lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220524062655.ddiltnfxxhlelfgb@riteshh-domain>
Date:   Tue, 24 May 2022 11:56:55 +0530
From:   Ritesh Harjani <ritesh.list@...il.com>
To:     Jan Kara <jack@...e.cz>
Cc:     Baokun Li <libaokun1@...wei.com>, linux-ext4@...r.kernel.org,
        tytso@....edu, adilger.kernel@...ger.ca,
        linux-kernel@...r.kernel.org, yi.zhang@...wei.com,
        yebin10@...wei.com, yukuai3@...wei.com
Subject: Re: [PATCH 2/2] ext4: correct the judgment of BUG in
 ext4_mb_normalize_request

On 22/05/23 11:08PM, Jan Kara wrote:
> On Tue 24-05-22 01:38:44, Ritesh Harjani wrote:
> > On 22/05/21 09:42PM, Baokun Li wrote:
> > > When either of the "start + size <= ac->ac_o_ex.fe_logical" or
> > > "start > ac->ac_o_ex.fe_logical" conditions is met, it indicates
> > > that the fe_logical is not in the allocated range.
> >
> > Sounds about right to me based on the logic in ext4_mb_use_inode_pa().
> > We try to allocate/preallocate such that ac->ac_o_ex.fe_logical should fall
> > within the preallocated range. So if our start or start + size doesn't include
> > fe_logical then it is a bug in the ext4_mb_normalize_request() logic.
>
> I agree ac->ac_o_ex.fe_logical is a goal block. But AFAIK it never was a
> hard guarantee that we would allocate extent that includes that block. It

Agree that the guarantee is not about the extent which finally gets allocated.
It is only within ext4_mb_normalize_request() that the "start" and "size"
variable calculations is done in such a way that the ac->ac_o_ex.fe_logical
block will always fall within the "start" & "end" boundaries after
normalization.

That is how it also updates the goal block at the end too. ac->ac_g_ex.

> was always treated as a hint only. In particular if you look at the logic
> in ext4_mb_normalize_request() it does shift the start of the allocation to
> avoid preallocated ranges etc.

Yes, I checked the logic of ext4_mb_normalize_request() again.
As I see it (I can be wrong, so please correct me), there is always an attempt
to make "start" & "start + size" such that it covers ac->ac_o_ex.fe_logical
except just one change where we are trimming the size of the request to only
EXT4_BLOCKS_PER_GROUP.

For e.g. when it compares against preallocated ranges. It has a BUG() which
checks if the ac->ac_o_ex.fe_logical already lies in the preallocated range.
Because then we should never have come here to do allocation of a new block.

4143                 /* PA must not overlap original request */
4144                 BUG_ON(!(ac->ac_o_ex.fe_logical >= pa_end ||
4145                         ac->ac_o_ex.fe_logical < pa->pa_lstart));
<...>
4152                 BUG_ON(pa->pa_lstart <= start && pa_end >= end);

Then after skipping the preallocated regions which doesn't fall in between
"start" and "end"...

4147                 /* skip PAs this normalized request doesn't overlap with */
4148                 if (pa->pa_lstart >= end || pa_end <= start) {
4149                         spin_unlock(&pa->pa_lock);
4150                         continue;
4151                 }

...it adjusts "start" and "end" boundary according to allocated PAs boundaries
such that fe_logical is always in between "start" and "end".

4154                 /* adjust start or end to be adjacent to this pa */
4155                 if (pa_end <= ac->ac_o_ex.fe_logical) {
4156                         BUG_ON(pa_end < start);
4157                         start = pa_end;
4158                 } else if (pa->pa_lstart > ac->ac_o_ex.fe_logical) {
4159                         BUG_ON(pa->pa_lstart > end);
4160                         end = pa->pa_lstart;
4161                 }



> so I don't see how we are guaranteed that
> ext4_mb_normalize_request() will result in an allocation request that
> includes ac->ac_o_ex.fe_logical.

It could be I am wrong, but looks like ext4_mb_normalize_request() keeps
ac->ac_o_ex.fe_logical within "start" and "end" of allocation request.
And then updates the goal block.

4196         ac->ac_g_ex.fe_logical = start;
4197         ac->ac_g_ex.fe_len = EXT4_NUM_B2C(sbi, size);

Thoughts?

-ritesh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ