lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 13 Aug 2008 16:10:04 -0400
From:	Theodore Tso <tytso@....edu>
To:	eworm@...or.de
Cc:	linux-ext4@...r.kernel.org, mail@...rm.de
Subject: Re: Oops with ext4 from 2.6.27-rc3

On Wed, Aug 13, 2008 at 08:28:18PM +0200, eworm@...or.de wrote:
> 
> After mounting the partitions and logging in it took half a minute to hang
> the system (or at least freeze all applications that access the fs). The
> log contains the following:
> 
> kernel BUG at fs/ext4/mballoc.c:3963!

This means that we tried to truncate/delete a file while there were
still blocks on i_prealloc_list.  I think I see the problem.  And the
reason why we haven't noticed it is that it only shows up if you have
an indirect block-based file, and you truncate it when you have
previously been writing to it (so i_prealloc_list is not empty).

The problem is that we call ext4_discard_reservation() too late, after
we've started calling ext4_free_branches(), which calls
ext4_free_blocks(), which ultimately calls
ext4_mb_return_to_preallocation(), which is what is BUG-checking.

Can you reproduce the bug?  Things are a little busy on my end, so I
don't have time to try to create a reproducer and test the patch, at
least not for a day or so.  The following patch passes the "It Builds,
Ship It!" test, but not much else.  :-) 

If you could report (a) whether or not you can reproduce the failure,
and (b) whether this patch fixes things, I would be most grateful.

Thanks, regards,

							- Ted

commit b86b40e630893e74d3259f129060cfcb115f7fb9
Author: Theodore Ts'o <tytso@....edu>
Date:   Wed Aug 13 16:07:32 2008 -0400

    ext4: Fix potential truncate BUG due to i_prealloc_list being non-empty
    
    We need to call ext4_discard_reservation() earlier in ext4_truncate(),
    to avoid a BUG() in ext4_mb_return_to_preallocation(), which is called
    (ultimately) by ext4_free_blocks().  So we must ditch the blocks on
    i_prealloc_list before we start freeing the data blocks.
    
    Signed-off-by: "Theodore Ts'o" <tytso@....edu>

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 368ec6b..7f7b0c5 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3512,6 +3512,9 @@ void ext4_truncate(struct inode *inode)
 	 * modify the block allocation tree.
 	 */
 	down_write(&ei->i_data_sem);
+
+	ext4_discard_reservation(inode);
+
 	/*
 	 * The orphan list entry will now protect us from any crash which
 	 * occurs before the truncate completes, so it is now safe to propagate
@@ -3581,8 +3584,6 @@ do_indirects:
 		;
 	}
 
-	ext4_discard_reservation(inode);
-
 	up_write(&ei->i_data_sem);
 	inode->i_mtime = inode->i_ctime = ext4_current_time(inode);
 	ext4_mark_inode_dirty(handle, inode);
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists