git.ipfire.org Git - thirdparty/xfsprogs-dev.git/commit

author	Darrick J. Wong <djwong@kernel.org>
	Wed, 23 Nov 2022 17:09:28 +0000 (09:09 -0800)
committer	Carlos Maiolino <cem@kernel.org>
	Fri, 9 Dec 2022 09:18:19 +0000 (10:18 +0100)
commit	978c3087b6afa56986ac3e5a52131d73d28253ca
tree	d890b3b3dae4dd7ba053ffd4dcd7f9584e488e58	tree \| snapshot
parent	e9dea7effca637e4417822acae1063de624b0eff	commit \| diff

xfs_repair: don't crash on unknown inode parents in dry run mode

Fuzz testing of directory block headers exposed a debug assertion vector
in xfs_repair.  In normal (aka fixit) mode, if a single-block directory
has a totally trashed block, repair will zap the entire directory.
Phase 4 ignores any dirents pointing to the zapped directory, phase 6
ignores the freed directory, and everything is good.

However, in dry run mode, we don't actually free the inode.  Phase 4
still ignores any dirents pointing to the zapped directory, but phase 6
thinks the inode is still live and tries to walk it.  xfs_repair doesn't
know of any parents for the zapped directory and so trips the assertion.

The assertion is critical for fixit mode because we need all the parent
information to ensure consistency of the directory tree.  In dry run
mode we don't care, because we only have to print inconsistencies and
return 1.  Worse yet, (our) customers file bugs when xfs_repair crashes
during a -n scan, so this will generate support calls.

Make everyone's life easier by downgrading the assertion to a warning if
we're running in dry run mode.

Found by fuzzing bhdr.hdr.bno = zeroes in xfs/471.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com>
Signed-off-by: Carlos Maiolino <cem@kernel.org>