xfs
[Top] [All Lists]

Re: XFS bug in log recover with quota (bugzilla id 855)

To: Jan Rekorajski <baggins@xxxxxxxxxxxxxxxxx>
Subject: Re: XFS bug in log recover with quota (bugzilla id 855)
From: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Date: Mon, 16 Nov 2009 08:08:24 -0500
Cc: Christoph Hellwig <hch@xxxxxxxxxxxxx>, xfs@xxxxxxxxxxx
In-reply-to: <20091116115702.GN23522@xxxxxxxxxxxxxxxxx>
References: <20091116115702.GN23522@xxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.19 (2009-01-05)
On Mon, Nov 16, 2009 at 12:57:02PM +0100, Jan Rekorajski wrote:
> Hi,
> I was hit by a bug in linux 2.6.31 when XFS is not able to recover the
> log after a crash if fs was mounted with quotas. Gory details in XFS
> bugzilla: http://oss.sgi.com/bugzilla/show_bug.cgi?id=855.
> 
> It looks like wrong struct is used in buffer length check, and the following
> patch should fix the problem.
> 
> xfs_dqblk_t has a size of 104+32 bytes, while xfs_disk_dquot_t is 104 bytes
> long, and this is exactly what I see in system logs - "XFS: dquot too small
> (104) in xlog_recover_do_dquot_trans."

Yikes, great brown paperbag bug.  Indeed, as per
xfs_qm_dquot_logitem_format() we only log the xfs_disk_dquot_t and not
the full xfs_dqblk_t.

Felix, can you try to get this to Linus before .32 as this is clearly a
regression.

I'll also put the writing of more quota testcases including testing the
log recovery even higher on my todo list.

Reviewed-by: Christoph Hellwig <hch@xxxxxx>

> --- linux-2.6.31.5/fs/xfs/xfs_log_recover.c.orig      2009-11-01 
> 23:59:52.194846209 +0100
> +++ linux-2.6.31.5/fs/xfs/xfs_log_recover.c   2009-11-16 12:47:11.601490963 
> +0100
> @@ -1980,7 +1980,7 @@
>                                       "XFS: NULL dquot in %s.", __func__);
>                               goto next;
>                       }
> -                     if (item->ri_buf[i].i_len < sizeof(xfs_dqblk_t)) {
> +                     if (item->ri_buf[i].i_len < sizeof(xfs_disk_dquot_t)) {
>                               cmn_err(CE_ALERT,
>                                       "XFS: dquot too small (%d) in %s.",
>                                       item->ri_buf[i].i_len, __func__);
> @@ -2636,7 +2636,7 @@
>                       "XFS: NULL dquot in %s.", __func__);
>               return XFS_ERROR(EIO);
>       }
> -     if (item->ri_buf[1].i_len < sizeof(xfs_dqblk_t)) {
> +     if (item->ri_buf[1].i_len < sizeof(xfs_disk_dquot_t)) {
>               cmn_err(CE_ALERT,
>                       "XFS: dquot too small (%d) in %s.",
>                       item->ri_buf[1].i_len, __func__);
> 
> -- 
> Jan Rekorajski            |  ALL SUSPECTS ARE GUILTY. PERIOD!
> baggins<at>mimuw.edu.pl   |  OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY?
> BOFH, MANIAC              |                   -- TROOPS by Kevin Rubio
---end quoted text---

<Prev in Thread] Current Thread [Next in Thread>