From: Nikolay Borisov <nborisov@suse.com>
To: Qu Wenruo <wqu@suse.com>, linux-btrfs@vger.kernel.org
Cc: Christian Zangl <coralllama@gmail.com>
Subject: Re: [PATCH 1/2] btrfs-progs: convert: Prevent bit overflow for cctx->total_bytes
Date: Mon, 20 Jul 2020 15:53:37 +0300 [thread overview]
Message-ID: <cedaf9b9-3f1f-5b67-0ba7-a3d2772ea099@suse.com> (raw)
In-Reply-To: <20200720125109.93970-1-wqu@suse.com>
On 20.07.20 г. 15:51 ч., Qu Wenruo wrote:
> [BUG]
> When convert is called on a 64GiB ext4 fs, it fails like this:
>
> $ btrfs-convert /dev/loop0p1
> create btrfs filesystem:
> blocksize: 4096
> nodesize: 16384
> features: extref, skinny-metadata (default)
> checksum: crc32c
> creating ext2 image file
> ERROR: missing data block for bytenr 1048576
> ERROR: failed to create ext2_saved/image: -2
> WARNING: an error occurred during conversion, filesystem is partially created but not finalized and not mountable
>
> Btrfs-convert also corrupts the source fs:
> $ LANG=C e2fsck /dev/loop0p1 -f
> e2fsck 1.45.6 (20-Mar-2020)
> Resize inode not valid. Recreate<y>? yes
> Pass 1: Checking inodes, blocks, and sizes
> Deleted inode 3681 has zero dtime. Fix<y>? yes
> Inodes that were part of a corrupted orphan linked list found. Fix<y>? yes
> Inode 3744 was part of the orphaned inode list. FIXED.
> Deleted inode 3745 has zero dtime. Fix<y>? yes
> Inode 3747 has INLINE_DATA_FL flag on filesystem without inline data support.
> Clear<y>? yes
> ...
>
> [CAUSE]
> After some debugging, the first strange behavior is, the value of
> cctx->total_bytes is 0 in ext2_open_fs().
>
> It turns out that, the value assign for cctx->total_bytes could lead to
> bit overflow for the unsigned int value.
>
> And that 0 cctx->total_bytes leads to vairous problems for later free
> space calculation.
> For example, in calculate_available_space(), we use cctx->total_bytes to
> ensure we won't create a data chunk beyond device end:
>
> cue_len = min(cctx->total_bytes - cur_off, cur_len);
>
> If that cur_offset is also 0, we will create a cache_extent with 0 size,
> which could cause a lot of problems for cache tree search.
>
> [FIX]
> Do manual casting for the multiply operation, so we could got a real u64
> result.
> The fix will be applied to all supported fses (ext* and reiserfs).
>
> Reported-by: Christian Zangl <coralllama@gmail.com>
> Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
next prev parent reply other threads:[~2020-07-20 12:53 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-20 12:51 [PATCH 1/2] btrfs-progs: convert: Prevent bit overflow for cctx->total_bytes Qu Wenruo
2020-07-20 12:51 ` [PATCH 2/2] btrfs-progs: convert-tests: Add test case for multiply overflow Qu Wenruo
2020-07-20 12:53 ` Nikolay Borisov [this message]
2020-07-20 16:09 ` [PATCH 1/2] btrfs-progs: convert: Prevent bit overflow for cctx->total_bytes David Sterba
2020-07-20 23:51 ` Qu Wenruo
2020-07-21 9:58 ` David Sterba
2020-07-21 10:29 ` Qu Wenruo
2020-07-21 13:55 ` David Sterba
2020-07-21 22:58 ` Qu Wenruo
2020-07-22 11:32 ` David Sterba
2020-07-23 13:31 ` Neal Gompa
2020-07-24 0:01 ` Qu Wenruo
2020-07-28 13:14 ` Neal Gompa
2020-07-28 13:19 ` Qu Wenruo
2020-07-29 1:56 ` Neal Gompa
2020-07-29 2:30 ` Qu Wenruo
2020-07-21 13:57 ` Stefan Traby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cedaf9b9-3f1f-5b67-0ba7-a3d2772ea099@suse.com \
--to=nborisov@suse.com \
--cc=coralllama@gmail.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=wqu@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox