lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 15 Jul 2022 01:00:01 +0000
From:   "Kiselev, Oleg" <okiselev@...zon.com>
To:     Jan Kara <jack@...e.cz>
CC:     "linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org>,
        Theodore Ts'o <tytso@....edu>
Subject: Re: [PATCH 2/2] ext4: avoid resizing to a partial cluster size

Thanks for the review, Jan

> On Jul 14, 2022, at 6:52 AM, Jan Kara <jack@...e.cz> wrote:
> 
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
> 
> 
> 
> On Thu 30-06-22 02:17:22, Kiselev, Oleg wrote:
>> This patch avoids an attempt to resize the filesystem to an
>> unaligned cluster boundary.  An online resize to a size that is not
>> integral to cluster size results in the last iteration attempting to
>> grow the fs by a negative amount, which trips a BUG_ON and leaves the fs
>> with a corrupted in-memory superblock.
>> 
>> Signed-off-by: Oleg Kiselev <okiselev@...zon.com>
>> ---
> ...
> 
>> @@ -1624,7 +1624,8 @@ static int ext4_setup_next_flex_gd(struct super_block *sb,
>> 
>>      o_blocks_count = ext4_blocks_count(es);
>> 
>> -     if (o_blocks_count == n_blocks_count)
>> +     if ((o_blocks_count == n_blocks_count) ||
>> +         ((n_blocks_count - o_blocks_count) < sbi->s_cluster_ratio))
>>              return 0;
> 
> So why do you silently do nothing with unaligned size? I'd expect we should
> catch this condition already in ext4_resize_fs() and return EINVAL in that
> case...

Failing a resize with an error will be an unexpected behavior that will break software that calls resize2fs without specifying the size.  We ran into this issue because we make our filesystems on top of DRBD devices, and DRBD aligns its metadata on 4K boundaries.  This results in space available for the filesystem having an “odd” size.  Our preference is for the utilities to silently fix the fs size down to the nearest “safe” size rather than get sporadic errors.   I had submitted a patch for resize2fs that rounds the fs target size down to the nearest cluster boundary.  In principle it’s similar to the size-rounding that is done now for 4K blocks.   Using updated e2fsprogs isn’t mandatory for using ext4 in the newer kernels, so making the kernel safe(r) for bigalloc resizes seems like a good idea.

> Also this code does something else than what the commit log says. You
> actually check whether there are less than one cluster worth of blocks
> instead of checking whether n_blocks_count is properly aligned. Why is that
> enough?

That’s a good point.  I put a fix as close to the place in the code where this misalignment causes a problem, but it would be better to put a size alignment check in ext4_resize_fs() and trim the request there, instead.  I will make that change and resubmit the patch.

> 
>                                                                Honza
> --
> Jan Kara <jack@...e.com>
> SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ