From: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
If we encounter a directory with an entry that points to inode zero,
we'll crash due to an ASSERT during process_inode_chunk. This is due to
process_dir2_data not arranging for phase 6 to fix the parent pointer
when '..' -> 0, so do that. Found via xfs/386 fuzzing bu[1].inumber to
zero.
Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
---
libxfs/libxfs_api_defs.h | 1 +
repair/dir2.c | 17 +++++++++++++++++
2 files changed, 18 insertions(+)
diff --git a/libxfs/libxfs_api_defs.h b/libxfs/libxfs_api_defs.h
index d588f342..56f9f8ca 100644
--- a/libxfs/libxfs_api_defs.h
+++ b/libxfs/libxfs_api_defs.h
@@ -78,6 +78,7 @@
#define xfs_bmbt_get_all libxfs_bmbt_get_all
#define xfs_rtfree_extent libxfs_rtfree_extent
#define xfs_verify_rtbno libxfs_verify_rtbno
+#define xfs_verify_ino libxfs_verify_ino
#define xfs_zero_extent libxfs_zero_extent
#define xfs_defer_init libxfs_defer_init
diff --git a/repair/dir2.c b/repair/dir2.c
index fbe88b50..f0371371 100644
--- a/repair/dir2.c
+++ b/repair/dir2.c
@@ -847,6 +847,23 @@ _("bad .. entry in root directory inode %" PRIu64 ", was %" PRIu64 ": "),
}
*parent = ino;
}
+ /*
+ * Make sure our parent pointer doesn't point
+ * off into space.
+ */
+ if (!junkit &&
+ *parent != NULLFSINO &&
+ !libxfs_verify_ino(mp, *parent)) {
+ do_warn(
+_("bad .. entry in directory inode %" PRIu64 ", was %" PRIu64 ": "),
+ ino, *parent);
+ if (!no_modify) {
+ do_warn(_("correcting\n"));
+ } else {
+ do_warn(_("would correct\n"));
+ }
+ *parent = NULLFSINO;
+ }
}
/*
* Can't fix the directory unless we know which ..
--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
