On 9/9/13 4:08 PM, Mark Tinguely wrote:
> On 09/09/13 15:33, Eric Sandeen wrote:
>> Today, if xfs_sb_read_verify encounters a v4 superblock
>> with junk past v4 fields which includes data in sb_crc,
>> it will be treated as a failing checksum and a significant
>> corruption.
>>
>> There are known prior bugs which leave junk at the end
>> of the V4 superblock; we don't need to actually fail the
>> verification in this case if other checks pan out ok.
>>
>> So if this is a secondary superblock, and the primary
>> superblock doesn't indicate that this is a V5 filesystem,
>> don't treat this as an actual checksum failure.
>>
>> We should probably check the garbage condition as
>> we do in xfs_repair, and possibly warn about it
>> or self-heal, but that's a different scope of work.
>>
>> Stable folks: This can go back to v3.10, which is what
>> introduced the sb CRC checking that is tripped up by old,
>> stale, incorrect V4 superblocks w/ unzeroed bits.
>>
>> Cc: stable@xxxxxxxxxxxxxxx
>> Signed-off-by: Eric Sandeen<sandeen@xxxxxxxxxx>
>> ---
>>
>> V2: Comment changes: More! (No code changes)
>>
>> diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c
>> index 2b0ba35..b2deab1 100644
>> --- a/fs/xfs/xfs_mount.c
>> +++ b/fs/xfs/xfs_mount.c
>> @@ -749,6 +749,11 @@ xfs_sb_verify(
>> * single bit error could clear the feature bit and unused parts of the
>> * superblock are supposed to be zero. Hence a non-null crc field
>> indicates that
>> * we've potentially lost a feature bit and we should check it anyway.
>> + *
>> + * However, past bugs (i.e. in growfs) left non-zeroed regions beyond the
>> + * last field in V4 secondary superblocks. So for secondary superblocks,
>> + * we are more forgiving, and ignore CRC failures if the primary doesn't
>> + * indicate that the fs version is V5.
>> */
>> static void
>> xfs_sb_read_verify(
>> @@ -769,8 +774,12 @@ xfs_sb_read_verify(
>>
>> if (!xfs_verify_cksum(bp->b_addr, be16_to_cpu(dsb->sb_sectsize),
>> offsetof(struct xfs_sb, sb_crc))) {
>> - error = EFSCORRUPTED;
>> - goto out_error;
>> + /* Only fail bad secondaries on a known V5 filesystem */
>> + if (bp->b_bn != XFS_SB_DADDR&&
>> + xfs_sb_version_hascrc(&mp->m_sb)) {
>> + error = EFSCORRUPTED;
>> + goto out_error;
>> + }
>> }
>> }
>> error = xfs_sb_verify(bp, true);
>
> This moved to fs/xfs/xfs_sb.c in TOT, but the patch looks good to me.
Whoops, sorry. Thanks for the review. Want a resend?
(Any idea why your mail client eats spaces? "if (bp->b_bn != XFS_SB_DADDR&&"
isn't
in the original patch...)
> Reviewed-by: Mark Tinguely <tinguely@xxxxxxx>
Thanks,
-Eric
|