From patchwork Mon Oct 23 14:46:46 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brian Foster X-Patchwork-Id: 10022635 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5D5E1603D7 for ; Mon, 23 Oct 2017 14:46:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4CD2E26E16 for ; Mon, 23 Oct 2017 14:46:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3C010283C8; Mon, 23 Oct 2017 14:46:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3CE0327D16 for ; Mon, 23 Oct 2017 14:46:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932274AbdJWOqw (ORCPT ); Mon, 23 Oct 2017 10:46:52 -0400 Received: from mx1.redhat.com ([209.132.183.28]:54470 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751349AbdJWOqs (ORCPT ); Mon, 23 Oct 2017 10:46:48 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7D5B480B22 for ; Mon, 23 Oct 2017 14:46:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 7D5B480B22 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=bfoster@redhat.com Received: from bfoster.bfoster (dhcp-41-20.bos.redhat.com [10.18.41.20]) by smtp.corp.redhat.com (Postfix) with ESMTP id 60E955DA60 for ; Mon, 23 Oct 2017 14:46:48 +0000 (UTC) Received: by bfoster.bfoster (Postfix, from userid 1000) id 2B8C81238EB; Mon, 23 Oct 2017 10:46:47 -0400 (EDT) From: Brian Foster To: linux-xfs@vger.kernel.org Subject: [PATCH RFC 4/4] xfs: enforce a maximum total iclog buffer size Date: Mon, 23 Oct 2017 10:46:46 -0400 Message-Id: <20171023144646.50107-5-bfoster@redhat.com> In-Reply-To: <20171023144646.50107-1-bfoster@redhat.com> References: <20171023144646.50107-1-bfoster@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 23 Oct 2017 14:46:48 +0000 (UTC) Sender: linux-xfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Since mkfs has historically had an issue creating a very small filesystems with a log smaller than the minimum log size, add an extra layer of runtime protection around the log buffer count and size parameters. Restrict the total log buffer size to 1/2 of the physical log size, otherwise fail the mount. The default log buffer count and size is 8 and 32k, respectively. This total size of 256k results in a minimum log size requirement of 512k, which is well outside even the smallest logs created by broken formats. Therefore, this change should only affect users who explicitly attempt to use larger log buffer counts/sizes with such filesystems. Signed-off-by: Brian Foster --- fs/xfs/xfs_log.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c index e282fd8..5966cab 100644 --- a/fs/xfs/xfs_log.c +++ b/fs/xfs/xfs_log.c @@ -1453,6 +1453,14 @@ xlog_alloc_log( xlog_get_iclog_buffer_size(mp, log); + error = -EINVAL; + if (log->l_iclog_bufs * log->l_iclog_size > (log->l_logsize >> 1)) { + xfs_warn(mp, + "total iclog buffer size (logbufs * logbsize) cannot exceed %d bytes", + (log->l_logsize >> 1)); + goto out_free_log; + } + /* * Use a NULL block for the extra log buffer used during splits so that * it will trigger errors if we ever try to do IO on it without first