From: Andreas Dilger <adilger@sun.com>
To: Duane Griffin <duaneg@dghda.com>
Cc: linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
akpm@linux-foundation.org, sct@redhat.com, adilger@clusterfs.com,
Sami Liedes <sliedes@cc.hut.fi>
Subject: Re: [PATCH] ext3: validate directory entry data before use
Date: Tue, 24 Jun 2008 00:36:06 -0600 [thread overview]
Message-ID: <20080624063606.GE6239@webber.adilger.int> (raw)
In-Reply-To: <1214013261-32428-1-git-send-email-duaneg@dghda.com>
On Jun 21, 2008 02:54 +0100, Duane Griffin wrote:
> Various places in fs/ext3/namei.c use ext3_next_entry to loop over
> directory entries, but not all of them verify that entries are valid before
> attempting to move to the next one. In the case where rec_len == 0 this
> causes an infinite loop.
>
> Introduce a new version of ext3_next_entry that checks the validity of the
> entry before using its data to find the next one. Rename the original
> function to __ext3_next_entry and use it in places where we already know
> the data is valid.
>
> Note that the changes to empty_dir follow the original code in reporting
> the directory as empty in the presence of errors.
>
> This patch fixes the first case (image hdb.25.softlockup.gz) reported in
> http://bugzilla.kernel.org/show_bug.cgi?id=10882.
>
> Signed-off-by: Duane Griffin <duaneg@dghda.com>
> --
>
> Please note that I've only properly tested the originally reported failure
> case (i.e. the changes to ext3_dx_find_entry).
>
> Reviewers may want to pay particular attention to the changes to do_split,
> make_indexed_dir and empty_dir. I've tried to follow the original code's
> error handling conventions, as noted above for empty_dir, but I'm not sure
> this is the best way to do things.
Just as a note, and not to detract from the validity of this patch -
in the ext2 page-based directory code is somewhat more efficient in this
area. It checks each page a single time when it is first read from disk,
marks the page as checked, and then never has to check the page again.
This wasn't implemented for ext3 because it never changed from buffer-
based directories to page-based directories due to the dependence on
buffer heads for the journaling code.
It would be possible to implement this for ext3/ext4 readdir/lookup by
replacing use of ext3_bread() with a new ext3_bread_dir() - a copy of
ext3_bread() that validates the buffer if it actually needs ll_rw_block()
to read the buffer from disk.
I also note in ext3_readdir() for non-indexed directories that the readahead
doesn't check for !buffer_uptodate(bh) before forcing a read of the next
block.
Cheers, Andreas
--
Andreas Dilger
Sr. Staff Engineer, Lustre Group
Sun Microsystems of Canada, Inc.
next prev parent reply other threads:[~2008-06-24 6:36 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-10882-10286@http.bugzilla.kernel.org/>
2008-06-07 19:19 ` [Bugme-new] [Bug 10882] New: Different kernel crashes on corrupted filesystems Andrew Morton
2008-06-21 1:54 ` [PATCH] ext3: validate directory entry data before use Duane Griffin
2008-06-21 15:54 ` [PATCH, v2] " Duane Griffin
2008-06-21 16:13 ` Jochen Voß
2008-06-21 16:31 ` Duane Griffin
2008-06-25 10:08 ` Jan Kara
2008-06-25 11:30 ` Duane Griffin
2008-06-25 12:11 ` [PATCH, v3] " Duane Griffin
2008-06-25 12:18 ` Jan Kara
2008-06-24 6:36 ` Andreas Dilger [this message]
2008-06-23 21:56 ` [PATCH] ext3: handle corrupted orphan list at mount Duane Griffin
2008-06-23 22:32 ` Sami Liedes
2008-06-24 0:09 ` Duane Griffin
2008-06-24 16:08 ` Jan Kara
2008-06-24 17:16 ` Duane Griffin
2008-06-24 17:18 ` Jan Kara
2008-06-24 13:47 ` [PATCH] ext3: handle deleting corrupted indirect blocks Duane Griffin
2008-06-24 13:57 ` Eric Sandeen
2008-06-24 14:17 ` Duane Griffin
2008-06-24 21:05 ` Andrew Morton
2008-06-25 0:13 ` Mingming
2008-06-25 0:15 ` Duane Griffin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080624063606.GE6239@webber.adilger.int \
--to=adilger@sun.com \
--cc=adilger@clusterfs.com \
--cc=akpm@linux-foundation.org \
--cc=duaneg@dghda.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sct@redhat.com \
--cc=sliedes@cc.hut.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).