If agi->agi_level exceeds XFS_BTREE_MAXLEVELS (8), bad things happen. For example in xfs_inobt_init_cursor() we read it directly off disk into a btree cursor: xfs_inobt_init_cursor() cur->bc_nlevels = be32_to_cpu(agi->agi_level); and then when it's time to tear it down we'll index into bc_bufs[] buy whatever it said: xfs_btree_del_cursor() for (i = 0; i < cur->bc_nlevels; i++) { if (cur->bc_bufs[i]) xfs_trans_brelse(cur->bc_tp, cur->bc_bufs[i]); but bc_bufs[] in the xfs_btree_cur is of fixed size: struct xfs_buf *bc_bufs[XFS_BTREE_MAXLEVELS]; /* buf ptr per level */ where #define XFS_BTREE_MAXLEVELS 8 /* max of all btrees */ (which means this limits any btree depth, not just agi, right...) ... So I ran across this on an intentionally corrupted image, but I don't know what stops us from going past XFS_BTREE_MAXLEVELS in normal operations (unless we just hit filesystem limits before then?) i.e. xfs_btree_new_root() does: /* Set the root in the holding structure increasing the level by 1. */ cur->bc_ops->set_root(cur, &lptr, 1); and ->set_root / xfs_inobt_set_root() will happily increase agi_level; I don't see anything limiting it to XFS_BTREE_MAXLEVELS. I guess XFS_BTREE_MAXLEVELS is just an arbitrary in-memory limit, not a limit of the underlying disk structures, but as it stands, we should be sure that we don't exceed it, right? I was going to put that limit into xfs_agi_verify, but realized that I wasn't sure if we could actually exceed that depth in normal operations. (cue dchinner working out that 9 levels is 59 bazillion jillion items, and will never be hit?) Thanks, -Eric _______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs