[XFS] prevent panic during log recovery due to bogus op_hdr length

A problem was reported where a system panicked in log recovery due to a
corrupt log record. The cause of the corruption is not known but this
change will at least prevent a crash for this specific scenario. Log
recovery definitely needs some more work in this area.

SGI-PV: 974151
SGI-Modid: xfs-linux-melb:xfs-kern:30318a

Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>

diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
index 07167296942119f9e7dfccf7b5bd1c16ee6200c5..b82d5d4d2462898e4d1d383ddd6456262104516e 100644 (file)
--- a/fs/xfs/xfs_log_recover.c
+++ b/fs/xfs/xfs_log_recover.c
@@ -2912,7 +2912,12 @@ xlog_recover_process_data(
                                xlog_recover_new_tid(&rhash[hash], tid,
                                        be64_to_cpu(rhead->h_lsn));
                } else {
-                       ASSERT(dp + be32_to_cpu(ohead->oh_len) <= lp);
+                       if (dp + be32_to_cpu(ohead->oh_len) > lp) {
+                               xlog_warn(
+                       "XFS: xlog_recover_process_data: bad length");
+                               WARN_ON(1);
+                               return (XFS_ERROR(EIO));
+                       }
                        flags = ohead->oh_flags & ~XLOG_END_TRANS;
                        if (flags & XLOG_WAS_CONT_TRANS)
                                flags &= ~XLOG_CONTINUE_TRANS;