From: Theodore Tso <tytso@mit.edu>
To: Nageswara R Sastry <rnsastry@linux.vnet.ibm.com>
Cc: linux-ext4 <linux-ext4@vger.kernel.org>,
Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>,
sachin p sant <sachinp@linux.vnet.ibm.com>,
Ramon <rcvalle@linux.vnet.ibm.com>,
aneesh.kumar@in.ibm.com
Subject: Re: [OOPs] ext4: fixpoint divide exception at ext4_fill_super+0x141c/0x2908
Date: Fri, 6 Nov 2009 14:48:50 -0500 [thread overview]
Message-ID: <20091106194850.GE26342@mit.edu> (raw)
In-Reply-To: <4AF1877C.7010606@linux.vnet.ibm.com>
On Wed, Nov 04, 2009 at 07:24:04PM +0530, Nageswara R Sastry wrote:
> Seems to be I have a little format related issue with the patch. So
> resending it. Please accept my apologies.
> Sachin thanks for letting me know.
>
>> > ------------[ cut here ]------------
>> > Kernel BUG at 000003e00429d934 [verbose debug info unavailable]
>> > fixpoint divide exception: 0009 [#1] SMP
>>
>> Please find the patch which solves the following 'fixpoint divide
>> exception'. I tested the same and not seeing any KERNEL BUG/exception.
Nageswara,
Thanks for sending this patch. The problem with it is that it leaves
sbi->s_log_groups_per_flex non-zero, but it leaves sbi->s_flex_groups
unallocated. This should lead to number of kernel oops caused by a
null pointer dereference if there is any attempt to allocate blocks or
inodes, or to resize the filesystem.
A better fix is would be:
ext4: Avoid divide by zero when trying to mount a corrupted file system
If s_log_groups_per_flex is greater than 31, then groups_per_flex will
will overflow and cause a divide by zero error. This can cause kernel
BUG if such a file system is mounted.
Thanks to Nageswara R Sastry for analyzing the failure and providing
an initial patch.
http://bugzilla.kernel.org/show_bug.cgi?id=14287
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index d4ca92a..8662b2e 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1673,14 +1673,14 @@ static int ext4_fill_flex_info(struct super_block *sb)
size_t size;
int i;
- if (!sbi->s_es->s_log_groups_per_flex) {
+ sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex;
+ groups_per_flex = 1 << sbi->s_log_groups_per_flex;
+
+ if (groups_per_flex < 2) {
sbi->s_log_groups_per_flex = 0;
return 1;
}
- sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex;
- groups_per_flex = 1 << sbi->s_log_groups_per_flex;
prev parent reply other threads:[~2009-11-06 19:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-25 5:39 [OOPs] ext4: fixpoint divide exception at ext4_fill_super+0x141c/0x2908 Nageswara R Sastry
2009-11-04 12:40 ` Nageswara R Sastry
2009-11-04 13:54 ` Nageswara R Sastry
2009-11-06 19:48 ` Theodore Tso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091106194850.GE26342@mit.edu \
--to=tytso@mit.edu \
--cc=aneesh.kumar@in.ibm.com \
--cc=kamalesh@linux.vnet.ibm.com \
--cc=linux-ext4@vger.kernel.org \
--cc=rcvalle@linux.vnet.ibm.com \
--cc=rnsastry@linux.vnet.ibm.com \
--cc=sachinp@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).