| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Oct 2018 00:57:26 +0300
From: Vasily Averin <vvs@...tuozzo.com>
To: linux-ext4@...r.kernel.org, Theodore Ts'o <tytso@....edu>
Cc: Andreas Dilger <adilger.kernel@...ger.ca>,
linux-kernel@...r.kernel.org
Subject: [PATCH v2 00/11] ext4: number of long lived errors
Last week I've investigated the reason of ext4 resize troubles
on RHEL6 and RHEL7 based OpenVZ kernels.
Failed resize generated lot of "access beyond end of device" messages
followed by warning in __brelse.
EXT4-fs (dm-3): resizing filesystem from 2620416 to 4096256 blocks
attempt to access beyond end of device
dm-3: rw=1, want=32770056, limit=32770048
attempt to access beyond end of device
dm-3: rw=1, want=32770064, limit=32770048
...
attempt to access beyond end of device
dm-3: rw=1, want=32776216, limit=32770048
EXT4-fs (dm-3): resized filesystem to 4096256
WARNING: CPU: 2 PID: 113370 at fs/buffer.c:1171 __brelse+0x2e/0x50
VFS: brelse: Trying to free free buffer
"access beyond end of device" was fixed in mainline by recent commit
f0a459dec5495a ("ext4: fix online resize's handling of a too-small final block group")
However fixed error did not affected bh accounting
and should not lead to warning in __brelse.
Then I've reviewed fs/ext4/resize.c and found a number of long-lived errors,
earliest of them was imported from ext3 in 2.6.19.
First patch in this patch-set fixes the observed problem:
sb_issue_zeroout() failed during attempt to write beyond end of device
rollback switched to "goto end" and called brelse(bh).
however bh was not assigned yet in current iteration,
the pointer was not cleaned properly and was inherited from previous iteration.
To fix the problem I've moved brelse() calls in body of the cycle
to avoid having to call him on rollback.
Other patches fixes visually-found mistakes.
v2 changes:
I've found error in one of v1 patches and fixed it,
then I've found 4 additional issues, mostly related to iloc.bh accounting
Vasily Averin (11):
ext4 resise: extra brelse in setup_new_flex_group_blocks()
ext4 resize: missing brelse() after errors in
set_flexbg_block_bitmap()
ext4 resize: brelse() cleanup in add_new_gdb_meta_bg()
ext4 resize: lost brelse() in update_backups()
ext4 resize: lost rollback in ext4_resize_fs()
ext4 resize: lost resize_inode cleanup before retry in
ext4_resize_fs()
ext4: lost put_bh in ext4_mark_iloc_dirty()
ext4: lost brelse in ext4_orphan_add()
ext4: iloc.bh cleanup in add_new_gdb()
ext4: remove useless brelse call in ext4_xattr_inode_update_ref()
ext4: access to uninitialized bh fields in ext4_xattr_set_handle()
fs/ext4/inode.c | 5 +++--
fs/ext4/namei.c | 4 +++-
fs/ext4/resize.c | 32 ++++++++++++++++++--------------
fs/ext4/xattr.c | 8 +++-----
4 files changed, 27 insertions(+), 22 deletions(-)
--
2.17.1
Powered by blists - more mailing lists