xfs: dquot recovery does not validate the recovered dquot

commit 9c235dfc3d3f901fe22acb20f2ab37ff39f2ce02 upstream.

When we're recovering ondisk quota records from the log, we need to
validate the recovered buffer contents before writing them to disk.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/xfs/xfs_dquot_item_recover.c b/fs/xfs/xfs_dquot_item_recover.c
index db2cb5e..2c2720c 100644 (file)
--- a/fs/xfs/xfs_dquot_item_recover.c
+++ b/fs/xfs/xfs_dquot_item_recover.c
@@ -19,6 +19,7 @@
 #include "xfs_log.h"
 #include "xfs_log_priv.h"
 #include "xfs_log_recover.h"
+#include "xfs_error.h"
 
 STATIC void
 xlog_recover_dquot_ra_pass2(
@@ -152,6 +153,19 @@ xlog_recover_dquot_commit_pass2(
                                 XFS_DQUOT_CRC_OFF);
        }
 
+       /* Validate the recovered dquot. */
+       fa = xfs_dqblk_verify(log->l_mp, dqb, dq_f->qlf_id);
+       if (fa) {
+               XFS_CORRUPTION_ERROR("Bad dquot after recovery",
+                               XFS_ERRLEVEL_LOW, mp, dqb,
+                               sizeof(struct xfs_dqblk));
+               xfs_alert(mp,
+ "Metadata corruption detected at %pS, dquot 0x%x",
+                               fa, dq_f->qlf_id);
+               error = -EFSCORRUPTED;
+               goto out_release;
+       }
+
        ASSERT(dq_f->qlf_size == 2);
        ASSERT(bp->b_mount == mp);
        bp->b_flags |= _XBF_LOGRECOVERY;