Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp3911382rwb; Mon, 21 Nov 2022 00:55:03 -0800 (PST) X-Google-Smtp-Source: AA0mqf7+UhH2S05+jG9JheMYvRZx7OIr/+Zj7uP400xldrBpXNPON4gWrBiXnwPMYNs/VLtS5PTZ X-Received: by 2002:a17:906:a0d7:b0:7b2:7af0:c231 with SMTP id bh23-20020a170906a0d700b007b27af0c231mr14097438ejb.240.1669020902985; Mon, 21 Nov 2022 00:55:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669020902; cv=none; d=google.com; s=arc-20160816; b=oyPgeGfig2XCFFdnteU/iXL8wFVVKjnf5tTiuJTDevTFzqJYw0e85GwJLWzf0PTlmn 7FBOpdS8hgJSQcLS0q5XjRpzsLy6dhyF8KkoKGh7RKb9CcDfVrzoxr32y9hY2r99ySLt Bv91YG//iN1A2B4znY0r67MOyamSvBHNztuG2NEesnloO45fxvp8DvVS0KI70yNkZo+U i7S8mrubkqU9sKctuWoWTaPrGJXjYXNWJ4v8P+qxwtjujIZH/0weG3zaNWV1P3AmV/n/ 0Exo9IfHuGN8L261IMSaZ+71Xz2CGJas+qnvcfoUqqXzVjGmaBpqgkFSwWXvc+dQs9Vt /lEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=0xMSkrp2QCMbpWdX9ZXZNxy3sLf1xmTJq6HXuT+6fqY=; b=TivgmS7F+CxaqpU56xykcN4hW2V76DJRerZte7Nau+lGWv454JPPgeQ3zdBS/MXW/N R0OeNiCt3OqLOlrWKTBPX2gIGreicLaKdp1mSjJbUscwggVFQUrZziyKtX7rEqgxIjy7 vvAZBgqAiuliibCGCsTkXl6eUt0POWJjB5ntbrNs6Qyt+yjq+Z+BzKyUUZx4sTNjDxRb LJlURasoQrJ/1v7Dagl6Q/nYiKvO7zmyp/uhQixL66o+iJRFYUeT8w0gfU6qapCjws+N 9YmCL3PdNh7wP9Uh0s5MB0hDbTSgt1tWj0tLtFXiTYgivrSd/zxPfOUuSdtYRNuc5E93 GOJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=HcsEhi7T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gt12-20020a1709072d8c00b007825bd02a6asi10135893ejc.54.2022.11.21.00.54.39; Mon, 21 Nov 2022 00:55:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=HcsEhi7T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230166AbiKUIsk (ORCPT + 91 others); Mon, 21 Nov 2022 03:48:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41336 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229868AbiKUIsg (ORCPT ); Mon, 21 Nov 2022 03:48:36 -0500 Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA4C563EE; Mon, 21 Nov 2022 00:48:35 -0800 (PST) Received: by mail-wr1-x434.google.com with SMTP id e11so5835322wru.8; Mon, 21 Nov 2022 00:48:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=0xMSkrp2QCMbpWdX9ZXZNxy3sLf1xmTJq6HXuT+6fqY=; b=HcsEhi7TopMkZF1xL+/iZzqn1nWtEEoh+vQqmZSFPDN24LzzVw46vI0Jej7V+cGp4a ODMHsK8L7geAAIz+yRj+w0j6y4wryy/5leNYUIapwWbZ4cSXU3Z+N2akGBGdzp5y8d/I 6cadOcDZ/Uq/rrPXcpcIWxXWtfv4Fzd/wjUN4kPqtLBMgBrys/WbZOjeZqqk1xFiYjo2 zcikZJOWFJqgj3M85Hx0DSs8IvOZK6CaggjbUb0cAjc94fBBuFt5by3ST5v1VtQNZQnI ej5MNqEhnwYhanI6YNHoeKuBt/ysjo6kJxynSvUsymGkJgzQj/L9qcYrMRg9YFYlm8eN U8LQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0xMSkrp2QCMbpWdX9ZXZNxy3sLf1xmTJq6HXuT+6fqY=; b=vXlHonlFjAdA47VPgCTrqtTKJ+4y4+IyWrHByaqyi6uKzTax3d10FinBZtlnl7ef5r Mz3PG5DaVSvtwC91XRE2dhMIBQuUA/hiMgHu/KivndQpexcyEQkJHUOagG3zACkXLMKb ygdbkYAgv2miu/T5j/6MoW0CZvx1t/bwdEoj5LPMvpEncg//QqmeTrZPnUFSWSJ+4d+j 905I1YH4XjC6BQyCnsoUCEM/x+o8qf2eWSoqcF6+pY/ARnBrpX4Sa/78PjaBx2Y4Kebt po/8xX0Jt7Z0Zk3kLr2zis2XqWkHVIeIdt/ggIY8sEuOgT8whaZV73EFkspw/j7zk4L1 61Qg== X-Gm-Message-State: ANoB5plF107T1RT6vn+37KtOYCcBjY14x2N9+mh/QDxglm9IFY/iQBDM cAX5bP0cH5Natq2PIQAWRk5t6zQOUzmw/29LZqF4rj8g X-Received: by 2002:a5d:5684:0:b0:236:61bb:c79d with SMTP id f4-20020a5d5684000000b0023661bbc79dmr10082348wrv.632.1669020513969; Mon, 21 Nov 2022 00:48:33 -0800 (PST) MIME-Version: 1.0 References: <20221119093424.193145-1-chenzhongjin@huawei.com> <35670b32-1337-04be-0269-f7f0f845833c@huawei.com> In-Reply-To: <35670b32-1337-04be-0269-f7f0f845833c@huawei.com> From: Ryusuke Konishi Date: Mon, 21 Nov 2022 17:48:15 +0900 Message-ID: Subject: Re: [PATCH v2] nilfs2: Fix nilfs_sufile_mark_dirty() not set segment usage as dirty To: Chen Zhongjin Cc: linux-nilfs@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, akpm@linux-foundation.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Mon, Nov 21, 2022 at 4:45 PM Chen Zhongjin wrote: > On 2022/11/21 14:48, Ryusuke Konishi wrote: > > On Mon, Nov 21, 2022 at 11:16 AM Chen Zhongjin wrote: > >> Hi, > >> > >> On 2022/11/19 22:09, Ryusuke Konishi wrote: > >>> On Sat, Nov 19, 2022 at 6:37 PM Chen Zhongjin wrote: > >>>> In nilfs_sufile_mark_dirty(), the buffer and inode are set dirty, but > >>>> nilfs_segment_usage is not set dirty, which makes it can be found by > >>>> nilfs_sufile_alloc() because it checks nilfs_segment_usage_clean(su). > >>> The body of the patch looks OK, but this part of the commit log is a > >>> bit misleading. > >>> Could you please modify the expression so that we can understand this > >>> patch fixes the issue when the disk image is corrupted and the leak > >>> wasn't always there ? > >> Makes sense. I'm going to fix the message as this: > > Thank you for responding to my comment. > > > >> When extending segment, the current segment is allocated and set dirty > >> by previous nilfs_sufile_alloc(). > >> But for some special cases such as corrupted image it can be unreliable, > >> so nilfs_sufile_mark_dirty() > >> is called to promise that current segment is dirty. > > This sentence is a little different because nilfs_sufile_mark_dirty() > > is originally called to dirty the buffer to include it as a part of > > the log of nilfs ahead, where the completed usage data will be stored > > later. > > > > And, unlike the dirty state of buffers and inodes, the dirty state of > > segments is persistent and resides on disk until it's freed by > > nilfs_sufile_free() unless it's destroyed on disk. > > > >> However, nilfs_sufile_mark_dirty() only sets buffer and inode dirty > >> while nilfs_segment_usage can > >> still be clean an used by following nilfs_sufile_alloc() because it > >> checks nilfs_segment_usage_clean(su). > >> > >> This will cause the problem reported... > > So, how about a description like this: > > > > When extending segments, nilfs_sufile_alloc() is called to get an > > unassigned segment. > > nilfs_sufile_alloc() then marks it as dirty to avoid accidentally > > allocating the same segment in the future. > > But for some special cases such as a corrupted image it can be unreliable. > > > > If such corruption of the dirty state of the segment occurs, nilfs2 > > may reallocate a segment that is in use and pick the same segment for > > writing twice at the same time. > > ... > > This will cause the reported problem. > > ... > > Fix the problem by setting usage as dirty every time in > > nilfs_sufile_mark_dirty() which is called for the current segment > > before allocating additional segments during constructing segments to > > be written out. > > Thanks for your explanation! > > I made some simplification, so everything looks like: > > > When extending segments, nilfs_sufile_alloc() is called to get an > unassigned segment, then mark it as dirty to avoid accidentally > allocating the same segment in the future. > > But for some special cases such as a corrupted image it can be > unreliable. > If such corruption of the dirty state of the segment occurs, nilfs2 may > reallocate a segment that is in use and pick the same segment for > writing twice at the same time. > > This will cause the problem reported by syzkaller: > https://syzkaller.appspot.com/bug?id=c7c4748e11ffcc367cef04f76e02e931833cbd24 > > This case started with segbuf1.segnum = 3, nextnum = 4 when constructed. > It supposed segment 4 has already been allocated and marked as dirty. > > However the dirty state was corrupted and segment 4 usage was not dirty. > For the first time nilfs_segctor_extend_segments() segment 4 was > allocated again, which made segbuf2 and next segbuf3 had same segment 4. > > sb_getblk() will get same bh for segbuf2 and segbuf3, and this bh is > added to both buffer lists of two segbuf. It makes the lists broken > which causes NULL pointer dereference. > > Fix the problem by setting usage as dirty every time in > nilfs_sufile_mark_dirty(), which is called during constructing current > segment to be written out and before allocating next segment. > > Also add lock in it to protect the usage modification. You don't have to say this because this lock is needed to complete your modification and not the original. If you want to mention it, how about saying like this: Along with this change, this also adds a lock in it to protect the usage modification. > If it looks good, I'll sent the v3 patch for it. > > Best, > Chen I think the rest is OK as an overall description. Thanks, Ryusuke Konishi