git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Christoph Hellwig <hch@lst.de>
	Tue, 30 Apr 2024 04:07:55 +0000 (06:07 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 19 Aug 2024 03:45:49 +0000 (05:45 +0200)
commit	f754591b17d0ee91c2b45fe9509d0cdc420527cb
tree	6e46a20d0af929eeaa1ce9de96bcee3eb216c919	tree \| snapshot
parent	4e17707035a65f6e5b2a4d987a308cf8ed8c5ad1	commit \| diff

xfs: fix log recovery buffer allocation for the legacy h_size fixup

commit 45cf976008ddef4a9c9a30310c9b4fb2a9a6602a upstream.

Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by
mkfs") added a fixup for incorrect h_size values used for the initial
umount record in old xfsprogs versions. Later commit 0c771b99d6c9
("xfs: clean up calculation of LR header blocks") cleaned up the log
reover buffer calculation, but stoped using the fixed up h_size value
to size the log recovery buffer, which can lead to an out of bounds
access when the incorrect h_size does not come from the old mkfs
tool, but a fuzzer.

Fix this by open coding xlog_logrec_hblks and taking the fixed h_size
into account for this calculation.

Fixes: 0c771b99d6c9 ("xfs: clean up calculation of LR header blocks")
Reported-by: Sam Sun <samsun1006219@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Kevin Berry <kpberry@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>