Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp154431rwd; Wed, 14 Jun 2023 13:47:11 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6d678680Thuh+V+Tjv2CUK3FBCGcx7Bn0hrRqNoa7pQHV5gS7zPWg3XmxbvbU7G2/c66QG X-Received: by 2002:aa7:dd55:0:b0:518:316d:a8e7 with SMTP id o21-20020aa7dd55000000b00518316da8e7mr10285798edw.38.1686775631461; Wed, 14 Jun 2023 13:47:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686775631; cv=none; d=google.com; s=arc-20160816; b=vga9zgNbcAEOSoz+V7Urm+g0VtE/92k9nFmqLpIH8SpoH2o+p72cUake78Tg9t8o1R BrvaKlY35srxlZAjUGbvBrzveWw2iDaeeUgts5m7rJrz+xSbhnc6oFhCAxbCiOddHOkj yZYPs1fAEeC4ZJbO6f9esjblqlPp3XnwPK0/bg7a2rTKN5agT9LM+2F9EnRdIOhopkl8 W71aaE6btmbkOzUUwg1dwg/bMHvu33FNT1hlgXdvmxEPGa205XB4ao3zBhrhsqzX2s/W JxLJRQypQXnvqJn4UoRlxvyW8YNhEZV/hOFPOG1KGBqfA5u6Uwmo64XSRPO7ybHaMyf6 kaqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=5gh9bjRefj/KDabv66hwJi8ENs36WVcGJRChLQjWbYA=; b=rzTSzJSleSKAVZt7gDQV8rIS93oqcgF1gZ8FVfTfraeffz0clKRdJuIx98Vsz90613 qLjInL5ZCDpUYfKcw6WuigILdkodgpeb7zfrbBHd6F0vDytbwCGWDIaAoC4MTjGJ50jT zHBdUDpOwDdkQaOTQ8fZGRcIQLPzzV3uGFpQ5BVxDS7H9BaWFlUnSRUWZ0KsylXYSBuk dUSZ4a6/Pz0JFM2pWos60QO9ioaimHSRtb1vi7twpotH4TZs4/UgQGgGaAbfBwyPYky7 lKe11rH6AQ0t+MJWmN1NC3vKV1Pvb4/X2nzYq14qCRwjevsR6l5KCt79rKHHD3Spobzy Zbxg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@mit.edu header.s=outgoing header.b=FI9jW17y; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mit.edu Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o6-20020aa7c506000000b005187bd4fcb2si1764608edq.569.2023.06.14.13.46.38; Wed, 14 Jun 2023 13:47:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@mit.edu header.s=outgoing header.b=FI9jW17y; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mit.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234964AbjFNUie (ORCPT + 99 others); Wed, 14 Jun 2023 16:38:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55570 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231747AbjFNUid (ORCPT ); Wed, 14 Jun 2023 16:38:33 -0400 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 489E5268B for ; Wed, 14 Jun 2023 13:38:30 -0700 (PDT) Received: from cwcc.thunk.org (pool-173-48-128-67.bstnma.fios.verizon.net [173.48.128.67]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 35EKbf1A018145 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 14 Jun 2023 16:37:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1686775065; bh=5gh9bjRefj/KDabv66hwJi8ENs36WVcGJRChLQjWbYA=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=FI9jW17yMfvEyqLihy1lIpeYry/UisaL05d5WSeuBaSMfcVWLG/0PUBr4tsZfOh4V L3HixeeMCfheeUvacY4oPJs9jjNRVRDaWg6YcR5HFZL9B/PFa5bEXH90fEnlo3TFDs ahTUnOjfVEiHyCpVOIWBeAOsjKrNk93kkcYFY0gCxXt22B8FawdrShWGmt3vansu2+ tYIyN0JoX5sWF+a7u6tgvZXbp88ni1Ri/lZwWIAgUNPbzvwW672chTXcbU3tlDKh8E ubgygM+Q7smgH8aztSq16dn/HxjnV6fQ2Qk5UAQPYCA428wzEtMYYykHJNE0hwf58n lpnguKu17sSmw== Received: by cwcc.thunk.org (Postfix, from userid 15806) id E4AF515C00B0; Wed, 14 Jun 2023 16:37:40 -0400 (EDT) Date: Wed, 14 Jun 2023 16:37:40 -0400 From: "Theodore Ts'o" To: Zhang Yi Cc: Zhihao Cheng , linux-ext4@vger.kernel.org, adilger.kernel@dilger.ca, jack@suse.cz, yi.zhang@huawei.com, yukuai3@huawei.com Subject: Re: [PATCH v3 4/6] jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint Message-ID: <20230614203740.GE51259@mit.edu> References: <20230606135928.434610-1-yi.zhang@huaweicloud.com> <20230606135928.434610-5-yi.zhang@huaweicloud.com> <20230613043120.GB1584772@mit.edu> <20002902-39c5-914b-75b0-5a21b5cee25c@huawei.com> <20230613172749.GA18303@mit.edu> <20230614054222.GD51259@mit.edu> <1033cd3b-e41f-e4e0-c2ee-c4b23979208a@huaweicloud.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="ag+CYUOMmOY8gPc+" Content-Disposition: inline In-Reply-To: <1033cd3b-e41f-e4e0-c2ee-c4b23979208a@huaweicloud.com> X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org --ag+CYUOMmOY8gPc+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Jun 14, 2023 at 09:25:28PM +0800, Zhang Yi wrote: > > Sorry about the regression, I found that this issue is not introduced > by the first patch in this patch series ("jbd2: recheck chechpointing > non-dirty buffer"), is d9eafe0afafa ("jbd2: factor out journal > initialization from journal_get_superblock()") [1] on your dev branch. > > The problem is the journal super block had been failed to write out > due to IO fault, it's uptodate bit was cleared by > end_buffer_write_syn() and didn't reset yet in jbd2_write_superblock(). > And it raced by jbd2_journal_revoke()->jbd2_journal_set_features()-> > jbd2_journal_check_used_features()->journal_get_superblock()->bh_read(), > unfortunately, the read IO is also fail, so the error handling in > journal_fail_superblock() clear the journal->j_sb_buffer, finally lead > to above NULL pointer dereference issue. Thanks for looking into this. What I believe you are saying is that the root cause is that earlier patch, but it is still something about the patch "jbd2: recheck chechpointing non-dirty buffer" which is changing the timing enough that we're hitting this buffer (because without the "recheck checkpointing" patch, I'm not seeing the NULL pointer dereference. As far as the e2fsck bug that was causing it to hang in the ext4/adv test scenario, the patch was a simple one, and I have also checked in a test case which was a reliable reproducer of the problem. (See attached for the patches and more detail.) It is really interesting that "recheck checkpointing" patch is making enough of a difference that it is unmasking these bugs. If you could take a look at these changes and perhaps think about how this patch series could be changing the nature of the corruption (specifically, how symlink inodes referenced from inline directories could be corupted with "rechecking checkpointing", thus unmasking the e2fsprogs, I'd really appreciate it. Thanks, - Ted --ag+CYUOMmOY8gPc+ Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="0001-e2fsck-fix-handling-of-a-invalid-symlink-in-an-inlin.patch" From 8798bbb81687103b0c0f56a42b096884c6032101 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Wed, 14 Jun 2023 14:44:19 -0400 Subject: [PATCH 1/2] e2fsck: fix handling of a invalid symlink in an inline_data directory If there is an inline directory that contains a directory entry to an invalid symlink, and that invalid symlink is the portion of the inline directory stored in an xattr portion of the inode, this can result in a buffer overrun. When check_dir_block() is handling the in-xattr portion of the inline directory, it sets the buf pointer to the beginning of that part of the inline directory. This results in the scratch buffer passed to e2fsck_process_bad_inode() to incorrect, resulting in a buffer overrun if e2fsck_pass1_check_symlink() needs to read the symlink target (when the symlink is too long to fit in the i_blocks[] space). This commit fixes this by using the original cd->buf instead of buf, since it can get modified when handling inline directories. Fixes: 0ac4b3973f31 ("e2fsck: inspect inline dir data as two directory blocks") Signed-off-by: Theodore Ts'o --- e2fsck/pass2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2fsck/pass2.c b/e2fsck/pass2.c index 47f9206f..42f3e5ef 100644 --- a/e2fsck/pass2.c +++ b/e2fsck/pass2.c @@ -1523,7 +1523,7 @@ skip_checksum: dirent->inode)) { if (e2fsck_process_bad_inode(ctx, ino, dirent->inode, - buf + fs->blocksize)) { + cd->buf + fs->blocksize)) { dirent->inode = 0; dir_modified++; goto next; -- 2.31.0 --ag+CYUOMmOY8gPc+ Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="0002-tests-add-test-for-handling-an-invalid-symlink-in-an.patch" From 541ce8f2bb6f91834b5d5b7c98bd4de8998dccc5 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Wed, 14 Jun 2023 15:15:48 -0400 Subject: [PATCH 2/2] tests: add test for handling an invalid symlink in an inline directory Add a test for the commit "e2fsck: fix handling of a invalid symlink in an inline_data directory" Signed-off-by: Theodore Ts'o --- tests/f_inlinedir_bad_symlink/expect.1 | 12 ++++++++++++ tests/f_inlinedir_bad_symlink/expect.2 | 7 +++++++ tests/f_inlinedir_bad_symlink/image.gz | Bin 0 -> 1797 bytes tests/f_inlinedir_bad_symlink/name | 1 + 4 files changed, 20 insertions(+) create mode 100644 tests/f_inlinedir_bad_symlink/expect.1 create mode 100644 tests/f_inlinedir_bad_symlink/expect.2 create mode 100644 tests/f_inlinedir_bad_symlink/image.gz create mode 100644 tests/f_inlinedir_bad_symlink/name diff --git a/tests/f_inlinedir_bad_symlink/expect.1 b/tests/f_inlinedir_bad_symlink/expect.1 new file mode 100644 index 00000000..e1d0e879 --- /dev/null +++ b/tests/f_inlinedir_bad_symlink/expect.1 @@ -0,0 +1,12 @@ +Pass 1: Checking inodes, blocks, and sizes +Pass 2: Checking directory structure +Symlink /a/7 (inode #19) is invalid. +Clear? yes + +Pass 3: Checking directory connectivity +Pass 4: Checking reference counts +Pass 5: Checking group summary information + +test_filesys: ***** FILE SYSTEM WAS MODIFIED ***** +test_filesys: 19/112 files (0.0% non-contiguous), 16/200 blocks +Exit status is 1 diff --git a/tests/f_inlinedir_bad_symlink/expect.2 b/tests/f_inlinedir_bad_symlink/expect.2 new file mode 100644 index 00000000..b881d657 --- /dev/null +++ b/tests/f_inlinedir_bad_symlink/expect.2 @@ -0,0 +1,7 @@ +Pass 1: Checking inodes, blocks, and sizes +Pass 2: Checking directory structure +Pass 3: Checking directory connectivity +Pass 4: Checking reference counts +Pass 5: Checking group summary information +test_filesys: 19/112 files (0.0% non-contiguous), 16/200 blocks +Exit status is 0 diff --git a/tests/f_inlinedir_bad_symlink/image.gz b/tests/f_inlinedir_bad_symlink/image.gz new file mode 100644 index 0000000000000000000000000000000000000000..c5bd71a3b5d3e685ce1ca34650e9325aabf2f498 GIT binary patch literal 1797 zcmeHFZ!p^j7>>HF^p-;%>Xe*+jV3K){xsaU$rPp24pl16*2p3>RYJ_4h^f{o>QB#A zS(9aDRvS4idKUJps<@VkrCUOXUoEFwB){L-=YHt7ed+t{dG3AQ=e_5BQ8iXp zBHNo8`z)!nFDYb%Mn=m_CLczuDKFQk(zgdq8bx@6`dL2Dw8{_BUfOO~Di1%}w*1TKdDmNHxO?s;$?EyVo0DxPd z5+{-yB48bZL)RiLe3Jb-a((K$0u3GhAufIs9)XNcO~WO=fl5ioS-bV^@z2oivE#S+ zLCOO#_NnZX*+{0Wv=>u(xpMEy-1_XA{)JG_0sD zHHapQ#%ejtjYoy{w?D)sQA7nj_XV}5SWO-Z2i1$lGR9$K9!8HNQGouDbBJ=Wy>e?* zd`KP+b6lR`qjt7#oaQ6xkGG9+W;vVBlgtz&5QyoJB`oGKXDqz^ndL4tN104Os290l zw$P#rpPEV_jBnzyBa>&F$h>0!ZL!ZGj?Og;`l{YXlXb(ieY+B7WU(LoTw=ywMCDiS zz{|^D%vtZ!Mx&WEv1o1c1ajWo-ZRS4!s8(*Y94H}=L175sDeTl9WRBhN7d{wL~ifx z(r;PI;QDr(Z`z)_5v47EOVyj&uHyc?#vh5ePKmxuj_z!?!AG_fadCxx-JYTB2UeD{ zIScn#)K6)*^OtgRe>P$0@K9*w*~QTyboiB`03li-nbbVhfO9g(W&KL*YG7Z^%gw@u(CXH6CoPcZT zBUAd6B*v@i{r!#erk6TWSl~pMKdp*v7CdKs9SsD?hZcplbgx*m_X^nPdaawf5Sd=e zcbmRglB{mlYF+uB5kA4cJ@oFGD+tSG%M4`qOVEtr&)1;6p2at7RAWN0yH1}2E`Vy@ zJfM|aQq;3+^`aRGsOAizHH)NEbl;~q>@D`Dk9x