From: Dave Chinner <david@fromorbit.com>
To: "Darrick J. Wong" <djwong@kernel.org>
Cc: liuhuan01@kylinos.cn, linux-xfs@vger.kernel.org, cmaiolino@redhat.com
Subject: Re: [PATCH] xfs_db: make sure agblocks is valid to prevent corruption
Date: Tue, 27 Aug 2024 13:23:50 +1000 [thread overview]
Message-ID: <Zs1GxsICOpY/SKzn@dread.disaster.area> (raw)
In-Reply-To: <20240823004912.GU6082@frogsfrogsfrogs>
On Thu, Aug 22, 2024 at 05:49:12PM -0700, Darrick J. Wong wrote:
> On Wed, Aug 21, 2024 at 06:44:12PM +0800, liuhuan01@kylinos.cn wrote:
> > From: liuh <liuhuan01@kylinos.cn>
> >
> > Recently, I was testing xfstests. When I run xfs/350 case, it always generate coredump during the process.
> > xfs_db -c "sb 0" -c "p agblocks" /dev/loop1
> >
> > System will generate signal SIGFPE corrupt the process. And the stack as follow:
> > corrupt at: (*bpp)->b_pag = xfs_perag_get(btp->bt_mount, xfs_daddr_to_agno(btp->bt_mount, blkno)); in function libxfs_getbuf_flags
> > #0 libxfs_getbuf_flags
> > #1 libxfs_getbuf_flags
> > #2 libxfs_buf_read_map
> > #3 libxfs_buf_read
> > #4 libxfs_mount
> > #5 init
> > #6 main
> >
> > The coredump was caused by the corrupt superblock metadata: (mp)->m_sb.sb_agblocks, it was 0.
> > In this case, user cannot run in expert mode also.
> >
> > Never check (mp)->m_sb.sb_agblocks before use it cause this issue.
> > Make sure (mp)->m_sb.sb_agblocks > 0 before libxfs_mount to prevent corruption and leave a message.
> >
> > Signed-off-by: liuh <liuhuan01@kylinos.cn>
> > ---
> > db/init.c | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/db/init.c b/db/init.c
> > index cea25ae5..2d3295ba 100644
> > --- a/db/init.c
> > +++ b/db/init.c
> > @@ -129,6 +129,13 @@ init(
> > }
> > }
> >
> > + if (unlikely(sbp->sb_agblocks == 0)) {
> > + fprintf(stderr,
> > + _("%s: device %s agblocks unexpected\n"),
> > + progname, x.data.name);
> > + exit(1);
>
> What if we set sb_agblocks to 1 and let the debugger continue?
Yeah, I'd prefer that xfs_db will operate on a corrupt filesystem and
maybe crash unexpectedly than to refuse to allow any diagnosis of
the corrupt filesystem.
xfs_db is a debug and forensic analysis tool. Having it crash
because it didn't handle some corruption entirely corectly isn't
something that we should be particularly worried about...
-Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2024-08-27 3:23 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-21 10:44 [PATCH] xfs_db: make sure agblocks is valid to prevent corruption liuhuan01
2024-08-23 0:49 ` Darrick J. Wong
2024-08-27 3:23 ` Dave Chinner [this message]
2024-08-27 10:24 ` liuh
2024-08-27 23:37 ` Dave Chinner
2024-09-02 10:12 ` [PATCH v2] " liuhuan01
2024-09-02 18:56 ` Darrick J. Wong
2024-09-03 2:28 ` Dave Chinner
2024-09-03 10:24 ` [PATCH v3] " liuhuan01
2024-09-16 6:55 ` Carlos Maiolino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zs1GxsICOpY/SKzn@dread.disaster.area \
--to=david@fromorbit.com \
--cc=cmaiolino@redhat.com \
--cc=djwong@kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=liuhuan01@kylinos.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox