[PATCH] xfs: overflow in xfs_iomap_eof_align_last_fsb

Dave Chinner david at fromorbit.com
Tue Nov 25 17:18:28 CST 2014 

On Mon, Nov 24, 2014 at 02:06:13PM -0500, Peter Watkins wrote:
> Someone else may have run into this already, if not please take
> a look.
> 
>  Peter
> 
> If extsize is set and new_last_fsb is larger than 32 bits, the
> roundup to extsize will overflow the align variable. Instead,
> combine alignments by rounding extsize hint up to stripe size.

Change of allocator behaviour that will cause significant problems
for applications that depend on deterministic behaviour from the
extent size hint.

i.e. The extsize hint is supposed to override all other alignments
that are made - extent size hints are effectively a "unit of
allocation".  Hence we round up to stripe unit/width, then apply the
extent size hint alignment so that extent sizes are always aligned
to the extent size hint....

....
> @@ -52,7 +52,7 @@ xfs_iomap_eof_align_last_fsb(
>  	xfs_extlen_t	extsize,
>  	xfs_fileoff_t	*last_fsb)
>  {
> -	xfs_fileoff_t	new_last_fsb = 0;
> +	xfs_fileoff_t	new_last_fsb;

That can be declared in the context that uses it now.

>  	xfs_extlen_t	align = 0;
>  	int		eof, error;
>  
> @@ -70,23 +70,24 @@ xfs_iomap_eof_align_last_fsb(
>  		else if (mp->m_dalign)
>  			align = mp->m_dalign;
>  
> -		if (align && XFS_ISIZE(ip) >= XFS_FSB_TO_B(mp, align))
> -			new_last_fsb = roundup_64(*last_fsb, align);
> +		if (align && XFS_ISIZE(ip) < XFS_FSB_TO_B(mp, align))
> +			align = 0;
>  	}
>  
>  	/*
> -	 * Always round up the allocation request to an extent boundary
> -	 * (when file on a real-time subvolume or has di_extsize hint).
> +	 * Round up the allocation request to an extent boundary. If
> +	 * already aligned to a stripe, round extsize up to a stripe
> +	 * boundary.
>  	 */

Drop the comment change...

>  	if (extsize) {
> -		if (new_last_fsb)
> -			align = roundup_64(new_last_fsb, extsize);
> +		if (align)
> +			align = roundup_64(extsize, align);

			align = roundup(align, extsize);

>  		else
>  			align = extsize;
> -		new_last_fsb = roundup_64(*last_fsb, align);
>  	}
>  
> -	if (new_last_fsb) {
> +	if (align) {
> +		new_last_fsb = roundup_64(*last_fsb, align);

		xfs_fileoff_t	new_last_fsb = roundup_64(*last_fsb, align);

>  		error = xfs_bmap_eof(ip, new_last_fsb, XFS_DATA_FORK, &eof);
>  		if (error)
>  			return error;

Cheers,

Dave.
-- 
Dave Chinner
david at fromorbit.com

More information about the xfs mailing list