From: Theodore Tso <tytso@mit.edu>
To: Kalpak Shah <kalpak@clusterfs.com>
Cc: linux-ext4 <linux-ext4@vger.kernel.org>,
Andreas Dilger <adilger@clusterfs.com>
Subject: Re: [e2fsprogs] Bug in salvage_directory
Date: Mon, 9 Jul 2007 14:29:23 -0400 [thread overview]
Message-ID: <20070709182923.GB2343@thunk.org> (raw)
In-Reply-To: <1184003549.4347.6.camel@garfield>
On Mon, Jul 09, 2007 at 11:22:05PM +0530, Kalpak Shah wrote:
> On Mon, 2007-07-09 at 12:50 -0400, Theodore Tso wrote:
> > On Mon, Jul 09, 2007 at 03:02:02PM +0530, Kalpak Shah wrote:
> > > Hi Ted,
> > >
> > > Recently, one of our customers found this message in pass2 of e2fsck while doing some regression testing:
> > > "Entry '4, 0x695a, 0x81ff, 0x0040, 0x8320, 0xa192, 0x0021' in ??? (136554) has
> > > rec_len of 14200, should be 26908."
> > >
> > > Both the displayed rec_len and the "should be" value are bogus. The
> > > reason is that salvage_directory sets a offset beyond blocksize
> > > leading to bogus messages.
> >
> > Do you have a test case where this happens? I don't think your patch
> > is right, because if dirent->rec_len is too big, this yes, your patch
> > will make sure offset doesn't get set beyond fs->blocksize, but it
> > ends up leaving prev->rec_len also pointing beyond fs->blocksize ---
> > which means a 2nd e2fsck should result in a complaint about that.
>
> Yes even prev->rec_len cannot be beyond fs->blocksize.
Really? Even after this:
prev->rec_len += dirent->rec_len;
^^^^^^^^^^^^^^^^^^^
... when *offset + dirent->rec_len > fs->blocksize? If the else part
of your conditional triggers, then dirent->rec_len is too big; it
could potentially be huge. So just blindly adding that invalid value
to prev->rec_len can't be right.
> I do have the corrupt filesystem image but it is a large one.
Can you use debugfs's "dump" command to dump out the contents of the
directory in question? i.e.:
<tytso.root@candygram> {/usr/projects/ext4-patch-queue}, level 2 [master]
504# debugfs /dev/sda2
debugfs 1.40.1 (08-Jul-2007)
debugfs: dump /home/tytso/isync/mit/new /tmp/new-dir.img
debugfs: q
<tytso.root@candygram> {/usr/projects/ext4-patch-queue}, level 2 [master]
505# ls -l /tmp/new-dir.img
408 -rw-r--r-- 1 root root 409600 2007-07-09 14:28 /tmp/new-dir.img
- Ted
next prev parent reply other threads:[~2007-07-09 18:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-09 9:32 [e2fsprogs] Bug in salvage_directory Kalpak Shah
2007-07-09 16:50 ` Theodore Tso
2007-07-09 17:52 ` Kalpak Shah
2007-07-09 18:29 ` Theodore Tso [this message]
2007-07-09 19:17 ` Andreas Dilger
2007-07-09 20:20 ` Theodore Tso
[not found] ` <20070709230234.GE2343@thunk.org>
2007-07-10 6:47 ` Kalpak Shah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070709182923.GB2343@thunk.org \
--to=tytso@mit.edu \
--cc=adilger@clusterfs.com \
--cc=kalpak@clusterfs.com \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.