[PATCH 2/3] xfs: fix implicit padding in directory and attr CRC formats
Michael L. Semon
mlsemon35 at gmail.com
Wed Jun 12 20:40:47 CDT 2013
On 06/12/2013 08:58 PM, Ben Myers wrote:
> On Wed, Jun 12, 2013 at 12:19:07PM +1000, Dave Chinner wrote:
>> From: Dave Chinner <dchinner at redhat.com>
>>
>> Michael L. Semon has been testing CRC patches ona 32 bit system and
> on a
>
>> been seeing assert failures in the directory code from xfs/080.
>> Thanks to Michael's heroic efforts with printk debugging, we found
>> that the problem was that the last free space being left in the
>> directory structure was too small to fit a unused tag structure and
>> it was being corrupted and attempting to log a region out of bounds.
>> Hence the assert failure looked something like:
>>
>> .....
>> #5 calling xfs_dir2_data_log_unused() 36 32
>> #1 4092 4095 4096
>> #2 8182 8183 4096
> first?
> last?
> bp->b_length?
BBTOB(bp->b_length)
This is all terrible numbering on my part...
>> #1 4092 4095 4096
>> #2 8182 8183 4096
xfs_dir2_data_log_unused() calls xfs_trans_log_buf() twice in the same
function. #1 is the first call, #2 is the second call, and there's no
running count. The printk() is a copy-and-paste of those two function
calls plus a BBTOB(bp->b_length) below it.
>> #5 calling xfs_dir2_data_log_unused() 36 32
The #5 was caused by numbering all the calls to
xfs_dir2_data_log_unused() to see if one code path was being called
every time. #5 is in the xfs_dir2_data_use_free() function, starting
with this else-if...
else if (matchfront) {
newdup = (xfs_dir2_data_unused_t *)((char *)hdr + offset + len);
newdup->freetag = cpu_to_be16(XFS_DIR2_DATA_FREE_TAG);
newdup->length = cpu_to_be16(oldlen - len);
*xfs_dir2_data_unused_tag_p(newdup) =
cpu_to_be16((char *)newdup - (char *)hdr);
printk( KERN_INFO "#5 calling xfs_dir2_data_log_unused() %d %d\n", oldlen, len );
xfs_dir2_data_log_unused(tp, bp, newdup);
Sorry about that!
Michael
More information about the xfs
mailing list