From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Long Li <leo.lilong@huawei.com>,
"Darrick J. Wong" <djwong@kernel.org>,
Leah Rumancik <leah.rumancik@gmail.com>
Subject: [PATCH 6.1 21/45] xfs: fix sb write verify for lazysbcount
Date: Thu, 23 May 2024 15:13:12 +0200 [thread overview]
Message-ID: <20240523130333.292940842@linuxfoundation.org> (raw)
In-Reply-To: <20240523130332.496202557@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Long Li <leo.lilong@huawei.com>
[ Upstream commit 59f6ab40fd8735c9a1a15401610a31cc06a0bbd6 ]
When lazysbcount is enabled, fsstress and loop mount/unmount test report
the following problems:
XFS (loop0): SB summary counter sanity check failed
XFS (loop0): Metadata corruption detected at xfs_sb_write_verify+0x13b/0x460,
xfs_sb block 0x0
XFS (loop0): Unmount and run xfs_repair
XFS (loop0): First 128 bytes of corrupted metadata buffer:
00000000: 58 46 53 42 00 00 10 00 00 00 00 00 00 28 00 00 XFSB.........(..
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000020: 69 fb 7c cd 5f dc 44 af 85 74 e0 cc d4 e3 34 5a i.|._.D..t....4Z
00000030: 00 00 00 00 00 20 00 06 00 00 00 00 00 00 00 80 ..... ..........
00000040: 00 00 00 00 00 00 00 81 00 00 00 00 00 00 00 82 ................
00000050: 00 00 00 01 00 0a 00 00 00 00 00 04 00 00 00 00 ................
00000060: 00 00 0a 00 b4 b5 02 00 02 00 00 08 00 00 00 00 ................
00000070: 00 00 00 00 00 00 00 00 0c 09 09 03 14 00 00 19 ................
XFS (loop0): Corruption of in-memory data (0x8) detected at _xfs_buf_ioapply
+0xe1e/0x10e0 (fs/xfs/xfs_buf.c:1580). Shutting down filesystem.
XFS (loop0): Please unmount the filesystem and rectify the problem(s)
XFS (loop0): log mount/recovery failed: error -117
XFS (loop0): log mount failed
This corruption will shutdown the file system and the file system will
no longer be mountable. The following script can reproduce the problem,
but it may take a long time.
#!/bin/bash
device=/dev/sda
testdir=/mnt/test
round=0
function fail()
{
echo "$*"
exit 1
}
mkdir -p $testdir
while [ $round -lt 10000 ]
do
echo "******* round $round ********"
mkfs.xfs -f $device
mount $device $testdir || fail "mount failed!"
fsstress -d $testdir -l 0 -n 10000 -p 4 >/dev/null &
sleep 4
killall -w fsstress
umount $testdir
xfs_repair -e $device > /dev/null
if [ $? -eq 2 ];then
echo "ERR CODE 2: Dirty log exception during repair."
exit 1
fi
round=$(($round+1))
done
With lazysbcount is enabled, There is no additional lock protection for
reading m_ifree and m_icount in xfs_log_sb(), if other cpu modifies the
m_ifree, this will make the m_ifree greater than m_icount. For example,
consider the following sequence and ifreedelta is postive:
CPU0 CPU1
xfs_log_sb xfs_trans_unreserve_and_mod_sb
---------- ------------------------------
percpu_counter_sum(&mp->m_icount)
percpu_counter_add_batch(&mp->m_icount,
idelta, XFS_ICOUNT_BATCH)
percpu_counter_add(&mp->m_ifree, ifreedelta);
percpu_counter_sum(&mp->m_ifree)
After this, incorrect inode count (sb_ifree > sb_icount) will be writen to
the log. In the subsequent writing of sb, incorrect inode count (sb_ifree >
sb_icount) will fail to pass the boundary check in xfs_validate_sb_write()
that cause the file system shutdown.
When lazysbcount is enabled, we don't need to guarantee that Lazy sb
counters are completely correct, but we do need to guarantee that sb_ifree
<= sb_icount. On the other hand, the constraint that m_ifree <= m_icount
must be satisfied any time that there /cannot/ be other threads allocating
or freeing inode chunks. If the constraint is violated under these
circumstances, sb_i{count,free} (the ondisk superblock inode counters)
maybe incorrect and need to be marked sick at unmount, the count will
be rebuilt on the next mount.
Fixes: 8756a5af1819 ("libxfs: add more bounds checking to sb sanity checks")
Signed-off-by: Long Li <leo.lilong@huawei.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Leah Rumancik <leah.rumancik@gmail.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_sb.c | 4 +++-
fs/xfs/xfs_mount.c | 15 +++++++++++++++
2 files changed, 18 insertions(+), 1 deletion(-)
--- a/fs/xfs/libxfs/xfs_sb.c
+++ b/fs/xfs/libxfs/xfs_sb.c
@@ -973,7 +973,9 @@ xfs_log_sb(
*/
if (xfs_has_lazysbcount(mp)) {
mp->m_sb.sb_icount = percpu_counter_sum(&mp->m_icount);
- mp->m_sb.sb_ifree = percpu_counter_sum(&mp->m_ifree);
+ mp->m_sb.sb_ifree = min_t(uint64_t,
+ percpu_counter_sum(&mp->m_ifree),
+ mp->m_sb.sb_icount);
mp->m_sb.sb_fdblocks = percpu_counter_sum(&mp->m_fdblocks);
}
--- a/fs/xfs/xfs_mount.c
+++ b/fs/xfs/xfs_mount.c
@@ -538,6 +538,20 @@ xfs_check_summary_counts(
return 0;
}
+static void
+xfs_unmount_check(
+ struct xfs_mount *mp)
+{
+ if (xfs_is_shutdown(mp))
+ return;
+
+ if (percpu_counter_sum(&mp->m_ifree) >
+ percpu_counter_sum(&mp->m_icount)) {
+ xfs_alert(mp, "ifree/icount mismatch at unmount");
+ xfs_fs_mark_sick(mp, XFS_SICK_FS_COUNTERS);
+ }
+}
+
/*
* Flush and reclaim dirty inodes in preparation for unmount. Inodes and
* internal inode structures can be sitting in the CIL and AIL at this point,
@@ -1077,6 +1091,7 @@ xfs_unmountfs(
if (error)
xfs_warn(mp, "Unable to free reserved block pool. "
"Freespace may not be correct on next mount.");
+ xfs_unmount_check(mp);
xfs_log_unmount(mp);
xfs_da_unmount(mp);
next prev parent reply other threads:[~2024-05-23 13:19 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-23 13:12 [PATCH 6.1 00/45] 6.1.92-rc1 review Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 6.1 01/45] drm/amd/display: Fix division by zero in setup_dsc_config Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 6.1 02/45] net: ks8851: Fix another TX stall caused by wrong ISR flag handling Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 6.1 03/45] ice: pass VSI pointer into ice_vc_isvalid_q_id Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 6.1 04/45] ice: remove unnecessary duplicate checks for VF VSI ID Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 6.1 05/45] pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 6.1 06/45] mfd: stpmic1: Fix swapped mask/unmask in irq chip Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 6.1 07/45] nfsd: dont allow nfsd threads to be signalled Greg Kroah-Hartman
2024-05-23 13:12 ` [PATCH 6.1 08/45] KEYS: trusted: Fix memory leak in tpm2_key_encode() Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 09/45] mmc: core: Add HS400 tuning in HS400es initialization Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 10/45] xfs: write page faults in iomap are not buffered writes Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 11/45] xfs: punching delalloc extents on write failure is racy Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 12/45] xfs: use byte ranges for write cleanup ranges Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 13/45] xfs,iomap: move delalloc punching to iomap Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 14/45] iomap: buffered write failure should not truncate the page cache Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 15/45] xfs: xfs_bmap_punch_delalloc_range() should take a byte range Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 16/45] iomap: write iomap validity checks Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 17/45] xfs: use iomap_valid method to detect stale cached iomaps Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 18/45] xfs: drop write error injection is unfixable, remove it Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 19/45] xfs: fix off-by-one-block in xfs_discard_folio() Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 20/45] xfs: fix incorrect error-out in xfs_remove Greg Kroah-Hartman
2024-05-23 13:13 ` Greg Kroah-Hartman [this message]
2024-05-23 13:13 ` [PATCH 6.1 22/45] xfs: fix incorrect i_nlink caused by inode racing Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 23/45] xfs: invalidate block device page cache during unmount Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 24/45] xfs: attach dquots to inode before reading data/cow fork mappings Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 25/45] xfs: wait iclog complete before tearing down AIL Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 26/45] xfs: fix super block buf log item UAF during force shutdown Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 27/45] xfs: hoist refcount record merge predicates Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 28/45] xfs: estimate post-merge refcounts correctly Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 29/45] xfs: invalidate xfs_bufs when allocating cow extents Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 30/45] xfs: allow inode inactivation during a ro mount log recovery Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 31/45] xfs: fix log recovery when unknown rocompat bits are set Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 32/45] xfs: get root inode correctly at bulkstat Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 33/45] xfs: short circuit xfs_growfs_data_private() if delta is zero Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 34/45] arm64: atomics: lse: remove stale dependency on JUMP_LABEL Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 35/45] drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 36/45] binder: fix max_thread type inconsistency Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 37/45] usb: dwc3: Wait unconditionally after issuing EndXfer command Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 38/45] net: usb: ax88179_178a: fix link status when link is set to down/up Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 39/45] usb: typec: ucsi: displayport: Fix potential deadlock Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 40/45] usb: typec: tipd: fix event checking for tps6598x Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 41/45] serial: kgdboc: Fix NMI-safety problems from keyboard reset code Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 42/45] remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 43/45] KEYS: trusted: Do not use WARN when encode fails Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 44/45] admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET Greg Kroah-Hartman
2024-05-23 13:13 ` [PATCH 6.1 45/45] docs: kernel_include.py: Cope with docutils 0.21 Greg Kroah-Hartman
2024-05-23 17:03 ` [PATCH 6.1 00/45] 6.1.92-rc1 review SeongJae Park
2024-05-23 18:17 ` Mark Brown
2024-05-23 20:21 ` Florian Fainelli
2024-05-24 8:13 ` Anders Roxell
2024-05-24 11:21 ` Pavel Machek
2024-05-24 14:37 ` Shuah Khan
2024-05-24 15:20 ` Jon Hunter
2024-05-24 20:35 ` Mateusz Jończyk
2024-05-24 20:38 ` Ron Economos
2024-05-25 1:06 ` Kelsey Steele
2024-05-25 16:25 ` Allen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240523130333.292940842@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=djwong@kernel.org \
--cc=leah.rumancik@gmail.com \
--cc=leo.lilong@huawei.com \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox