From: Theodore Tso <tytso@mit.edu>
To: Nageswara R Sastry <rnsastry@linux.vnet.ibm.com>
Cc: linux-ext4 <linux-ext4@vger.kernel.org>,
Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>,
sachin p sant <sachinp@linux.vnet.ibm.com>,
Ramon <rcvalle@linux.vnet.ibm.com>,
aneesh.kumar@in.ibm.com
Subject: Re: [OOPs] ext4: fixpoint divide exception at ext4_fill_super+0x141c/0x2908
Date: Fri, 6 Nov 2009 14:48:50 -0500 [thread overview]
Message-ID: <20091106194850.GE26342@mit.edu> (raw)
In-Reply-To: <4AF1877C.7010606@linux.vnet.ibm.com>
On Wed, Nov 04, 2009 at 07:24:04PM +0530, Nageswara R Sastry wrote:
> Seems to be I have a little format related issue with the patch. So
> resending it. Please accept my apologies.
> Sachin thanks for letting me know.
>
>> > ------------[ cut here ]------------
>> > Kernel BUG at 000003e00429d934 [verbose debug info unavailable]
>> > fixpoint divide exception: 0009 [#1] SMP
>>
>> Please find the patch which solves the following 'fixpoint divide
>> exception'. I tested the same and not seeing any KERNEL BUG/exception.
Nageswara,
Thanks for sending this patch. The problem with it is that it leaves
sbi->s_log_groups_per_flex non-zero, but it leaves sbi->s_flex_groups
unallocated. This should lead to number of kernel oops caused by a
null pointer dereference if there is any attempt to allocate blocks or
inodes, or to resize the filesystem.
A better fix is would be:
ext4: Avoid divide by zero when trying to mount a corrupted file system
If s_log_groups_per_flex is greater than 31, then groups_per_flex will
will overflow and cause a divide by zero error. This can cause kernel
BUG if such a file system is mounted.
Thanks to Nageswara R Sastry for analyzing the failure and providing
an initial patch.
http://bugzilla.kernel.org/show_bug.cgi?id=14287
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index d4ca92a..8662b2e 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1673,14 +1673,14 @@ static int ext4_fill_flex_info(struct super_block *sb)
size_t size;
int i;
- if (!sbi->s_es->s_log_groups_per_flex) {
+ sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex;
+ groups_per_flex = 1 << sbi->s_log_groups_per_flex;
+
+ if (groups_per_flex < 2) {
sbi->s_log_groups_per_flex = 0;
return 1;
}
- sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex;
- groups_per_flex = 1 << sbi->s_log_groups_per_flex;
prev parent reply other threads:[~2009-11-06 19:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-25 5:39 [OOPs] ext4: fixpoint divide exception at ext4_fill_super+0x141c/0x2908 Nageswara R Sastry
2009-11-04 12:40 ` Nageswara R Sastry
2009-11-04 13:54 ` Nageswara R Sastry
2009-11-06 19:48 ` Theodore Tso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091106194850.GE26342@mit.edu \
--to=tytso@mit.edu \
--cc=aneesh.kumar@in.ibm.com \
--cc=kamalesh@linux.vnet.ibm.com \
--cc=linux-ext4@vger.kernel.org \
--cc=rcvalle@linux.vnet.ibm.com \
--cc=rnsastry@linux.vnet.ibm.com \
--cc=sachinp@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.