lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120723041824.GB17588@thunk.org>
Date:	Mon, 23 Jul 2012 00:18:24 -0400
From:	Theodore Ts'o <tytso@....edu>
To:	Brian Foster <bfoster@...hat.com>
Cc:	linux-ext4@...r.kernel.org
Subject: Re: [RFC PATCH 2/2] ext4: undo ei->i_da_metadata_calc_len increment
 if we fail to claim space

On Mon, Apr 02, 2012 at 11:14:20AM -0400, Brian Foster wrote:
> From: Brian Foster <bfoster@...hat.com>
> 
> If we call ext4_calc_metadata_amount() and then fail to claim
> the space, a subsequent successful request to a block covered
> by the same ext2 indirect block will set md_needed to 0, fail
> to update the associated counters and result in a delayed md
> block allocation without a reservation. Decrement
> i_da_metadata_calc_len on failure to ensure the next
> reservation sets md_needed correctly.
> 
> Signed-off-by: Brian Foster <bfoster@...hat.com>

Hi Brian,

This patch was not quite right.  i_data_metadata_calc_len is not the
only side effect of ext4_calc_metadata().  We need to undo the side
effects not only when exit with an error, but also if we yield and
then retry the claim.  Also, in the extent case we don't always modify
i_data_metadata_calc_len, so just decrementing isn't necessarily going
to do the right thing.

So this is the patch which I am testing....

						- Ted

commit 19ec0f1fe139a642f688177ffd2f91a1c09f6bc0
Author: Theodore Ts'o <tytso@....edu>
Date:   Mon Jul 23 00:00:20 2012 -0400

    ext4: undo ext4_calc_metadata_amount if we fail to claim space
    
    The function ext4_calc_metadata_amount() has side effects, although
    it's not obvious from its function name.  So if we fail to claim
    space, regardless of whether we retry to claim the space again, or
    return an error, we need to undo these side effects.
    
    Otherwise we can end up incorrectly calculating the number of metadata
    blocks needed for the operation, which was responsible for an xfstests
    failure for test #271 when using an ext2 file system with delalloc
    enabled.
    
    Reported-by: Brian Foster <bfoster@...hat.com>
    Signed-off-by: "Theodore Ts'o" <tytso@....edu>
    Cc: stable@...r.kernel.org

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 25f809d..89b59cb 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -1182,6 +1182,17 @@ static int ext4_da_reserve_space(struct inode *inode, ext4_lblk_t lblock)
 	struct ext4_inode_info *ei = EXT4_I(inode);
 	unsigned int md_needed;
 	int ret;
+	ext4_lblk_t save_last_lblock;
+	int save_len;
+
+	/*
+	 * We will charge metadata quota at writeout time; this saves
+	 * us from metadata over-estimation, though we may go over by
+	 * a small amount in the end.  Here we just reserve for data.
+	 */
+	ret = dquot_reserve_block(inode, EXT4_C2B(sbi, 1));
+	if (ret)
+		return ret;
 
 	/*
 	 * recalculate the amount of metadata blocks to reserve
@@ -1190,32 +1201,31 @@ static int ext4_da_reserve_space(struct inode *inode, ext4_lblk_t lblock)
 	 */
 repeat:
 	spin_lock(&ei->i_block_reservation_lock);
+	/*
+	 * ext4_calc_metadata_amount() has side effects, which we have
+	 * to be prepared undo if we fail to claim space.
+	 */
+	save_len = ei->i_da_metadata_calc_len;
+	save_last_lblock = ei->i_da_metadata_calc_last_lblock;
 	md_needed = EXT4_NUM_B2C(sbi,
 				 ext4_calc_metadata_amount(inode, lblock));
 	trace_ext4_da_reserve_space(inode, md_needed);
-	spin_unlock(&ei->i_block_reservation_lock);
 
 	/*
-	 * We will charge metadata quota at writeout time; this saves
-	 * us from metadata over-estimation, though we may go over by
-	 * a small amount in the end.  Here we just reserve for data.
-	 */
-	ret = dquot_reserve_block(inode, EXT4_C2B(sbi, 1));
-	if (ret)
-		return ret;
-	/*
 	 * We do still charge estimated metadata to the sb though;
 	 * we cannot afford to run out of free blocks.
 	 */
 	if (ext4_claim_free_clusters(sbi, md_needed + 1, 0)) {
-		dquot_release_reservation_block(inode, EXT4_C2B(sbi, 1));
+		ei->i_da_metadata_calc_len = save_len;
+		ei->i_da_metadata_calc_last_lblock = save_last_lblock;
+		spin_unlock(&ei->i_block_reservation_lock);
 		if (ext4_should_retry_alloc(inode->i_sb, &retries)) {
 			yield();
 			goto repeat;
 		}
+		dquot_release_reservation_block(inode, EXT4_C2B(sbi, 1));
 		return -ENOSPC;
 	}
-	spin_lock(&ei->i_block_reservation_lock);
 	ei->i_reserved_data_blocks++;
 	ei->i_reserved_meta_blocks += md_needed;
 	spin_unlock(&ei->i_block_reservation_lock);
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists