linux-ext4.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 0/2] jbd[2]: fix long-standing data corruption bug
@ 2008-03-15 18:49 Duane Griffin
  2008-03-15 18:49 ` [PATCH] jbd: correctly unescape journal data blocks Duane Griffin
  0 siblings, 1 reply; 7+ messages in thread
From: Duane Griffin @ 2008-03-15 18:49 UTC (permalink / raw)
  To: sct, akpm; +Cc: linux-ext4, duaneg

It seems we have a very long-standing typo in the journal replay magic number
unescaping code that basically means it will cause data corruption if we ever
actually use it. I think this is a candidate for the stable tree.

The following script, run on an FS mounted with data=journal, may be helpful in
reproducing and testing this bug:

#!/bin/bash

rm -rf test-dir && mkdir test-dir

for (( i=0; i != 100; i++ )); do
	printf "\xc0\x3b\x39\x98" > test-dir/$RANDOM
done

while /bin/true; do
	printf "\xc0\x3b\x39\x98" > test-dir/$RANDOM
	rm test-dir/`ls test-dir | sort -R | head -n1`
done

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [PATCH] jbd: correctly unescape journal data blocks
  2008-03-15 18:49 [PATCH 0/2] jbd[2]: fix long-standing data corruption bug Duane Griffin
@ 2008-03-15 18:49 ` Duane Griffin
  2008-03-15 18:49   ` [PATCH] jbd2: " Duane Griffin
                     ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Duane Griffin @ 2008-03-15 18:49 UTC (permalink / raw)
  To: sct, akpm; +Cc: linux-ext4, duaneg

Fix a long-standing typo (predating git) that will cause data corruption if a
journal data block needs unescaping. At the moment the wrong buffer head's data
is being unescaped.

To test this case mount a filesystem with data=journal, start creating and
deleting a bunch of files containing only JFS_MAGIC_NUMBER (0xc03b3998), then
pull the plug on the device. Without this patch the files will contain zeros
instead of the correct data after recovery.

Signed-off-by: Duane Griffin <duaneg@dghda.com>
---
 fs/jbd/recovery.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fs/jbd/recovery.c b/fs/jbd/recovery.c
index 2b8edf4..43bc5e5 100644
--- a/fs/jbd/recovery.c
+++ b/fs/jbd/recovery.c
@@ -478,7 +478,7 @@ static int do_one_pass(journal_t *journal,
 					memcpy(nbh->b_data, obh->b_data,
 							journal->j_blocksize);
 					if (flags & JFS_FLAG_ESCAPE) {
-						*((__be32 *)bh->b_data) =
+						*((__be32 *)nbh->b_data) =
 						cpu_to_be32(JFS_MAGIC_NUMBER);
 					}
 
-- 
1.5.3.7


^ permalink raw reply related	[flat|nested] 7+ messages in thread
* [PATCH] jbd2: correctly unescape journal data blocks
  2008-03-15 18:49 ` [PATCH] jbd: correctly unescape journal data blocks Duane Griffin
@ 2008-03-15 18:49   ` Duane Griffin
  2008-03-17 15:38     ` Jan Kara
  2008-03-17 23:55     ` Andrew Morton
  2008-03-16  0:29   ` [PATCH] jbd: " Andreas Dilger
  2008-03-17 15:38   ` Jan Kara
  2 siblings, 2 replies; 7+ messages in thread
From: Duane Griffin @ 2008-03-15 18:49 UTC (permalink / raw)
  To: sct, akpm; +Cc: linux-ext4, duaneg

Fix a long-standing typo (predating git) that will cause data corruption if a
journal data block needs unescaping. At the moment the wrong buffer head's data
is being unescaped.

To test this case mount a filesystem with data=journal, start creating and
deleting a bunch of files containing only JBD2_MAGIC_NUMBER (0xc03b3998), then
pull the plug on the device. Without this patch the files will contain zeros
instead of the correct data after recovery.

Signed-off-by: Duane Griffin <duaneg@dghda.com>
---
 fs/jbd2/recovery.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fs/jbd2/recovery.c b/fs/jbd2/recovery.c
index 1464113..5d0405a 100644
--- a/fs/jbd2/recovery.c
+++ b/fs/jbd2/recovery.c
@@ -535,7 +535,7 @@ static int do_one_pass(journal_t *journal,
 					memcpy(nbh->b_data, obh->b_data,
 							journal->j_blocksize);
 					if (flags & JBD2_FLAG_ESCAPE) {
-						*((__be32 *)bh->b_data) =
+						*((__be32 *)nbh->b_data) =
 						cpu_to_be32(JBD2_MAGIC_NUMBER);
 					}
 
-- 
1.5.3.7


^ permalink raw reply related	[flat|nested] 7+ messages in thread
* Re: [PATCH] jbd: correctly unescape journal data blocks
  2008-03-15 18:49 ` [PATCH] jbd: correctly unescape journal data blocks Duane Griffin
  2008-03-15 18:49   ` [PATCH] jbd2: " Duane Griffin
@ 2008-03-16  0:29   ` Andreas Dilger
  2008-03-17 15:38   ` Jan Kara
  2 siblings, 0 replies; 7+ messages in thread
From: Andreas Dilger @ 2008-03-16  0:29 UTC (permalink / raw)
  To: Duane Griffin; +Cc: sct, akpm, linux-ext4

On Mar 15, 2008  18:49 +0000, Duane Griffin wrote:
> Fix a long-standing typo (predating git) that will cause data corruption
> if a journal data block needs unescaping. At the moment the wrong buffer
> head's data is being unescaped.
> 
> To test this case mount a filesystem with data=journal, start creating
> and deleting a bunch of files containing only JFS_MAGIC_NUMBER (0xc03b3998),
> then pull the plug on the device. Without this patch the files will contain
> zeros instead of the correct data after recovery.
> 
> Signed-off-by: Duane Griffin <duaneg@dghda.com>
> ---
>  fs/jbd/recovery.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/fs/jbd/recovery.c b/fs/jbd/recovery.c
> index 2b8edf4..43bc5e5 100644
> --- a/fs/jbd/recovery.c
> +++ b/fs/jbd/recovery.c
> @@ -478,7 +478,7 @@ static int do_one_pass(journal_t *journal,
>  					memcpy(nbh->b_data, obh->b_data,
>  							journal->j_blocksize);
>  					if (flags & JFS_FLAG_ESCAPE) {
> -						*((__be32 *)bh->b_data) =
> +						*((__be32 *)nbh->b_data) =
>  						cpu_to_be32(JFS_MAGIC_NUMBER);
>  					}

Note that this would also affect filesystems larger than ~12TB, where
JFS_MAGIC_NUMBER might be the first block number in an ext2/3 indirect
block.  That would cause the indirect block to be zapped and file data
in the whole block would suddenly become zero.  Even worse if this is
the first block in a double-indirect or triple-indirect block, where
4MB or 16GB of the file data would suddenly become a hole.  Unlikely,
but with enough monkeys it would be hit.

Cheers, Andreas
--
Andreas Dilger
Sr. Staff Engineer, Lustre Group
Sun Microsystems of Canada, Inc.


^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH] jbd: correctly unescape journal data blocks
  2008-03-15 18:49 ` [PATCH] jbd: correctly unescape journal data blocks Duane Griffin
  2008-03-15 18:49   ` [PATCH] jbd2: " Duane Griffin
  2008-03-16  0:29   ` [PATCH] jbd: " Andreas Dilger
@ 2008-03-17 15:38   ` Jan Kara
  2 siblings, 0 replies; 7+ messages in thread
From: Jan Kara @ 2008-03-17 15:38 UTC (permalink / raw)
  To: Duane Griffin; +Cc: sct, akpm, linux-ext4

> Fix a long-standing typo (predating git) that will cause data corruption if a
> journal data block needs unescaping. At the moment the wrong buffer head's data
> is being unescaped.
> 
> To test this case mount a filesystem with data=journal, start creating and
> deleting a bunch of files containing only JFS_MAGIC_NUMBER (0xc03b3998), then
> pull the plug on the device. Without this patch the files will contain zeros
> instead of the correct data after recovery.
> 
> Signed-off-by: Duane Griffin <duaneg@dghda.com>
> ---
>  fs/jbd/recovery.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/fs/jbd/recovery.c b/fs/jbd/recovery.c
> index 2b8edf4..43bc5e5 100644
> --- a/fs/jbd/recovery.c
> +++ b/fs/jbd/recovery.c
> @@ -478,7 +478,7 @@ static int do_one_pass(journal_t *journal,
>  					memcpy(nbh->b_data, obh->b_data,
>  							journal->j_blocksize);
>  					if (flags & JFS_FLAG_ESCAPE) {
> -						*((__be32 *)bh->b_data) =
> +						*((__be32 *)nbh->b_data) =
>  						cpu_to_be32(JFS_MAGIC_NUMBER);
>  					}
  Good catch. Acked-by: Jan Kara <jack@suse.cz>

										Honza

-- 
Jan Kara <jack@suse.cz>
SuSE CR Labs

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH] jbd2: correctly unescape journal data blocks
  2008-03-15 18:49   ` [PATCH] jbd2: " Duane Griffin
@ 2008-03-17 15:38     ` Jan Kara
  2008-03-17 23:55     ` Andrew Morton
  1 sibling, 0 replies; 7+ messages in thread
From: Jan Kara @ 2008-03-17 15:38 UTC (permalink / raw)
  To: Duane Griffin; +Cc: sct, akpm, linux-ext4

> Fix a long-standing typo (predating git) that will cause data corruption if a
> journal data block needs unescaping. At the moment the wrong buffer head's data
> is being unescaped.
> 
> To test this case mount a filesystem with data=journal, start creating and
> deleting a bunch of files containing only JBD2_MAGIC_NUMBER (0xc03b3998), then
> pull the plug on the device. Without this patch the files will contain zeros
> instead of the correct data after recovery.
> 
> Signed-off-by: Duane Griffin <duaneg@dghda.com>
> ---
>  fs/jbd2/recovery.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/fs/jbd2/recovery.c b/fs/jbd2/recovery.c
> index 1464113..5d0405a 100644
> --- a/fs/jbd2/recovery.c
> +++ b/fs/jbd2/recovery.c
> @@ -535,7 +535,7 @@ static int do_one_pass(journal_t *journal,
>  					memcpy(nbh->b_data, obh->b_data,
>  							journal->j_blocksize);
>  					if (flags & JBD2_FLAG_ESCAPE) {
> -						*((__be32 *)bh->b_data) =
> +						*((__be32 *)nbh->b_data) =
>  						cpu_to_be32(JBD2_MAGIC_NUMBER);
>  					}
  Acked-by: Jan Kara <jack@suse.cz>

									Honza
-- 
Jan Kara <jack@suse.cz>
SuSE CR Labs

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH] jbd2: correctly unescape journal data blocks
  2008-03-15 18:49   ` [PATCH] jbd2: " Duane Griffin
  2008-03-17 15:38     ` Jan Kara
@ 2008-03-17 23:55     ` Andrew Morton
  1 sibling, 0 replies; 7+ messages in thread
From: Andrew Morton @ 2008-03-17 23:55 UTC (permalink / raw)
  To: Duane Griffin; +Cc: sct, linux-ext4, duaneg, Mingming Cao, Theodore Ts'o

On Sat, 15 Mar 2008 18:49:45 +0000
"Duane Griffin" <duaneg@dghda.com> wrote:

> Fix a long-standing typo (predating git) that will cause data corruption if a
> journal data block needs unescaping. At the moment the wrong buffer head's data
> is being unescaped.
> 
> To test this case mount a filesystem with data=journal, start creating and
> deleting a bunch of files containing only JBD2_MAGIC_NUMBER (0xc03b3998), then
> pull the plug on the device. Without this patch the files will contain zeros
> instead of the correct data after recovery.
> 
> Signed-off-by: Duane Griffin <duaneg@dghda.com>
> ---
>  fs/jbd2/recovery.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/fs/jbd2/recovery.c b/fs/jbd2/recovery.c
> index 1464113..5d0405a 100644
> --- a/fs/jbd2/recovery.c
> +++ b/fs/jbd2/recovery.c
> @@ -535,7 +535,7 @@ static int do_one_pass(journal_t *journal,
>  					memcpy(nbh->b_data, obh->b_data,
>  							journal->j_blocksize);
>  					if (flags & JBD2_FLAG_ESCAPE) {
> -						*((__be32 *)bh->b_data) =
> +						*((__be32 *)nbh->b_data) =
>  						cpu_to_be32(JBD2_MAGIC_NUMBER);
>  					}
>  

Thanks.  Ted, I'll scoot this into Linus and stable@kernel.org tomorrowish.


^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2008-03-17 23:56 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-03-15 18:49 [PATCH 0/2] jbd[2]: fix long-standing data corruption bug Duane Griffin
2008-03-15 18:49 ` [PATCH] jbd: correctly unescape journal data blocks Duane Griffin
2008-03-15 18:49   ` [PATCH] jbd2: " Duane Griffin
2008-03-17 15:38     ` Jan Kara
2008-03-17 23:55     ` Andrew Morton
2008-03-16  0:29   ` [PATCH] jbd: " Andreas Dilger
2008-03-17 15:38   ` Jan Kara

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).