From: Dave Chinner <david@fromorbit.com>
To: "Darrick J. Wong" <darrick.wong@oracle.com>
Cc: xfs@oss.sgi.com
Subject: Re: [PATCH 06/11] xfs_repair: check v5 filesystem attr block header sanity
Date: Wed, 26 Aug 2015 11:15:20 +1000 [thread overview]
Message-ID: <20150826011520.GU714@dastard> (raw)
In-Reply-To: <20150826005911.GA23656@birch.djwong.org>
On Tue, Aug 25, 2015 at 05:59:11PM -0700, Darrick J. Wong wrote:
> On Wed, Aug 26, 2015 at 10:45:02AM +1000, Dave Chinner wrote:
> > On Tue, Aug 25, 2015 at 05:32:59PM -0700, Darrick J. Wong wrote:
> > > Check the v5 fields (uuid, blocknr, owner) of attribute blocks for
> > > obvious errors while scanning xattr blocks. If the ownership info
> > > is incorrect, kill the block.
> > >
> > > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> >
> > Why hasn't the buffer verifier done this validation?
>
> Maybe I'm confused here, so here's what I think is going on:
>
> AFAICT most of the verifiers do things like this:
>
> if (crcs_enabled && cksum_verification fails) {
> xfs_buf_ioerror(bp, -EFSBADCRC);
> } else if (header_is_insane) {
> xfs_buf_ioerror(bp, -EFSCORRUPTED);
> }
>
> The fuzzer corrupts the UUID without updating the CRC. The verifier first
> checks the CRC and it doesn't match, so it sets b_error to -EFSBADCRC and
> doesn't get to the header check.
Ok, that explains it - I didn't consider that case. This would seem
like a general problem for repair when CRC errors are detected? i.e.
we set the repair flag without doing the remaining verifier validity
checks?
As it is, I don't really like duplicating the verifier checks in
repair. ISTR I recently suggested that we need to factor all the
common verifier checks (magic, owner, uuid, blockno) into a single
function that all verifiers called to remove all the code
duplication. If we do this, then repair can also call the function
to verify headers after a CRC failure to determine if repair is
possible....
This is a bit more work, so I'll probably take this specific patch
for 4.2.0, but I'd like to see this all factored out so we aren't
duplicating code unnecessarily.
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2015-08-26 1:15 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-26 0:32 [PATCH v3 00/11] xfsprogs fuzzing fixes Darrick J. Wong
2015-08-26 0:32 ` [PATCH 01/11] xfs_repair: set args.geo in dir2_kill_block Darrick J. Wong
2015-08-26 0:32 ` [PATCH 02/11] libxfs: verifier should set buffer error when da block has a bad magic number Darrick J. Wong
2015-08-26 0:32 ` [PATCH 03/11] libxfs: fix XFS_WANT_CORRUPTED_* macros to return negative error codes Darrick J. Wong
2015-08-26 0:32 ` [PATCH 04/11] libxfs: clear buffer state flags in libxfs_getbuf and variants Darrick J. Wong
2015-08-26 1:02 ` Dave Chinner
2015-08-26 4:05 ` Darrick J. Wong
2015-08-26 5:23 ` [PATCH v2 " Darrick J. Wong
2015-08-26 0:32 ` [PATCH 05/11] xfs_repair: ignore "repaired" flag after we decide to clear xattr block Darrick J. Wong
2015-08-26 0:32 ` [PATCH 06/11] xfs_repair: check v5 filesystem attr block header sanity Darrick J. Wong
2015-08-26 0:45 ` Dave Chinner
2015-08-26 0:59 ` Darrick J. Wong
2015-08-26 1:15 ` Dave Chinner [this message]
2015-08-26 4:50 ` Darrick J. Wong
2015-08-26 6:20 ` Dave Chinner
2015-08-26 0:33 ` [PATCH 07/11] xfs_repair: force not-so-bad bmbt blocks back through the verifier Darrick J. Wong
2015-08-26 0:54 ` Dave Chinner
2015-08-26 3:59 ` Darrick J. Wong
2015-08-26 5:24 ` [PATCH v2 " Darrick J. Wong
2015-08-26 0:33 ` [PATCH 08/11] xfs_io: support reflinking and deduping file ranges Darrick J. Wong
2015-09-22 2:17 ` Dave Chinner
2015-09-28 17:03 ` Darrick J. Wong
2015-08-26 0:33 ` [PATCH 09/11] xfs_db: enable blocktrash for checksummed filesystems Darrick J. Wong
2015-08-26 0:33 ` [PATCH 10/11] xfs_db: trash the block at the top of the cursor stack Darrick J. Wong
2015-08-26 0:33 ` [PATCH 11/11] xfs_db: enable blockget for v5 filesystems Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150826011520.GU714@dastard \
--to=david@fromorbit.com \
--cc=darrick.wong@oracle.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.