xfs
[Top] [All Lists]

Re: [PATCH V2] xfs: be more forgiving of a v4 secondary sb w/ junk in v5

To: Eric Sandeen <sandeen@xxxxxxxxxxx>
Subject: Re: [PATCH V2] xfs: be more forgiving of a v4 secondary sb w/ junk in v5 fields
From: Mark Tinguely <tinguely@xxxxxxx>
Date: Mon, 09 Sep 2013 16:08:43 -0500
Cc: Eric Sandeen <sandeen@xxxxxxxxxx>, "'linux-xfs@xxxxxxxxxxx'" <linux-xfs@xxxxxxxxxxx>
Delivered-to: linux-xfs@xxxxxxxxxxx
In-reply-to: <522E3099.1040503@xxxxxxxxxxx>
References: <520D1BA3.1050500@xxxxxxxxxx> <20130815210018.GR6023@dastard> <520D44E7.1000905@xxxxxxxxxxx> <520D592D.4040600@xxxxxxxxxx> <522E3099.1040503@xxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0) Gecko/20120122 Thunderbird/9.0
On 09/09/13 15:33, Eric Sandeen wrote:
Today, if xfs_sb_read_verify encounters a v4 superblock
with junk past v4 fields which includes data in sb_crc,
it will be treated as a failing checksum and a significant
corruption.

There are known prior bugs which leave junk at the end
of the V4 superblock; we don't need to actually fail the
verification in this case if other checks pan out ok.

So if this is a secondary superblock, and the primary
superblock doesn't indicate that this is a V5 filesystem,
don't treat this as an actual checksum failure.

We should probably check the garbage condition as
we do in xfs_repair, and possibly warn about it
or self-heal, but that's a different scope of work.

Stable folks: This can go back to v3.10, which is what
introduced the sb CRC checking that is tripped up by old,
stale, incorrect V4 superblocks w/ unzeroed bits.

Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Eric Sandeen<sandeen@xxxxxxxxxx>
---

V2: Comment changes: More!  (No code changes)

diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c
index 2b0ba35..b2deab1 100644
--- a/fs/xfs/xfs_mount.c
+++ b/fs/xfs/xfs_mount.c
@@ -749,6 +749,11 @@ xfs_sb_verify(
   * single bit error could clear the feature bit and unused parts of the
   * superblock are supposed to be zero. Hence a non-null crc field indicates 
that
   * we've potentially lost a feature bit and we should check it anyway.
+ *
+ * However, past bugs (i.e. in growfs) left non-zeroed regions beyond the
+ * last field in V4 secondary superblocks.  So for secondary superblocks,
+ * we are more forgiving, and ignore CRC failures if the primary doesn't
+ * indicate that the fs version is V5.
   */
  static void
  xfs_sb_read_verify(
@@ -769,8 +774,12 @@ xfs_sb_read_verify(

                if (!xfs_verify_cksum(bp->b_addr, be16_to_cpu(dsb->sb_sectsize),
                                      offsetof(struct xfs_sb, sb_crc))) {
-                       error = EFSCORRUPTED;
-                       goto out_error;
+                       /* Only fail bad secondaries on a known V5 filesystem */
+                       if (bp->b_bn != XFS_SB_DADDR&&
+                           xfs_sb_version_hascrc(&mp->m_sb)) {
+                               error = EFSCORRUPTED;
+                               goto out_error;
+                       }
                }
        }
        error = xfs_sb_verify(bp, true);

This moved to fs/xfs/xfs_sb.c in TOT, but the patch looks good to me.

Reviewed-by: Mark Tinguely <tinguely@xxxxxxx>

<Prev in Thread] Current Thread [Next in Thread>