lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <25BFE2C2-8FF2-4064-86D3-6CFBF5A2931F@dilger.ca>
Date:	Thu, 10 Jan 2013 23:44:07 -0700
From:	Andreas Dilger <adilger@...ger.ca>
To:	Eric Sandeen <sandeen@...hat.com>
Cc:	Carlos Maiolino <cmaiolino@...hat.com>, linux-ext4@...r.kernel.org
Subject: Re: new block group bitmaps not being initialized after resize!?

On 2013-01-10, at 6:07 PM, Eric Sandeen wrote:
> On 1/10/13 6:07 PM, Carlos Maiolino wrote:
>> I'm working on a Fedora bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=852833)
>> together with Eric and we found that the problem described on the
>> bugzilla happens when the commit 93f9052643 is not applied, which
>> is the case of the Fedora 16 kernel being discussed there.
> 
> Also, to be clear, this is with older e2fsprogs which was using the
> old resize interface.  Not sure what the behavior is w/ newer
> e2fsprogs, but we don't see the corruption.
> 
> Note, we see the corruption on these older kernels even when resizing from say 100G to 120G.  It appears fixed upstream, but so much has
> changed, we need to be sure the older interface doesn't have bugs
> lurking, I think.

The original resize code didn't ever know about uninit_bg, so it
would always zero out the inode table, so I suspect that this was
added at some later point. 

>> Although we already found the solution to the problem in the commit
>> above, looking through the commit have raised some questions
>> regarding to the bitmap of the newer block groups added to the FS
>> after it is extended.
>> 
>> The newer block groups do not have flags ITABLE_ZEROED and
>> INODE_UNINIT set, even when 'lazy_itable_init' is enabled.
> 
> In particular, we see things like this in the last pre-resize group:
> 
> Group 799: (Blocks 26181632-26214399) [INODE_UNINIT, ITABLE_ZEROED]
>  Checksum 0xafe7, unused inodes 1936
>  Block bitmap at 25165855 (bg #768 + 31), Inode bitmap at 25166111 (bg #768 + 287)
>  Inode table at 25170087-25170207 (bg #768 + 4263)
>  32768 free blocks, 1936 free inodes, 0 directories, 1936 unused inodes
>  Free blocks: 26181632-26214399
>  Free inodes: 1546865-1548800
> 
> and this in the newly-added groups:
> 
> Group 800: (Blocks 26214400-26247167)
>  Checksum 0xddc4, unused inodes 0
>  Block bitmap at 26236224 (+21824), Inode bitmap at 26236225 (+21825)
>  Inode table at 26214400-26214520
>  32645 free blocks, 1936 free inodes, 0 directories
>  Free blocks: 26214521-26236223, 26236226-26247167
>  Free inodes: 1548801-1550736
> 
> so it says 0 unused inodes, but also 1936 free inodes (?), and
> no UNINIT or ZEROED flags set.  e2fsck finds stale data in the inode table, and goes nuts.

Zeroing the inode table but not setting the INODE_ZEROED flag
would not be harmful, but this seems to not be the case.

When the filesystem is remounted, does the kernel lazyinit
thread zero out the new groups in the inode table?


>> Without this commit, inode stale data might be exposed and also makes fsck complain about all inodes of the newer block groups.
> 
> *nod* :)

That's why 

> so 93f9052643 seems to have accidentally fixed this, by setting
> the unused counter to EXT4_INODES_PER_GROUP(), but it feels like
> we've missed properly setting up this block group.

Actually, just setting the unused counter is not enough to properly
fix this problem.  The lazyinit thread should be started to do
background zeroing of the inode table, otherwise if the group
descriptor is corrupted and the bg_itable_unused value is wrong,
then the uninitialized inodes would be accessed.

> To be honest, though, sometimes I get lost in the sea of flags.
> 
>> The question is, are these flags expected to not be found on
>> these newer block groups or they should be set?
> 
> *nod* :)

Depends on how it is implemented. :-/  The flag should definitely
not be set unless the itable is actually overwritten with zeroes.
It makes sense that the lazyinit thread would do this in the
background while the filesystem is mounted instead of waiting for
the next time that the filesystem is mounted.

Looking at the code, it appears that this is not happening at the
end of the resize, since ext4_register_li_request() is marked
static for the superblock.  It looks like it would be relatively
straight forward to add a call to ext4_register_li_request() to
ext4_resize_end() with the first group added to the resize.

It looks like ext4_run_li_request() will skip groups that are
already marked as INODE_ZERO, so it is fine to always call it even
if the kernel is already setting this itself in some cases (not
that I see this happening).

>> The lack of these flags on newer block groups is an expected
>> behaviour or is something that should be fixed?
>> 
>> FWIW, in the old ext4_group_add(), we added EXT4_BG_INODE_ZEROED
>> flag to the bg_flags, also, I did some tests here and the lack
>> of these flags look to not be affecting filesystem integrity,
>> i.e. new inodes can be properly allocated, which sounds that
>> these uninitialized inodes/bitmaps are set to be initialized
>> as soon as a first inode is allocated on these new BGs.

Well, the old code always zeroed the inode table, and it made sense
to mark it as such.

Cheers, Andreas





--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists