| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Aug 2011 09:18:14 -0700
From: Curt Wohlgemuth <curtw@...gle.com>
To: "Theodore Ts'o" <tytso@....edu>
Cc: Ext4 Developers List <linux-ext4@...r.kernel.org>
Subject: Re: [PATCH -v2] jbd2: instrument jh on wrong transaction BUG_ON's
Hi Ted:
With your latest patch, here's the console output. And no, there are
no interesting messages prior to the crash.
[ 727.933568] general protection fault: 0000 [#1] SMP
[ 727.934001] CPU 2
[ 727.934001] Modules linked in: loop tg3 msr cpuid ipv6 genrtc
[ 727.934001]
[ 727.934001] Pid: 9238, comm: flush-8:16 Not tainted 3.1.0-smp-ext4_test
[ 727.934001] RIP: 0010:[<ffffffff812a159f>] [<ffffffff812a159f>]
jbd2_journal_dirty_metadata+0x19f/0x240
...
[ 727.934001] Process flush-8:16 (pid: 9238, threadinfo
ffff88076c8ec000, task ffff880852529800)
[ 727.934001] Stack:
[ 727.934001] ffff88076c8ed840 ffffffff812a9d46 ffffffff8125c87c
ffff8808577de540
[ 727.934001] ffff880641c32850 0000000000000000 ffff880641c32850
ffff880663985958
[ 727.934001] 000000000000033d ffffffff81640bea ffff88076c8ed8a0
ffffffff812848b3
[ 727.934001] Call Trace:
[ 727.934001] [<ffffffff812a9d46>] ? jbd2_journal_add_journal_head+0x86/0x290
[ 727.934001] [<ffffffff8125c87c>] ? __ext4_journalled_writepage+0xac/0x390
[ 727.934001] [<ffffffff812848b3>] __ext4_handle_dirty_metadata+0x83/0x120
[ 727.934001] [<ffffffff81284c1e>] ? __ext4_journal_get_write_access+0x3e/0x80
[ 727.934001] [<ffffffff8125cac8>] __ext4_journalled_writepage+0x2f8/0x390
[ 727.934001] [<ffffffff8125e264>] ext4_writepage+0x234/0x2f0
[ 727.934001] [<ffffffff81155ad7>] __writepage+0x17/0x40
[ 727.934001] [<ffffffff811574ae>] write_cache_pages+0x29e/0x6d0
[ 727.934001] [<ffffffff813ec4d7>] ? scsi_request_fn+0xd7/0x580
[ 727.934001] [<ffffffff81155ac0>] ? set_page_dirty+0x70/0x70
[ 727.934001] [<ffffffff81157931>] generic_writepages+0x51/0x80
...
where 0xffffffff812a159f is in the printk() , line 1126; it looks like
journal->j_committing_transaction is not NULL, but isn't valid either:
0xffffffff812a1597 <+407>: xor %r8d,%r8d ; put 0 into %r8d
0xffffffff812a159a <+410>: test %rcx,%rcx ; %rcx is
journal->j_committing_transaction, I think
0xffffffff812a159d <+413>: je 0xffffffff812a15a3
<jbd2_journal_dirty_metadata+419> ; if 0, jump over next instruction
0xffffffff812a159f <+415>: mov 0x8(%rcx),%r8d ; put ->t_tid into %r8d
I reformatted/mounted both the main and scratch devices before running
the test, and
export EXT_MOUNT_OPTIONS="-o block_validity,data=journal"
export MKFS_OPTIONS="-t ext4 -O has_journal"
Curt
On Sun, Aug 14, 2011 at 7:11 PM, Theodore Ts'o <tytso@....edu> wrote:
> These assertions have been reported as being tripped. Instrument them
> so we get more information about what might be going on.
>
> Cc: curtw@...gle.com
> Signed-off-by: "Theodore Ts'o" <tytso@....edu>
> ---
> fs/jbd2/transaction.c | 46 +++++++++++++++++++++++++++++++++++++++++-----
> 1 files changed, 41 insertions(+), 5 deletions(-)
>
> diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
> index 2d71094..a242f6f 100644
> --- a/fs/jbd2/transaction.c
> +++ b/fs/jbd2/transaction.c
> @@ -1093,8 +1093,20 @@ int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh)
> */
> if (jh->b_transaction == transaction && jh->b_jlist == BJ_Metadata) {
> JBUFFER_TRACE(jh, "fastpath");
> - J_ASSERT_JH(jh, jh->b_transaction ==
> - journal->j_running_transaction);
> + if (unlikely(jh->b_transaction !=
> + journal->j_running_transaction)) {
> + printk(KERN_EMERG "JBD: %s: "
> + "jh->b_transaction (%llu, %p, %u) != "
> + "journal->j_running_transaction (%p, %u)",
> + journal->j_devname,
> + (unsigned long long) bh->b_blocknr,
> + jh->b_transaction,
> + jh->b_transaction ? jh->b_transaction->t_tid : 0,
> + journal->j_running_transaction,
> + journal->j_running_transaction ?
> + journal->j_running_transaction->t_tid : 0);
> + BUG_ON(1);
> + }
> goto out_unlock_bh;
> }
>
> @@ -1108,9 +1120,33 @@ int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh)
> */
> if (jh->b_transaction != transaction) {
> JBUFFER_TRACE(jh, "already on other transaction");
> - J_ASSERT_JH(jh, jh->b_transaction ==
> - journal->j_committing_transaction);
> - J_ASSERT_JH(jh, jh->b_next_transaction == transaction);
> + if (unlikely(jh->b_transaction !=
> + journal->j_committing_transaction)) {
> + printk(KERN_EMERG "JBD: %s: "
> + "jh->b_transaction (%llu, %p, %u) != "
> + "journal->j_committing_transaction (%p, %u)",
> + journal->j_devname,
> + (unsigned long long) bh->b_blocknr,
> + jh->b_transaction,
> + jh->b_transaction ? jh->b_transaction->t_tid : 0,
> + journal->j_committing_transaction,
> + journal->j_committing_transaction ?
> + journal->j_committing_transaction->t_tid : 0);
> + BUG_ON(1);
> + }
> + if (unlikely(jh->b_next_transaction != transaction)) {
> + printk(KERN_EMERG "JBD: %s: "
> + "jh->b_next_transaction (%llu, %p, %u) != "
> + "transaction (%p, %u)",
> + journal->j_devname,
> + (unsigned long long) bh->b_blocknr,
> + jh->b_next_transaction,
> + jh->b_next_transaction ?
> + jh->b_next_transaction->t_tid : 0,
> + transaction,
> + transaction ? transaction->t_tid : 0);
> + BUG_ON(1);
> + }
> /* And this case is illegal: we can't reuse another
> * transaction's data buffer, ever. */
> goto out_unlock_bh;
> --
> 1.7.4.1.22.gec8e1.dirty
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists