From: David Sterba <dsterba@suse.cz>
To: Qu Wenruo <wqu@suse.com>
Cc: linux-btrfs@vger.kernel.org,
Christoph Anton Mitterer <calestyo@scientia.org>
Subject: Re: [PATCH] btrfs: verify the tranisd of the to-be-written dirty extent buffer
Date: Wed, 2 Mar 2022 19:56:51 +0100 [thread overview]
Message-ID: <20220302185651.GU12643@twin.jikos.cz> (raw)
In-Reply-To: <1f011e6358e042e5ae1501e88377267a2a95c09d.1646183319.git.wqu@suse.com>
On Wed, Mar 02, 2022 at 09:10:21AM +0800, Qu Wenruo wrote:
> [BUG]
> There is a bug report that a bitflip in the transid part of an extent
> buffer makes btrfs to reject certain tree blocks:
>
> BTRFS error (device dm-0): parent transid verify failed on 1382301696 wanted 262166 found 22
>
> [CAUSE]
> Note the failed transid check, hex(262166) = 0x40016, while
> hex(22) = 0x16.
>
> It's an obvious bitflip.
Oh, quite. I think I've seen only bits flipped from 0 -> 1, this case is
an interesting evidence.
> Furthermore, the reporter also confirmed the bitflip is from the
> hardware, so it's a real hardware caused bitflip, and such problem can
> not be detected by the existing tree-checker framework.
>
> As tree-checker can only verify the content inside one tree block, while
> generation of a tree block can only be verified against its parent.
>
> So such problem remain undetected.
>
> [FIX]
> Although tree-checker can not verify it at write-time, we still have a
> quick (but not the most accurate) way to catch such obvious corruption.
>
> Function csum_one_extent_buffer() is called before we submit metadata
> write.
>
> Thus it means, all the extent buffer passed in should be dirty tree
> blocks, and should be newer than last committed transaction.
>
> Using that we can catch the above bitflip.
>
> Although it's not a perfect solution, as if the corrupted generation is
> higher than the correct value, we have no way to catch it at all.
>
> Reported-by: Christoph Anton Mitterer <calestyo@scientia.org>
> Link: https://lore.kernel.org/linux-btrfs/2dfcbc130c55cc6fd067b93752e90bd2b079baca.camel@scientia.org/
> Signed-off-by: Qu Wenruo <wqu@suse.com>
Added to misc-next, thanks.
> --- a/fs/btrfs/disk-io.c
> +++ b/fs/btrfs/disk-io.c
> @@ -441,17 +441,31 @@ static int csum_one_extent_buffer(struct extent_buffer *eb)
> else
> ret = btrfs_check_leaf_full(eb);
>
> - if (ret < 0) {
> - btrfs_print_tree(eb, 0);
> + if (ret < 0)
> + goto error;
> +
> + /*
> + * Also check the generation, the eb reached here must be newer than
> + * last committed. Or something seriously wrong happened.
> + */
> + if (btrfs_header_generation(eb) <= fs_info->last_trans_committed) {
For any cases in regular code that leads to EUCLEAN you can use
unlikely() annotation.
next prev parent reply other threads:[~2022-03-02 19:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-02 1:10 [PATCH] btrfs: verify the tranisd of the to-be-written dirty extent buffer Qu Wenruo
2022-03-02 18:56 ` David Sterba [this message]
2022-03-03 4:20 ` Christoph Anton Mitterer
2022-03-07 10:51 ` Nikolay Borisov
2022-03-07 11:11 ` Qu Wenruo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220302185651.GU12643@twin.jikos.cz \
--to=dsterba@suse.cz \
--cc=calestyo@scientia.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=wqu@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox