From: Theodore Ts'o <tytso@mit.edu>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] [REPORT] kernel BUG at fs/ext4/inode.c:2620 - page_buffers()
Date: Wed, 23 Feb 2022 22:50:09 -0500 [thread overview]
Message-ID: <YhcAcfY1pZTl3sId@mit.edu> (raw)
In-Reply-To: <20220224014842.GM59715@dread.disaster.area>
On Thu, Feb 24, 2022 at 12:48:42PM +1100, Dave Chinner wrote:
> > Fair enough; on the other hand, we could also view this as making ext4
> > more robust against buggy code in other subsystems, and while other
> > file systems may be losing user data if they are actually trying to do
> > remote memory access to file-backed memory, apparently other file
> > systems aren't noticing and so they're not crashing.
>
> Oh, we've noticed them, no question about that. We've got bug
> reports going back years for systems being crashed, triggering BUGs
> and/or corrupting data on both XFS and ext4 filesystems due to users
> trying to run RDMA applications with file backed pages.
Is this issue causing XFS to crash? I didn't know that.
I tried the Syzbot reproducer with XFS mounted, and it didn't trigger
any crashes. I'm sure data was getting corrupted, but I figured I
should bring ext4 to the XFS level of "at least we're not reliably
killing the kernel".
On ext4, an unprivileged process can use process_vm_writev(2) to crash
the system. I don't know how quickly we can get a fix into mm/gup.c,
but if some other kernel path tries calling set_page_dirty() on a
file-backed page without first asking permission from the file system,
it seems to be nice if the file system doesn't BUG() --- as near as I
can tell, xfs isn't crashing in this case, but ext4 is.
- Ted
WARNING: multiple messages have this Message-ID (diff)
From: "Theodore Ts'o" <tytso@mit.edu>
To: Dave Chinner <david@fromorbit.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
John Hubbard <jhubbard@nvidia.com>,
Lee Jones <lee.jones@linaro.org>,
linux-ext4@vger.kernel.org, Christoph Hellwig <hch@lst.de>,
Dave Chinner <dchinner@redhat.com>,
Goldwyn Rodrigues <rgoldwyn@suse.com>,
"Darrick J . Wong" <darrick.wong@oracle.com>,
Bob Peterson <rpeterso@redhat.com>,
Damien Le Moal <damien.lemoal@wdc.com>,
Andreas Gruenbacher <agruenba@redhat.com>,
Ritesh Harjani <riteshh@linux.ibm.com>,
Johannes Thumshirn <jth@kernel.org>,
linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
cluster-devel@redhat.com, linux-kernel@vger.kernel.org
Subject: Re: [REPORT] kernel BUG at fs/ext4/inode.c:2620 - page_buffers()
Date: Wed, 23 Feb 2022 22:50:09 -0500 [thread overview]
Message-ID: <YhcAcfY1pZTl3sId@mit.edu> (raw)
In-Reply-To: <20220224014842.GM59715@dread.disaster.area>
On Thu, Feb 24, 2022 at 12:48:42PM +1100, Dave Chinner wrote:
> > Fair enough; on the other hand, we could also view this as making ext4
> > more robust against buggy code in other subsystems, and while other
> > file systems may be losing user data if they are actually trying to do
> > remote memory access to file-backed memory, apparently other file
> > systems aren't noticing and so they're not crashing.
>
> Oh, we've noticed them, no question about that. We've got bug
> reports going back years for systems being crashed, triggering BUGs
> and/or corrupting data on both XFS and ext4 filesystems due to users
> trying to run RDMA applications with file backed pages.
Is this issue causing XFS to crash? I didn't know that.
I tried the Syzbot reproducer with XFS mounted, and it didn't trigger
any crashes. I'm sure data was getting corrupted, but I figured I
should bring ext4 to the XFS level of "at least we're not reliably
killing the kernel".
On ext4, an unprivileged process can use process_vm_writev(2) to crash
the system. I don't know how quickly we can get a fix into mm/gup.c,
but if some other kernel path tries calling set_page_dirty() on a
file-backed page without first asking permission from the file system,
it seems to be nice if the file system doesn't BUG() --- as near as I
can tell, xfs isn't crashing in this case, but ext4 is.
- Ted
next prev parent reply other threads:[~2022-02-24 3:50 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-16 16:31 [Cluster-devel] [REPORT] kernel BUG at fs/ext4/inode.c:2620 - page_buffers() Lee Jones
2022-02-16 16:31 ` Lee Jones
2022-02-18 1:06 ` [Cluster-devel] " John Hubbard
2022-02-18 1:06 ` John Hubbard
2022-02-18 4:08 ` [Cluster-devel] " Theodore Ts'o
2022-02-18 4:08 ` Theodore Ts'o
2022-02-18 6:33 ` [Cluster-devel] " John Hubbard
2022-02-18 6:33 ` John Hubbard
2022-02-23 23:31 ` [Cluster-devel] " Theodore Ts'o
2022-02-23 23:31 ` Theodore Ts'o
2022-02-24 0:44 ` [Cluster-devel] " John Hubbard
2022-02-24 0:44 ` John Hubbard
2022-02-24 4:04 ` [Cluster-devel] " Theodore Ts'o
2022-02-24 4:04 ` Theodore Ts'o
2022-02-18 7:51 ` [Cluster-devel] " Greg Kroah-Hartman
2022-02-18 7:51 ` Greg Kroah-Hartman
2022-02-23 23:35 ` [Cluster-devel] " Theodore Ts'o
2022-02-23 23:35 ` Theodore Ts'o
2022-02-24 1:48 ` [Cluster-devel] " Dave Chinner
2022-02-24 1:48 ` Dave Chinner
2022-02-24 3:50 ` Theodore Ts'o [this message]
2022-02-24 3:50 ` Theodore Ts'o
2022-02-24 10:29 ` [Cluster-devel] " Dave Chinner
2022-02-24 10:29 ` Dave Chinner
2022-02-18 2:54 ` [Cluster-devel] " Theodore Ts'o
2022-02-18 2:54 ` Theodore Ts'o
2022-02-18 4:24 ` [Cluster-devel] " Matthew Wilcox
2022-02-18 4:24 ` Matthew Wilcox
2022-02-18 6:03 ` [Cluster-devel] " Theodore Ts'o
2022-02-18 6:03 ` Theodore Ts'o
2022-02-25 19:24 ` [Cluster-devel] [PATCH -v2] ext4: don't BUG if kernel subsystems dirty pages without asking ext4 first Theodore Ts'o
2022-02-25 19:24 ` Theodore Ts'o
2022-02-25 20:51 ` [Cluster-devel] " Eric Biggers
2022-02-25 20:51 ` Eric Biggers
2022-02-25 21:08 ` [Cluster-devel] " Theodore Ts'o
2022-02-25 21:08 ` Theodore Ts'o
2022-02-25 21:23 ` [Cluster-devel] [PATCH -v3] " Theodore Ts'o
2022-02-25 21:23 ` Theodore Ts'o
2022-02-25 21:33 ` [Cluster-devel] " John Hubbard
2022-02-25 21:33 ` John Hubbard
2022-02-25 23:21 ` [Cluster-devel] " Theodore Ts'o
2022-02-25 23:21 ` Theodore Ts'o
2022-02-26 0:18 ` Hillf Danton
2022-02-26 0:41 ` [Cluster-devel] " John Hubbard
2022-02-26 0:41 ` John Hubbard
2022-02-26 1:40 ` [Cluster-devel] " Theodore Ts'o
2022-02-26 1:40 ` Theodore Ts'o
2022-02-26 2:00 ` [Cluster-devel] " Theodore Ts'o
2022-02-26 2:00 ` Theodore Ts'o
2022-02-26 2:55 ` [Cluster-devel] " John Hubbard
2022-02-26 2:55 ` John Hubbard
2022-03-03 4:26 ` [Cluster-devel] [PATCH -v4] " Theodore Ts'o
2022-03-03 4:26 ` Theodore Ts'o
2022-03-03 8:21 ` [Cluster-devel] " Christoph Hellwig
2022-03-03 8:21 ` Christoph Hellwig
2022-03-03 9:21 ` [Cluster-devel] " Lee Jones
2022-03-03 9:21 ` Lee Jones
2022-03-03 14:38 ` [Cluster-devel] [PATCH -v5] ext4: don't BUG if someone " Theodore Ts'o
2022-03-03 14:38 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YhcAcfY1pZTl3sId@mit.edu \
--to=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.