[PATCH] resize: check s_log_groups_per_flex before accessing flex groups

[PATCH] resize: check s_log_groups_per_flex before accessing flex groups

[Eric Sandeen]

This is for kernel.org bug:

#13549, Kernel oops while online resizing of an ext4 filesystem

if groups_per_flex < 2, sbi->s_flex_groups[] doesn't get filled out,
and every other access to this first tests s_log_groups_per_flex;
same thing needs to happen in resize or we'll wander off into
a null pointer.

Thanks to Christoph Biedl, who came up with the trivial testcase:

# truncate --size 128M fsfile
# mkfs.ext3 -F fsfile
# tune2fs -O extents,uninit_bg,dir_index,flex_bg,huge_file,dir_nlink,extra_isize fsfile
# e2fsck -yDf -C0 fsfile
# truncate --size 132M fsfile
# losetup /dev/loop0 fsfile
# mount /dev/loop0 mnt
# resize2fs -p /dev/loop0


Reported-by: Alessandro Polverini <alex@nibbles.it>
Test-case-by: Christoph Biedl  <bugzilla.kernel.bpeb@manchmal.in-ulm.de>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
--- 

Index: linux-2.6/fs/ext4/resize.c
===================================================================
--- linux-2.6.orig/fs/ext4/resize.c
+++ linux-2.6/fs/ext4/resize.c
@@ -930,7 +930,8 @@ int ext4_group_add(struct super_block *s
 	percpu_counter_add(&sbi->s_freeinodes_counter,
 			   EXT4_INODES_PER_GROUP(sb));
 
-	if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG)) {
+	if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG) &&
+	    sbi->s_log_groups_per_flex) {
 		ext4_group_t flex_group;
 		flex_group = ext4_flex_group(sbi, input->group);
 		atomic_add(input->free_blocks_count,

Re: [PATCH] resize: check s_log_groups_per_flex before accessing flex groups

[Andreas Dilger]

On 2010-03-27, at 13:32, Eric Sandeen wrote:
> #13549, Kernel oops while online resizing of an ext4 filesystem
>
> if groups_per_flex < 2, sbi->s_flex_groups[] doesn't get filled out,
> and every other access to this first tests s_log_groups_per_flex;
> same thing needs to happen in resize or we'll wander off into
> a null pointer.

Does it even make sense to set INCOMPAT_FLEX_BG if we only have a  
single group per flexbg?  That is just a normal filesystem then.  That  
would be a separate bug in mke2fs.

> Reported-by: Alessandro Polverini <alex@nibbles.it>
> Test-case-by: Christoph Biedl  <bugzilla.kernel.bpeb@manchmal.in-ulm.de 
> >
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
> ---
>
> Index: linux-2.6/fs/ext4/resize.c
> ===================================================================
> --- linux-2.6.orig/fs/ext4/resize.c
> +++ linux-2.6/fs/ext4/resize.c
> @@ -930,7 +930,8 @@ int ext4_group_add(struct super_block *s
> 	percpu_counter_add(&sbi->s_freeinodes_counter,
> 			   EXT4_INODES_PER_GROUP(sb));
>
> -	if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG)) {
> +	if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG) &&
> +	    sbi->s_log_groups_per_flex) {
> 		ext4_group_t flex_group;
> 		flex_group = ext4_flex_group(sbi, input->group);
> 		atomic_add(input->free_blocks_count,
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux- 
> ext4" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


Cheers, Andreas
--
Andreas Dilger
Principal Engineer, Lustre Group
Oracle Corporation Canada Inc.

Re: [PATCH] resize: check s_log_groups_per_flex before accessing flex groups

[Eric Sandeen]

Andreas Dilger wrote:
> On 2010-03-27, at 13:32, Eric Sandeen wrote:
>> #13549, Kernel oops while online resizing of an ext4 filesystem
>>
>> if groups_per_flex < 2, sbi->s_flex_groups[] doesn't get filled out,
>> and every other access to this first tests s_log_groups_per_flex;
>> same thing needs to happen in resize or we'll wander off into
>> a null pointer.
> 
> Does it even make sense to set INCOMPAT_FLEX_BG if we only have a single
> group per flexbg?  That is just a normal filesystem then.  That would be
> a separate bug in mke2fs.

yes, I really wondered about that, but we have this check throughout the
ext4 kernel code right now, so as a quick fix ...

(note in this case it was an ext3 fs converted to ext4, with tune2fs:)

# tune2fs -O extents,uninit_bg,dir_index,flex_bg,huge_file,dir_nlink,extra_isize fsfile

I haven't honestly looked at what it means to "turn on" flex_bg
for a filesystem not originally mkfs'd with it.  I'm not sure it does
anything other than setting the flag, leaving flex group size == group size.

Thanks,
-Eric

Re: [PATCH] resize: check s_log_groups_per_flex before accessing flex groups

[tytso]

On Sun, Mar 28, 2010 at 09:14:07AM -0600, Andreas Dilger wrote:
> On 2010-03-27, at 13:32, Eric Sandeen wrote:
> >#13549, Kernel oops while online resizing of an ext4 filesystem
> >
> >if groups_per_flex < 2, sbi->s_flex_groups[] doesn't get filled out,
> >and every other access to this first tests s_log_groups_per_flex;
> >same thing needs to happen in resize or we'll wander off into
> >a null pointer.
> 
> Does it even make sense to set INCOMPAT_FLEX_BG if we only have a
> single group per flexbg?  That is just a normal filesystem then.
> That would be a separate bug in mke2fs.

Yes, it does make sense to set flex_bg in this case; it allows the
group metadata to be stored outside of a blockgroup, which is helpful
to e2fsck in some cases when it needs to relocate an inode table and
there's no contiguous free space available in the block group.

	   	      	   	 	   - Ted

Re: [PATCH] resize: check s_log_groups_per_flex before accessing flex groups

[tytso]

On Sat, Mar 27, 2010 at 02:32:16PM -0500, Eric Sandeen wrote:
> This is for kernel.org bug:
> 
> #13549, Kernel oops while online resizing of an ext4 filesystem
> 
> if groups_per_flex < 2, sbi->s_flex_groups[] doesn't get filled out,
> and every other access to this first tests s_log_groups_per_flex;
> same thing needs to happen in resize or we'll wander off into
> a null pointer.

Added to the ext4 patch queue, thanks.

				- Ted