xfs: shut the file system down on corrupted used counter

If a free is trying to free more blocks than the used counter the file
system is clearly corrupted so shut it down.  Keep the debug only assert
to follow the (good?) old XFS tradition of panicing on corruption for
debug builds.

Signed-off-by: Christoph Hellwig <hch@lst.de>

diff --git a/fs/xfs/xfs_zone_alloc.c b/fs/xfs/xfs_zone_alloc.c
index 75b56cd498f9f0b05bdce1413d99331882c38e9b..27a36a1deb0ef59c97a39524fb0d3d9caaa12bc8 100644 (file)
--- a/fs/xfs/xfs_zone_alloc.c
+++ b/fs/xfs/xfs_zone_alloc.c
@@ -177,7 +177,14 @@ xfs_zone_free_blocks(
        uint64_t                *used = xfs_zone_used_counter(rtg);
 
        xfs_assert_ilocked(rtg->rtg_inodes[XFS_RTGI_RMAP], XFS_ILOCK_EXCL);
-       ASSERT(len <= *used);
+       if (len > *used) {
+               xfs_err(mp,
+"trying to free more blocks (%lld) than used counter (%lld).",
+                       len, *used);
+               ASSERT(len <= *used);
+               xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
+               return -EFSCORRUPTED;
+       }
 
        trace_xfs_zone_free_blocks(rtg, xfs_rtb_to_rgbno(mp, fsbno), len);