From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: tytso@mit.edu, darrick.wong@oracle.com
Cc: linux-ext4@vger.kernel.org
Subject: [PATCH 13/18] libext2fs: Don't cache inodes that fail checksum verification
Date: Fri, 25 Jul 2014 17:34:59 -0700 [thread overview]
Message-ID: <20140726003459.28334.66782.stgit@birch.djwong.org> (raw)
In-Reply-To: <20140726003339.28334.54447.stgit@birch.djwong.org>
If an inode fails checksum verification, don't stuff a copy of it in
the inode cache, because this can cause the library to fail to return
the "corrupt inode" error code.
In general, this happens if ext2fs_read_inode_full() is called twice
on an inode with an incorrect checksum. If fs->flags has
EXT2_FLAG_IGNORE_CSUM_ERRORS set during the first call and *unset*
during the second call, the cache hit during the second call fails to
return EXT2_ET_INODE_CSUM_INVALID as you'd expect. This happens
during fsck if strict_csums is not set, because the first read_inode
call happens as part of check_blocks and the second call happens
during inode checksum revalidation. A file system with a slightly
corrupt non-extent inode will trigger this.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
lib/ext2fs/inode.c | 12 +++++++-----
tests/f_no_cache_corrupt_inode/expect.1 | 12 ++++++++++++
tests/f_no_cache_corrupt_inode/expect.2 | 7 +++++++
tests/f_no_cache_corrupt_inode/image.gz | Bin
tests/f_no_cache_corrupt_inode/name | 1 +
5 files changed, 27 insertions(+), 5 deletions(-)
create mode 100644 tests/f_no_cache_corrupt_inode/expect.1
create mode 100644 tests/f_no_cache_corrupt_inode/expect.2
create mode 100644 tests/f_no_cache_corrupt_inode/image.gz
create mode 100644 tests/f_no_cache_corrupt_inode/name
diff --git a/lib/ext2fs/inode.c b/lib/ext2fs/inode.c
index ca97ab8..9cad5c1 100644
--- a/lib/ext2fs/inode.c
+++ b/lib/ext2fs/inode.c
@@ -580,7 +580,7 @@ errcode_t ext2fs_read_inode_full(ext2_filsys fs, ext2_ino_t ino,
io_channel io;
int length = EXT2_INODE_SIZE(fs->super);
struct ext2_inode_large *iptr;
- int cache_slot;
+ int cache_slot, fail_csum;
EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS);
@@ -658,8 +658,8 @@ errcode_t ext2fs_read_inode_full(ext2_filsys fs, ext2_ino_t ino,
length = EXT2_INODE_SIZE(fs->super);
/* Verify the inode checksum. */
- if (!(fs->flags & EXT2_FLAG_IGNORE_CSUM_ERRORS) &&
- !ext2fs_inode_csum_verify(fs, ino, iptr))
+ fail_csum = !ext2fs_inode_csum_verify(fs, ino, iptr);
+ if (!(fs->flags & EXT2_FLAG_IGNORE_CSUM_ERRORS) && fail_csum)
return EXT2_ET_INODE_CSUM_INVALID;
#ifdef WORDS_BIGENDIAN
@@ -669,8 +669,10 @@ errcode_t ext2fs_read_inode_full(ext2_filsys fs, ext2_ino_t ino,
#endif
/* Update the inode cache bookkeeping */
- fs->icache->cache_last = cache_slot;
- fs->icache->cache[cache_slot].ino = ino;
+ if (!fail_csum) {
+ fs->icache->cache_last = cache_slot;
+ fs->icache->cache[cache_slot].ino = ino;
+ }
memcpy(inode, iptr, (bufsize > length) ? length : bufsize);
return 0;
diff --git a/tests/f_no_cache_corrupt_inode/expect.1 b/tests/f_no_cache_corrupt_inode/expect.1
new file mode 100644
index 0000000..94b2cae
--- /dev/null
+++ b/tests/f_no_cache_corrupt_inode/expect.1
@@ -0,0 +1,12 @@
+Pass 1: Checking inodes, blocks, and sizes
+Inode 12 checksum does not match inode. Running sanity checks.
+Inode 12 passes checks, but checksum does not match inode. Fix? yes
+
+Pass 2: Checking directory structure
+Pass 3: Checking directory connectivity
+Pass 4: Checking reference counts
+Pass 5: Checking group summary information
+
+test_filesys: ***** FILE SYSTEM WAS MODIFIED *****
+test_filesys: 12/128 files (0.0% non-contiguous), 19/512 blocks
+Exit status is 1
diff --git a/tests/f_no_cache_corrupt_inode/expect.2 b/tests/f_no_cache_corrupt_inode/expect.2
new file mode 100644
index 0000000..1b43315
--- /dev/null
+++ b/tests/f_no_cache_corrupt_inode/expect.2
@@ -0,0 +1,7 @@
+Pass 1: Checking inodes, blocks, and sizes
+Pass 2: Checking directory structure
+Pass 3: Checking directory connectivity
+Pass 4: Checking reference counts
+Pass 5: Checking group summary information
+test_filesys: 12/128 files (0.0% non-contiguous), 19/512 blocks
+Exit status is 0
diff --git a/tests/f_no_cache_corrupt_inode/image.gz b/tests/f_no_cache_corrupt_inode/image.gz
new file mode 100644
index 0000000000000000000000000000000000000000..e17e9216deac289cf5c13a33be87b1810640a66d
GIT binary patch
literal 2606
zcmb2|=3wyobSapL`Ry(14B<o>h7a#A{ZQZy>*8x|QnKm@V3(D-?OG_n)#_yJ!7jME
zccFxPCX1kBt6$TLWsAF;`vY|rJyPTFYwCAAxQJ1dedE2Sil)~bqkGT(t$SEM{r$V5
z^84lefA)JjF<e?ThsQ|q%aO%5HClpdtCq=KWj(d^V#U*s0h)apXU_8O?RMHzA<=uf
zx777(Vfx+;+L7*iCMn+(*tTZBLGiB(^L{U9TlbZ}?oIvWJ@U7?-M#B~ud{9gI$`~{
zxf=I(#nr{Fdot<o+4QW>&#ou0{Bmr4M&rwy6_4VU%juSV`?OqhEd#^L$xHU%EzDW<
z?ElgobJqIRTYdVPt0{6lLy>`jA>!Y&Pd7g-O%|Nb4&?o-KKcItPl425PH*=!{G4#|
z%h#*_4)4}`VkCStd1)?t_wjx?k7unP7OYm*66uzk1JrTANZ|X^`FE>t1i#FA^?(1n
zRbT%zGB7lJd+|SCBD&hV^8Z5bYM?TQ-QWIe?>@c^EbH)J9w?O2|IZ#sfxw16qFqPl
zgh4nsNrku1cFj5kly<oNk%a}PGJ+Bf_YI>eZLW0GZ$0}^eC_)0ZyanQqF4V<vCS&B
zI`rz7QQ+1sU*vpSFG$bhS${9;gxW<5zD&#Ke)-<tP0b7S?tZ;rVtn^&{r{a`e+Sq}
z^1u6{U+}+w-~IppLehgRv$V?J`@E}{SDUrJ{Zi2%^ZQ=kf7bt~+4Z`<dfC_C1?ng3
ze~F*^Z<P3W&(ldyQe0)UA4hC;xm~x@e&@gZIhjwt)_+Y2S$q45|Ihd@&i|%IA2HLr
zyU*zF>dL)|HA^P`SDl!%e<C*%K_8AP7!85Z5Eu=C(GVC7fzc2kF9bgP-p6Po@Th@-
HL4g4PrH?{0
literal 0
HcmV?d00001
diff --git a/tests/f_no_cache_corrupt_inode/name b/tests/f_no_cache_corrupt_inode/name
new file mode 100644
index 0000000..fb213e2
--- /dev/null
+++ b/tests/f_no_cache_corrupt_inode/name
@@ -0,0 +1 @@
+don't cache inodes that fail checksum verification
next prev parent reply other threads:[~2014-07-26 0:35 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-26 0:33 [PATCH 00/18] e2fsprogs patchbomb 7/14, part 2 Darrick J. Wong
2014-07-26 0:33 ` [PATCH 01/18] e2fsck: reserve blocks for root/lost+found directory repair Darrick J. Wong
2014-07-26 19:47 ` Theodore Ts'o
2014-07-28 7:27 ` Darrick J. Wong
2014-07-26 0:33 ` [PATCH 02/18] e2fsck: fix merge error in "clear uninit flag on directory extents" Darrick J. Wong
2014-07-26 20:04 ` Theodore Ts'o
2014-07-26 0:33 ` [PATCH 03/18] e2fsck: perform implied cluster allocations when filling a directory hole Darrick J. Wong
2014-07-26 20:08 ` Theodore Ts'o
2014-07-26 0:34 ` [PATCH 04/18] e2fsck: fix rule-violating lblk->pblk mappings on bigalloc filesystems Darrick J. Wong
2014-07-26 6:02 ` Andreas Dilger
2014-07-26 20:27 ` Theodore Ts'o
2014-07-28 8:28 ` Darrick J. Wong
2014-07-28 17:55 ` Darrick J. Wong
2014-07-28 19:32 ` Theodore Ts'o
2014-07-26 0:34 ` [PATCH 05/18] e2fsck: during pass1b delete_file, only free a cluster once Darrick J. Wong
2014-07-26 20:30 ` Theodore Ts'o
2014-07-26 0:34 ` [PATCH 06/18] dumpe2fs: add switch to disable checksum verification Darrick J. Wong
2014-07-26 20:58 ` Theodore Ts'o
2014-07-28 7:48 ` Darrick J. Wong
2014-07-26 0:34 ` [PATCH 07/18] e2fsck: verify checksums after checking everything else Darrick J. Wong
2014-07-26 20:53 ` Theodore Ts'o
2014-07-28 8:27 ` Darrick J. Wong
2014-07-26 0:34 ` [PATCH 08/18] e2fsck: fix the various checksum error messages Darrick J. Wong
2014-07-26 21:09 ` Theodore Ts'o
2014-07-28 7:57 ` Darrick J. Wong
2014-07-26 0:34 ` [PATCH 09/18] e2fsck: insert a missing dirent tail for checksums if possible Darrick J. Wong
2014-07-26 21:13 ` Theodore Ts'o
2014-07-26 0:34 ` [PATCH 10/18] e2fsck: write dir blocks after new inode when reconstructing root/lost+found Darrick J. Wong
2014-07-26 21:18 ` Theodore Ts'o
2014-07-26 0:34 ` [PATCH 11/18] libext2/fsck: correctly preserve fs flags when modifying ignore-csum-error flag Darrick J. Wong
2014-07-27 23:27 ` Theodore Ts'o
2014-07-28 8:06 ` Darrick J. Wong
2014-07-26 0:34 ` [PATCH 12/18] e2fsck: toggle checksum verification error reporting appropriately Darrick J. Wong
2014-07-27 23:37 ` Theodore Ts'o
2014-07-28 7:38 ` Darrick J. Wong
2014-07-28 11:41 ` Theodore Ts'o
2014-07-26 0:34 ` Darrick J. Wong [this message]
2014-07-26 0:35 ` [PATCH 14/18] e2fsck: always recheck an inode checksum failure Darrick J. Wong
2014-07-26 0:35 ` [PATCH 15/18] e2fsck: clear badblocks inode when checksum fails Darrick J. Wong
2014-07-27 23:42 ` Theodore Ts'o
2014-07-26 0:35 ` [PATCH 16/18] e2fsck: leave room for checksum structure when salvaging a directory Darrick J. Wong
2014-07-27 23:45 ` Theodore Ts'o
2014-07-26 0:35 ` [PATCH 17/18] e2fsck: make insert_dirent_tail more robust Darrick J. Wong
2014-07-27 23:48 ` Theodore Ts'o
2014-07-26 0:35 ` [PATCH 18/18] e2fsck: don't offer to fix the checksum of fixed extents Darrick J. Wong
2014-07-27 23:52 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140726003459.28334.66782.stgit@birch.djwong.org \
--to=darrick.wong@oracle.com \
--cc=linux-ext4@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).