* [PATCH] xfs: don't trip over uninitialized buffer on extent read of corrupted inode [not found] <20190718230617.7439-1-mcgrof> @ 2019-07-19 19:30 ` Luis Chamberlain 2019-07-19 21:23 ` Luis Chamberlain 2019-07-19 23:07 ` Luis Chamberlain 0 siblings, 2 replies; 5+ messages in thread From: Luis Chamberlain @ 2019-07-19 19:30 UTC (permalink / raw) To: linux-xfs, gregkh, Alexander.Levin Cc: stable, amir73il, hch, zlang, Brian Foster, Darrick J . Wong, Luis Chamberlain From: Brian Foster <bfoster@redhat.com> commit 6958d11f77d45db80f7e22a21a74d4d5f44dc667 upstream. We've had rather rare reports of bmap btree block corruption where the bmap root block has a level count of zero. The root cause of the corruption is so far unknown. We do have verifier checks to detect this form of on-disk corruption, but this doesn't cover a memory corruption variant of the problem. The latter is a reasonable possibility because the root block is part of the inode fork and can reside in-core for some time before inode extents are read. If this occurs, it leads to a system crash such as the following: BUG: unable to handle kernel paging request at ffffffff00000221 PF error: [normal kernel read fault] ... RIP: 0010:xfs_trans_brelse+0xf/0x200 [xfs] ... Call Trace: xfs_iread_extents+0x379/0x540 [xfs] xfs_file_iomap_begin_delay+0x11a/0xb40 [xfs] ? xfs_attr_get+0xd1/0x120 [xfs] ? iomap_write_begin.constprop.40+0x2d0/0x2d0 xfs_file_iomap_begin+0x4c4/0x6d0 [xfs] ? __vfs_getxattr+0x53/0x70 ? iomap_write_begin.constprop.40+0x2d0/0x2d0 iomap_apply+0x63/0x130 ? iomap_write_begin.constprop.40+0x2d0/0x2d0 iomap_file_buffered_write+0x62/0x90 ? iomap_write_begin.constprop.40+0x2d0/0x2d0 xfs_file_buffered_aio_write+0xe4/0x3b0 [xfs] __vfs_write+0x150/0x1b0 vfs_write+0xba/0x1c0 ksys_pwrite64+0x64/0xa0 do_syscall_64+0x5a/0x1d0 entry_SYSCALL_64_after_hwframe+0x49/0xbe The crash occurs because xfs_iread_extents() attempts to release an uninitialized buffer pointer as the level == 0 value prevented the buffer from ever being allocated or read. Change the level > 0 assert to an explicit error check in xfs_iread_extents() to avoid crashing the kernel in the event of localized, in-core inode corruption. Signed-off-by: Brian Foster <bfoster@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> [mcgrof: fixes kz#204223 ] Signed-off-by: Luis Chamberlain <mcgrof@kernel.org> --- fs/xfs/libxfs/xfs_bmap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c index 3a496ffe6551..ab2465bc413a 100644 --- a/fs/xfs/libxfs/xfs_bmap.c +++ b/fs/xfs/libxfs/xfs_bmap.c @@ -1178,7 +1178,10 @@ xfs_iread_extents( * Root level must use BMAP_BROOT_PTR_ADDR macro to get ptr out. */ level = be16_to_cpu(block->bb_level); - ASSERT(level > 0); + if (unlikely(level == 0)) { + XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW, mp); + return -EFSCORRUPTED; + } pp = XFS_BMAP_BROOT_PTR_ADDR(mp, block, 1, ifp->if_broot_bytes); bno = be64_to_cpu(*pp); -- 2.18.0 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] xfs: don't trip over uninitialized buffer on extent read of corrupted inode 2019-07-19 19:30 ` [PATCH] xfs: don't trip over uninitialized buffer on extent read of corrupted inode Luis Chamberlain @ 2019-07-19 21:23 ` Luis Chamberlain 2019-07-22 14:35 ` Sasha Levin 2019-07-19 23:07 ` Luis Chamberlain 1 sibling, 1 reply; 5+ messages in thread From: Luis Chamberlain @ 2019-07-19 21:23 UTC (permalink / raw) To: linux-xfs, gregkh, Alexander.Levin Cc: stable, amir73il, hch, zlang, Brian Foster, Darrick J . Wong On Fri, Jul 19, 2019 at 07:30:32PM +0000, Luis Chamberlain wrote: > From: Brian Foster <bfoster@redhat.com> > [mcgrof: fixes kz#204223 ] Sorry, spoke too soon, although it helps... it actually still does not fix that exact issue. Fixing this will require a bit more work. You can ignore this patch for stable for now. Luis ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] xfs: don't trip over uninitialized buffer on extent read of corrupted inode 2019-07-19 21:23 ` Luis Chamberlain @ 2019-07-22 14:35 ` Sasha Levin 0 siblings, 0 replies; 5+ messages in thread From: Sasha Levin @ 2019-07-22 14:35 UTC (permalink / raw) To: Luis Chamberlain Cc: linux-xfs, gregkh, Alexander.Levin, stable, amir73il, hch, zlang, Brian Foster, Darrick J . Wong On Fri, Jul 19, 2019 at 09:23:00PM +0000, Luis Chamberlain wrote: >On Fri, Jul 19, 2019 at 07:30:32PM +0000, Luis Chamberlain wrote: >> From: Brian Foster <bfoster@redhat.com> >> [mcgrof: fixes kz#204223 ] > >Sorry, spoke too soon, although it helps... it actually still does not >fix that exact issue. Fixing this will require a bit more work. You can >ignore this patch for stable for now. What about the other 9 patch series? -- Thanks, Sasha ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] xfs: don't trip over uninitialized buffer on extent read of corrupted inode 2019-07-19 19:30 ` [PATCH] xfs: don't trip over uninitialized buffer on extent read of corrupted inode Luis Chamberlain 2019-07-19 21:23 ` Luis Chamberlain @ 2019-07-19 23:07 ` Luis Chamberlain 2019-07-21 21:42 ` Dave Chinner 1 sibling, 1 reply; 5+ messages in thread From: Luis Chamberlain @ 2019-07-19 23:07 UTC (permalink / raw) To: linux-xfs, gregkh, Alexander.Levin Cc: stable, amir73il, hch, zlang, Brian Foster, Darrick J . Wong On Fri, Jul 19, 2019 at 07:30:32PM +0000, Luis Chamberlain wrote: > [mcgrof: fixes kz#204223 ] This patch can be ingored for now for stable. It does not actually fix the issue, just delays it a bit. Once I stress test over 1000 runs with some other fixes I have I'll send a new set of stable fixes. Luis ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] xfs: don't trip over uninitialized buffer on extent read of corrupted inode 2019-07-19 23:07 ` Luis Chamberlain @ 2019-07-21 21:42 ` Dave Chinner 0 siblings, 0 replies; 5+ messages in thread From: Dave Chinner @ 2019-07-21 21:42 UTC (permalink / raw) To: Luis Chamberlain Cc: linux-xfs, gregkh, Alexander.Levin, stable, amir73il, hch, zlang, Brian Foster, Darrick J . Wong On Fri, Jul 19, 2019 at 11:07:29PM +0000, Luis Chamberlain wrote: > On Fri, Jul 19, 2019 at 07:30:32PM +0000, Luis Chamberlain wrote: > > [mcgrof: fixes kz#204223 ] > > This patch can be ingored for now for stable. It does not actually > fix the issue, just delays it a bit. Once I stress test over 1000 > runs with some other fixes I have I'll send a new set of stable > fixes. generic/388 is one of the tests we expect to uncover interesting failures over time. i.e. every time we fix a problem in these tests, it will expose another issue that we haven't been able to exercise until easier-to-hit failures have been fixed. The best you can do right now is minimise the occurence of failures by backporting fixes - this test (like generic/475) will continue to uncover new shutdown and recovery issues as they are exposed by new fixes. Expecting it to pass 1000 times without failure on an older stable kernel is, IMO, a somewhat unrealistic expectation... Cheers, Dave. -- Dave Chinner david@fromorbit.com ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-07-22 14:35 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20190718230617.7439-1-mcgrof>
2019-07-19 19:30 ` [PATCH] xfs: don't trip over uninitialized buffer on extent read of corrupted inode Luis Chamberlain
2019-07-19 21:23 ` Luis Chamberlain
2019-07-22 14:35 ` Sasha Levin
2019-07-19 23:07 ` Luis Chamberlain
2019-07-21 21:42 ` Dave Chinner
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).