* [PATCH] certain data corruption may cause reiserfs to panic, fix.
@ 2002-01-09 13:22 Oleg Drokin
2002-01-09 16:58 ` Marcelo Tosatti
0 siblings, 1 reply; 4+ messages in thread
From: Oleg Drokin @ 2002-01-09 13:22 UTC (permalink / raw)
To: marcelo, linux-kernel, reiserfs-dev
[-- Attachment #1: Type: text/plain, Size: 285 bytes --]
Hello!
Purpose of this patch is to catch events of corrupted ITEM_TYPE fields, and report these to user.
Without this patch, accessing such items will resukt in dereferencing random memory areas in kernel,
and then ooping (most probably).
Please apply.
Bye,
Oleg
[-- Attachment #2: corrupt_items_checks.diff --]
[-- Type: text/plain, Size: 5698 bytes --]
--- linux/include/linux/reiserfs_fs.h.orig Fri Dec 21 17:20:56 2001
+++ linux/include/linux/reiserfs_fs.h Mon Dec 24 14:07:09 2001
@@ -204,7 +204,15 @@
#define REISERFS_VALID_FS 1
#define REISERFS_ERROR_FS 2
-
+//
+// there are 5 item types currently
+//
+#define TYPE_STAT_DATA 0
+#define TYPE_INDIRECT 1
+#define TYPE_DIRECT 2
+#define TYPE_DIRENTRY 3
+#define TYPE_MAXTYPE 3
+#define TYPE_ANY 15 // FIXME: comment is required
/***************************************************************************/
/* KEY & ITEM HEAD */
@@ -240,7 +248,7 @@
{
offset_v2_esafe_overlay tmp = *(offset_v2_esafe_overlay *)v2;
tmp.linear = le64_to_cpu( tmp.linear );
- return tmp.offset_v2.k_type;
+ return (tmp.offset_v2.k_type <= TYPE_MAXTYPE)?tmp.offset_v2.k_type:TYPE_ANY;
}
static inline void set_offset_v2_k_type( struct offset_v2 *v2, int type )
@@ -390,15 +398,6 @@
#define put_block_num(p, i, v) put_unaligned(cpu_to_le32(v), (p) + (i))
//
-// there are 5 item types currently
-//
-#define TYPE_STAT_DATA 0
-#define TYPE_INDIRECT 1
-#define TYPE_DIRECT 2
-#define TYPE_DIRENTRY 3
-#define TYPE_ANY 15 // FIXME: comment is required
-
-//
// in old version uniqueness field shows key type
//
#define V1_SD_UNIQUENESS 0
@@ -1365,7 +1364,7 @@
extern struct item_operations stat_data_ops, indirect_ops, direct_ops,
direntry_ops;
-extern struct item_operations * item_ops [4];
+extern struct item_operations * item_ops [TYPE_ANY + 1];
#define op_bytes_number(ih,bsize) item_ops[le_ih_k_type (ih)]->bytes_number (ih, bsize)
#define op_is_left_mergeable(key,bsize) item_ops[le_key_k_type (le_key_version (key), key)]->is_left_mergeable (key, bsize)
--- linux/fs/reiserfs/stree.c.orig Mon Dec 24 14:14:56 2001
+++ linux/fs/reiserfs/stree.c Mon Dec 24 14:19:50 2001
@@ -524,6 +524,10 @@
ih = (struct item_head *)(buf + BLKH_SIZE);
prev_location = blocksize;
for (i = 0; i < nr; i ++, ih ++) {
+ if ( le_ih_k_type(ih) == TYPE_ANY) {
+ reiserfs_warning ("is_leaf: wrong item type for item %h\n",ih);
+ return 0;
+ }
if (ih_location (ih) >= blocksize || ih_location (ih) < IH_SIZE * nr) {
reiserfs_warning ("is_leaf: item location seems wrong: %h\n", ih);
return 0;
--- linux/fs/reiserfs/item_ops.c.orig Mon Dec 24 13:38:15 2001
+++ linux/fs/reiserfs/item_ops.c Mon Dec 24 14:07:50 2001
@@ -685,17 +685,110 @@
//////////////////////////////////////////////////////////////////////////////
+// Error catching functions to catch errors caused by incorrect item types.
+//
+static int errcatch_bytes_number (struct item_head * ih, int block_size)
+{
+ reiserfs_warning ("green-16001: Invalid item type observed, run fsck ASAP\n");
+ return 0;
+}
+
+static void errcatch_decrement_key (struct cpu_key * key)
+{
+ reiserfs_warning ("green-16002: Invalid item type observed, run fsck ASAP\n");
+}
+
+
+static int errcatch_is_left_mergeable (struct key * key, unsigned long bsize)
+{
+ reiserfs_warning ("green-16003: Invalid item type observed, run fsck ASAP\n");
+ return 0;
+}
+
+
+static void errcatch_print_item (struct item_head * ih, char * item)
+{
+ reiserfs_warning ("green-16004: Invalid item type observed, run fsck ASAP\n");
+}
+
+
+static void errcatch_check_item (struct item_head * ih, char * item)
+{
+ reiserfs_warning ("green-16005: Invalid item type observed, run fsck ASAP\n");
+}
+
+static int errcatch_create_vi (struct virtual_node * vn,
+ struct virtual_item * vi,
+ int is_affected,
+ int insert_size)
+{
+ reiserfs_warning ("green-16006: Invalid item type observed, run fsck ASAP\n");
+ return 0; // We might return -1 here as well, but it won't help as create_virtual_node() from where
+ // this operation is called from is of return type void.
+}
+
+static int errcatch_check_left (struct virtual_item * vi, int free,
+ int start_skip, int end_skip)
+{
+ reiserfs_warning ("green-16007: Invalid item type observed, run fsck ASAP\n");
+ return -1;
+}
+
+
+static int errcatch_check_right (struct virtual_item * vi, int free)
+{
+ reiserfs_warning ("green-16008: Invalid item type observed, run fsck ASAP\n");
+ return -1;
+}
+
+static int errcatch_part_size (struct virtual_item * vi, int first, int count)
+{
+ reiserfs_warning ("green-16009: Invalid item type observed, run fsck ASAP\n");
+ return 0;
+}
+
+static int errcatch_unit_num (struct virtual_item * vi)
+{
+ reiserfs_warning ("green-16010: Invalid item type observed, run fsck ASAP\n");
+ return 0;
+}
+
+static void errcatch_print_vi (struct virtual_item * vi)
+{
+ reiserfs_warning ("green-16011: Invalid item type observed, run fsck ASAP\n");
+}
+
+struct item_operations errcatch_ops = {
+ errcatch_bytes_number,
+ errcatch_decrement_key,
+ errcatch_is_left_mergeable,
+ errcatch_print_item,
+ errcatch_check_item,
+
+ errcatch_create_vi,
+ errcatch_check_left,
+ errcatch_check_right,
+ errcatch_part_size,
+ errcatch_unit_num,
+ errcatch_print_vi
+};
+
+
+
+//////////////////////////////////////////////////////////////////////////////
//
//
#if ! (TYPE_STAT_DATA == 0 && TYPE_INDIRECT == 1 && TYPE_DIRECT == 2 && TYPE_DIRENTRY == 3)
do not compile
#endif
-struct item_operations * item_ops [4] = {
+struct item_operations * item_ops [TYPE_ANY + 1] = {
&stat_data_ops,
&indirect_ops,
&direct_ops,
- &direntry_ops
+ &direntry_ops,
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+ &errcatch_ops /* This is to catch errors with invalid type (15th entry for TYPE_ANY) */
};
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] certain data corruption may cause reiserfs to panic, fix.
2002-01-09 13:22 [PATCH] certain data corruption may cause reiserfs to panic, fix Oleg Drokin
@ 2002-01-09 16:58 ` Marcelo Tosatti
[not found] ` <Pine.LNX.4.21.0201091458360.21044-100000@freak.distro.conectiva >
2002-01-11 9:45 ` [reiserfs-dev] " Oleg Drokin
0 siblings, 2 replies; 4+ messages in thread
From: Marcelo Tosatti @ 2002-01-09 16:58 UTC (permalink / raw)
To: Oleg Drokin; +Cc: linux-kernel, reiserfs-dev
On Wed, 9 Jan 2002, Oleg Drokin wrote:
> Hello!
>
> Purpose of this patch is to catch events of corrupted ITEM_TYPE fields, and report these to user.
> Without this patch, accessing such items will resukt in dereferencing random memory areas in kernel,
> and then ooping (most probably).
> Please apply.
Why corruption is happening in the first place ?
^ permalink raw reply [flat|nested] 4+ messages in thread[parent not found: <Pine.LNX.4.21.0201091458360.21044-100000@freak.distro.conectiva >]
* Re: [PATCH] certain data corruption may cause reiserfs to panic, fix.
[not found] ` <Pine.LNX.4.21.0201091458360.21044-100000@freak.distro.conectiva >
@ 2002-01-09 20:52 ` Chris Mason
0 siblings, 0 replies; 4+ messages in thread
From: Chris Mason @ 2002-01-09 20:52 UTC (permalink / raw)
To: Marcelo Tosatti, Oleg Drokin; +Cc: linux-kernel, reiserfs-dev
On Wednesday, January 09, 2002 02:58:45 PM -0200 Marcelo Tosatti
<marcelo@conectiva.com.br> wrote:
> On Wed, 9 Jan 2002, Oleg Drokin wrote:
>
>> Hello!
>>
>> Purpose of this patch is to catch events of corrupted ITEM_TYPE
>> fields, and report these to user. Without this patch, accessing such
>> items will resukt in dereferencing random memory areas in kernel,
>> and then ooping (most probably).
>> Please apply.
>
> Why corruption is happening in the first place ?
Oddly, the corruption most often caught by this patch was from the early
redhat gcc 2.96.
-chris
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [reiserfs-dev] Re: [PATCH] certain data corruption may cause reiserfs to panic, fix.
2002-01-09 16:58 ` Marcelo Tosatti
[not found] ` <Pine.LNX.4.21.0201091458360.21044-100000@freak.distro.conectiva >
@ 2002-01-11 9:45 ` Oleg Drokin
1 sibling, 0 replies; 4+ messages in thread
From: Oleg Drokin @ 2002-01-11 9:45 UTC (permalink / raw)
To: Marcelo Tosatti; +Cc: linux-kernel, reiserfs-dev
Hello!
On Wed, Jan 09, 2002 at 02:58:45PM -0200, Marcelo Tosatti wrote:
> > Purpose of this patch is to catch events of corrupted ITEM_TYPE fields, and report these to user.
> > Without this patch, accessing such items will resukt in dereferencing random memory areas in kernel,
> > and then ooping (most probably).
> > Please apply.
> Why corruption is happening in the first place ?
As Chris already pointed out, there was a problem with old gcc 2.96.
Also such corruptions might be a fault of a disk, somebody carelessly writing data to reiserfsdisk and so on.
Right now it is way too easy to get reiserfs to panic by mounting specially crafted abd disk image, and this is
bad, I believe, so one of the tasks I am performing is to minimalize such cases. (look at ext2 as an example goal I want to achieve
some time in the future)
Bye,
Oleg
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2002-01-11 9:45 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-01-09 13:22 [PATCH] certain data corruption may cause reiserfs to panic, fix Oleg Drokin
2002-01-09 16:58 ` Marcelo Tosatti
[not found] ` <Pine.LNX.4.21.0201091458360.21044-100000@freak.distro.conectiva >
2002-01-09 20:52 ` Chris Mason
2002-01-11 9:45 ` [reiserfs-dev] " Oleg Drokin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox