lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Apr 2024 14:18:47 +0800
From: Ye Bin <yebin10@...wei.com>
To: <djwong@...nel.org>, <linux-xfs@...r.kernel.org>,
	<chandan.babu@...cle.com>, <dchinner@...hat.com>
CC: <linux-kernel@...r.kernel.org>, <yebin10@...wei.com>
Subject: [PATCH RFC 1/2] xfs: fix potential create file failed

In the file system expansion test and concurrent file creation and
writing scenarios, file creation fails occasionally.
The detailed test scheme is as follows:
1. If the remaining space is less than 128 MB, expand the space by 1 GB;
   --xfs_growfs /$DEV -D $bc -m 100
2. 32 processes create a file every 0.5s and write 4 KB to 4 MB data randomly.
   --filesize=$((RANDOM % 1024 + 1))
   --dd if=/dev/zero oflag=direct of=$filename bs=4K count=$filesize
There is a possibility that the file fails to be created after the preceding
steps are performed. However, when file creation fails, there are still
hundreds of megabytes of free space.The process of failing to create a file
is as follows:
      Direct write                            create file
xfs_direct_write_iomap_begin
 xfs_iomap_write_direct
   ...
  xfs_alloc_ag_vextent_near
   xfs_alloc_cur_finish
    xfs_alloc_fixup_trees
     xfs_btree_delete
      xfs_btree_delrec
       xfs_allocbt_update_lastrec
        case LASTREC_DELREC:
	 numrecs = xfs_btree_get_numrecs(block);
	 if (numrecs == 0)
	  len = 0;
	 pag->pagf_longest = be32_to_cpu(len);
	                                xfs_generic_create
					 xfs_create
                                          xfs_dialloc
					   for_each_perag_wrap_at
					    xfs_dialloc_good_ag
					     xfs_dialloc_try_ag  ->The last AG to alloc inode
					      xfs_ialloc_ag_alloc
					       ...
					       xfs_alloc_vextent_prepare_ag
					        xfs_alloc_fix_freelist
						 xfs_alloc_space_available
						  longest = xfs_alloc_longest_free_extent()
	                                           ->As pag->pagf_longest is equal to zero
						     longest is equal 1
	                                          if (longest < alloc_len)
	 						return false;
						  -> will return false, no space to
						     allocate for inode
As there isn't hold AGF buffer's lock when call xfs_alloc_space_available()
first time in xfs_alloc_fix_freelist(). If remove the last right leaf record
of CNT btree will update 'pag->pagf_longest' with zero. This process is hold
AGF buffer's lock.Above test case constructs repeatedly allocate space within
the same AG, increasing the concurrency between the two processes.
To solve above issue, there's need to hold AGF buffer's lock before call
xfs_alloc_space_available() to judge space is available for request.

Signed-off-by: Ye Bin <yebin10@...wei.com>
---
 fs/xfs/libxfs/xfs_alloc.c | 32 ++++++++++----------------------
 1 file changed, 10 insertions(+), 22 deletions(-)

diff --git a/fs/xfs/libxfs/xfs_alloc.c b/fs/xfs/libxfs/xfs_alloc.c
index 9da52e92172a..f4a083450a65 100644
--- a/fs/xfs/libxfs/xfs_alloc.c
+++ b/fs/xfs/libxfs/xfs_alloc.c
@@ -2802,14 +2802,16 @@ xfs_alloc_fix_freelist(
 	/* deferred ops (AGFL block frees) require permanent transactions */
 	ASSERT(tp->t_flags & XFS_TRANS_PERM_LOG_RES);
 
-	if (!xfs_perag_initialised_agf(pag)) {
-		error = xfs_alloc_read_agf(pag, tp, alloc_flags, &agbp);
-		if (error) {
-			/* Couldn't lock the AGF so skip this AG. */
-			if (error == -EAGAIN)
-				error = 0;
-			goto out_no_agbp;
-		}
+	/*
+	 * Get the a.g. freespace buffer.
+	 * Can fail if we're not blocking on locks, and it's held.
+	 */
+	error = xfs_alloc_read_agf(pag, tp, alloc_flags, &agbp);
+	if (error) {
+		/* Couldn't lock the AGF so skip this AG. */
+		if (error == -EAGAIN)
+			error = 0;
+		goto out_no_agbp;
 	}
 
 	/*
@@ -2829,20 +2831,6 @@ xfs_alloc_fix_freelist(
 			XFS_ALLOC_FLAG_CHECK))
 		goto out_agbp_relse;
 
-	/*
-	 * Get the a.g. freespace buffer.
-	 * Can fail if we're not blocking on locks, and it's held.
-	 */
-	if (!agbp) {
-		error = xfs_alloc_read_agf(pag, tp, alloc_flags, &agbp);
-		if (error) {
-			/* Couldn't lock the AGF so skip this AG. */
-			if (error == -EAGAIN)
-				error = 0;
-			goto out_no_agbp;
-		}
-	}
-
 	/* reset a padding mismatched agfl before final free space check */
 	if (xfs_perag_agfl_needs_reset(pag))
 		xfs_agfl_reset(tp, agbp, pag);
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ