• D
    xfs: growfs overruns AGFL buffer on V4 filesystems · b7d961b3
    Dave Chinner 提交于
    This loop in xfs_growfs_data_private() is incorrect for V4
    superblocks filesystems:
    
    		for (bucket = 0; bucket < XFS_AGFL_SIZE(mp); bucket++)
    			agfl->agfl_bno[bucket] = cpu_to_be32(NULLAGBLOCK);
    
    For V4 filesystems, we don't have a agfl header structure, and so
    XFS_AGFL_SIZE() returns an entire sector's worth of entries, which
    we then index from an offset into the sector. Hence: buffer overrun.
    
    This problem was introduced in 3.10 by commit 77c95bba ("xfs: add
    CRC checks to the AGFL") which changed the AGFL structure but failed
    to update the growfs code to handle the different structures.
    
    Fix it by using the correct offset into the buffer for both V4 and
    V5 filesystems.
    
    Cc: <stable@vger.kernel.org>
    Signed-off-by: NDave Chinner <dchinner@redhat.com>
    Reviewed-by: NJie Liu <jeff.liu@oracle.com>
    Signed-off-by: NBen Myers <bpm@sgi.com>
    b7d961b3
xfs_fsops.c 22.6 KB