@@ -816,6 +816,12 @@ xfs_mountfs(
if (error)
goto out_log_dealloc;
+ if (sbp->sb_fdblocks < mp->m_alloc_set_aside) {
+ xfs_alert(mp, "Corruption detected. Please run xfs_repair.");
+ error = -EFSCORRUPTED;
+ goto out_log_dealloc;
+ }
+
/*
* Get and sanity-check the root inode.
* Save the pointer to it in the mount structure.
@@ -755,7 +755,8 @@ xfs_fs_statfs(
statp->f_blocks = sbp->sb_dblocks - lsize;
spin_unlock(&mp->m_sb_lock);
- statp->f_bfree = fdblocks - mp->m_alloc_set_aside;
+ /* make sure statp->f_bfree does not underflow */
+ statp->f_bfree = max_t(int64_t, fdblocks - mp->m_alloc_set_aside, 0);
statp->f_bavail = statp->f_bfree;
fakeinos = XFS_FSB_TO_INO(mp, statp->f_bfree);
If fdblocks < mp->m_alloc_set_aside, statp->f_bfree will overflow. When we df -h /mnt(xfs mount point), will show this: Filesystem Size Used Avail Use% Mounted on /dev/loop0 17M -64Z -32K 100% /mnt We can construct an img like this: dd if=/dev/zero of=xfs.img bs=1M count=20 mkfs.xfs -d agcount=1 xfs.img xfs_db -x xfs.img sb 0 write fdblocks 0 agf 0 write freeblks 0 write longest 0 quit Make sure statp->f_bfree does not underflow. PS: add fdblocks check in mount. Signed-off-by: Zheng Bin <zhengbin13@huawei.com> --- fs/xfs/xfs_mount.c | 6 ++++++ fs/xfs/xfs_super.c | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) -- 2.7.4