xfs
[Top] [All Lists]

Re: [PATCH V2] xfs: be more forgiving of a v4 secondary sb w/ junk in v5

To: Mark Tinguely <tinguely@xxxxxxx>
Subject: Re: [PATCH V2] xfs: be more forgiving of a v4 secondary sb w/ junk in v5 fields
From: Eric Sandeen <sandeen@xxxxxxxxxxx>
Date: Mon, 09 Sep 2013 16:10:22 -0500
Cc: Eric Sandeen <sandeen@xxxxxxxxxx>, "'linux-xfs@xxxxxxxxxxx'" <linux-xfs@xxxxxxxxxxx>
Delivered-to: linux-xfs@xxxxxxxxxxx
In-reply-to: <522E38DB.4020408@xxxxxxx>
References: <520D1BA3.1050500@xxxxxxxxxx> <20130815210018.GR6023@dastard> <520D44E7.1000905@xxxxxxxxxxx> <520D592D.4040600@xxxxxxxxxx> <522E3099.1040503@xxxxxxxxxxx> <522E38DB.4020408@xxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
On 9/9/13 4:08 PM, Mark Tinguely wrote:
> On 09/09/13 15:33, Eric Sandeen wrote:
>> Today, if xfs_sb_read_verify encounters a v4 superblock
>> with junk past v4 fields which includes data in sb_crc,
>> it will be treated as a failing checksum and a significant
>> corruption.
>>
>> There are known prior bugs which leave junk at the end
>> of the V4 superblock; we don't need to actually fail the
>> verification in this case if other checks pan out ok.
>>
>> So if this is a secondary superblock, and the primary
>> superblock doesn't indicate that this is a V5 filesystem,
>> don't treat this as an actual checksum failure.
>>
>> We should probably check the garbage condition as
>> we do in xfs_repair, and possibly warn about it
>> or self-heal, but that's a different scope of work.
>>
>> Stable folks: This can go back to v3.10, which is what
>> introduced the sb CRC checking that is tripped up by old,
>> stale, incorrect V4 superblocks w/ unzeroed bits.
>>
>> Cc: stable@xxxxxxxxxxxxxxx
>> Signed-off-by: Eric Sandeen<sandeen@xxxxxxxxxx>
>> ---
>>
>> V2: Comment changes: More!  (No code changes)
>>
>> diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c
>> index 2b0ba35..b2deab1 100644
>> --- a/fs/xfs/xfs_mount.c
>> +++ b/fs/xfs/xfs_mount.c
>> @@ -749,6 +749,11 @@ xfs_sb_verify(
>>    * single bit error could clear the feature bit and unused parts of the
>>    * superblock are supposed to be zero. Hence a non-null crc field 
>> indicates that
>>    * we've potentially lost a feature bit and we should check it anyway.
>> + *
>> + * However, past bugs (i.e. in growfs) left non-zeroed regions beyond the
>> + * last field in V4 secondary superblocks.  So for secondary superblocks,
>> + * we are more forgiving, and ignore CRC failures if the primary doesn't
>> + * indicate that the fs version is V5.
>>    */
>>   static void
>>   xfs_sb_read_verify(
>> @@ -769,8 +774,12 @@ xfs_sb_read_verify(
>>
>>           if (!xfs_verify_cksum(bp->b_addr, be16_to_cpu(dsb->sb_sectsize),
>>                         offsetof(struct xfs_sb, sb_crc))) {
>> -            error = EFSCORRUPTED;
>> -            goto out_error;
>> +            /* Only fail bad secondaries on a known V5 filesystem */
>> +            if (bp->b_bn != XFS_SB_DADDR&&
>> +                xfs_sb_version_hascrc(&mp->m_sb)) {
>> +                error = EFSCORRUPTED;
>> +                goto out_error;
>> +            }
>>           }
>>       }
>>       error = xfs_sb_verify(bp, true);
> 
> This moved to fs/xfs/xfs_sb.c in TOT, but the patch looks good to me.

Whoops, sorry.  Thanks for the review.  Want a resend?

(Any idea why your mail client eats spaces? "if (bp->b_bn != XFS_SB_DADDR&&" 
isn't
in the original patch...)
 
> Reviewed-by: Mark Tinguely <tinguely@xxxxxxx>

Thanks,
-Eric

<Prev in Thread] Current Thread [Next in Thread>