/xfs_inode.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 0cac0d37e3ae..ae86c870da92 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -2511,7 +2511,7 @@ static struct xfs_inode * xfs_ifree_get_one_inode( struct xfs_perag *pag, struct xfs_inode *free_ip, - int inum) + xfs_ino_t inum) { struct xfs_mount *mp = pag->pag_mount; struct xfs_inode *ip; |