From: "yebin (H)" <yebin10@huawei.com>
To: Theodore Ts'o <tytso@mit.edu>, Ye Bin <yebin@huaweicloud.com>
Cc: <adilger.kernel@dilger.ca>, <linux-ext4@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <jack@suse.cz>,
<syzbot+4d99a966fd74bdeeec36@syzkaller.appspotmail.com>
Subject: Re: [PATCH v2] ext4: fix WARNING in ext4_expand_extra_isize_ea
Date: Fri, 2 Dec 2022 00:12:24 +0800 [thread overview]
Message-ID: <6388D268.7030601@huawei.com> (raw)
In-Reply-To: <Y4jPuoJsW5+t9UUn@mit.edu>
On 2022/12/2 0:00, Theodore Ts'o wrote:
> On Thu, Dec 01, 2022 at 10:59:23PM +0800, Ye Bin wrote:
>> Reason is allocate 16M memory by kmalloc, but MAX_ORDER is 11, kmalloc
>> can allocate maxium size memory is 4M.
>> XATTR_SIZE_MAX is currently 64k, but EXT4_XATTR_SIZE_MAX is '(1 << 24)',
>> so 'ext4_xattr_check_entries()' regards this length as legal. Then trigger
>> warning in 'ext4_xattr_move_to_block()'.
>> To solve above issue, according to Jan Kara's suggestion use kvmalloc()
>> to allocate memory in ext4_xattr_move_to_block().
> See my comment to the v1 version of the patch. I suspect the real
> problem is that the e_value_size is completely bogus, and we should
> have checked it much earlier in the stack call trace, via a call to
> xattr_check_inode().
Yes, Not only the e_value_size is wrong, but also the inode is wrong:
EXT4-fs: Ignoring removed nobh option
EXT4-fs error (device loop0): ext4_xattr_inode_iget:389: comm rep: inode
#1: comm rep: iget: illegal inode #
EXT4-fs error (device loop0): ext4_xattr_inode_iget:392: comm rep: error
while reading EA inode 1 err=-117
EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2788: Unable
to expand inode 15. Delete some EAs or run e2fsck.
Maybe we can do follow check in ext4_xattr_check_entries() when
"entry->e_value_inum != 0".
···
err = ext4_xattr_inode_iget(inode, le32_to_cpu(entry->e_value_inum),
le32_to_cpu(entry->e_hash), &ea_inode);
if (err) {
ea_inode = NULL;
goto out;
}
if (i_size_read(ea_inode) != size) {
ext4_warning_inode(ea_inode,
"ea_inode file size=%llu entry size=%zu",
i_size_read(ea_inode), size);
err = -EFSCORRUPTED;
goto out;
}
···
>
> Cheers,
>
> - Ted
>
> .
>
prev parent reply other threads:[~2022-12-01 16:12 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-01 14:59 [PATCH v2] ext4: fix WARNING in ext4_expand_extra_isize_ea Ye Bin
2022-12-01 15:33 ` Jan Kara
2022-12-01 16:00 ` Theodore Ts'o
2022-12-01 16:12 ` yebin (H) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6388D268.7030601@huawei.com \
--to=yebin10@huawei.com \
--cc=adilger.kernel@dilger.ca \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+4d99a966fd74bdeeec36@syzkaller.appspotmail.com \
--cc=tytso@mit.edu \
--cc=yebin@huaweicloud.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.