xfs: fix maxicount division by zero error

In xfs_ialloc_setup_geometry, it's possible for a malicious/corrupt fs image to set an unreasonably large value for sb_inopblog which will cause ialloc_blks to be zero. If sb_imax_pct is also set, this results in a division by zero error in the second do_div call. Therefore, force maxicount to zero if ialloc_blks is zero. Note that the kernel metadata verifiers will catch the garbage inopblog value and abort the fs mount long before it tries to set up the inode geometry; this is needed to avoid a crash in xfs_db while setting up the xfs_mount structure. Found by fuzzing sb_inopblog to 122 in xfs/350. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
author: Darrick J. Wong <darrick.wong@oracle.com> 2019-08-26 09:31:57 -0700
committer: Darrick J. Wong <darrick.wong@oracle.com> 2019-08-26 13:54:37 -0700
commit: 91bd0c5260a8693dff66d7ab81f59cfba807fbc3 (patch)
tree: be2e383f0bd9ac7bb142123dacfccac3ebab5aeb
parent: 136ef5ea9211130f043948e2f158fd976b0fbd24 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/xfs/libxfs/xfs_ialloc.c b/fs/xfs/libxfs/xfs_ialloc.c
index 04377ab75863..aa190a502326 100644
--- a/fs/xfs/libxfs/xfs_ialloc.c
+++ b/fs/xfs/libxfs/xfs_ialloc.c
@@ -2788,7 +2788,7 @@ xfs_ialloc_setup_geometry(
 			inodes);
 
 	/* Set the maximum inode count for this filesystem. */
-	if (sbp->sb_imax_pct) {
+	if (sbp->sb_imax_pct && igeo->ialloc_blks) {
 		/*
 		 * Make sure the maximum inode count is a multiple
 		 * of the units we allocate inodes in.
author	Darrick J. Wong <darrick.wong@oracle.com>	2019-08-26 09:31:57 -0700
committer	Darrick J. Wong <darrick.wong@oracle.com>	2019-08-26 13:54:37 -0700
commit	91bd0c5260a8693dff66d7ab81f59cfba807fbc3 (patch)
tree	be2e383f0bd9ac7bb142123dacfccac3ebab5aeb
parent	136ef5ea9211130f043948e2f158fd976b0fbd24 (diff)