From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: Eric Sandeen <sandeen@sandeen.net>
Cc: sandeen@redhat.com, linux-xfs@vger.kernel.org
Subject: Re: [PATCH v10 1/5] xfs_db: sanitize agcount on load
Date: Wed, 25 Jan 2017 17:27:32 -0800 [thread overview]
Message-ID: <20170126012732.GQ9134@birch.djwong.org> (raw)
In-Reply-To: <e8855324-a91e-60c0-26c2-40b437b78696@sandeen.net>
On Wed, Jan 25, 2017 at 07:17:56PM -0600, Eric Sandeen wrote:
> Before we get into libxfs_initialize_perag and try to blindly
> allocate a perag struct for every (possibly corrupted number of)
> AGs, see if we can read the last one. If not, assume it's corrupt,
> and load only the first AG.
>
> Do this only for an arbitrarily high-ish agcount, so that normal-ish
> geometry on a possibly truncated file or device will still do
> its best to make all readable AGs available.
>
> Set xfs_db's exitcode to 1 if this happens.
>
> Also teach metadump to detect this and exit appropriately if
> truncated, as it resets exitcode to 0 for its own purposes internally.
>
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
> ---
>
> v1->v6: Tale of woe.
> v7: blow it all up
> v8: use bare libxfs_readbuf so verifiers don't matter,
> "ours goes to 1 million!"
> v9: Fix printf format, exit metadump with error if things look wonky.
> v10: set exitcode to 1 in init().
>
> diff --git a/db/init.c b/db/init.c
> index ec1e274..59fc3e0 100644
> --- a/db/init.c
> +++ b/db/init.c
> @@ -58,6 +58,7 @@ init(
> {
> struct xfs_sb *sbp;
> struct xfs_buf *bp;
> + unsigned int agcount;
> int c;
>
> setlocale(LC_ALL, "");
> @@ -148,6 +149,7 @@ init(
> }
> }
>
> + agcount = sbp->sb_agcount;
> mp = libxfs_mount(&xmount, sbp, x.ddev, x.logdev, x.rtdev,
> LIBXFS_MOUNT_DEBUGGER);
> if (!mp) {
> @@ -159,6 +161,10 @@ init(
> mp->m_log = &xlog;
> blkbb = 1 << mp->m_blkbb_log;
>
> + /* Did we limit a broken agcount in libxfs_mount? */
> + if (sbp->sb_agcount != agcount)
> + exitcode = 1;
> +
> /*
> * xfs_check needs corrected incore superblock values
> */
> diff --git a/db/metadump.c b/db/metadump.c
> index 1ba6b38..38519f1 100644
> --- a/db/metadump.c
> +++ b/db/metadump.c
> @@ -2760,6 +2760,16 @@ metadump_f(
> return 0;
> }
>
> + /*
> + * on load, we sanity-checked agcount and possibly set to 1
> + * if it was corrupted and large.
> + */
> + if (mp->m_sb.sb_agcount == 1 &&
> + XFS_MAX_DBLOCKS(&mp->m_sb) < mp->m_sb.sb_dblocks) {
> + print_warning("truncated agcount, giving up");
> + return 0;
> + }
> +
> while ((c = getopt(argc, argv, "aegm:ow")) != EOF) {
> switch (c) {
> case 'a':
> diff --git a/libxfs/init.c b/libxfs/init.c
> index a08575a..85e0d15 100644
> --- a/libxfs/init.c
> +++ b/libxfs/init.c
> @@ -817,6 +817,29 @@ libxfs_mount(
> return NULL;
> }
>
> + /*
> + * libxfs_initialize_perag will allocate a perag structure for each ag.
> + * If agcount is corrupted and insanely high, this will OOM the box.
> + * If the agount seems (arbitrarily) high, try to read what would be
> + * the last AG, and if that fails for a relatively high agcount, just
> + * read the first one and let the user know to check the geometry.
> + */
> + if (sbp->sb_agcount > 1000000) {
> + bp = libxfs_readbuf(mp->m_dev,
> + XFS_AG_DADDR(mp, sbp->sb_agcount - 1, 0), 1,
> + !(flags & LIBXFS_MOUNT_DEBUGGER), NULL);
> + if (bp->b_error) {
> + fprintf(stderr, _("%s: read of AG %u failed\n"),
> + progname, sbp->sb_agcount);
> + if (!(flags & LIBXFS_MOUNT_DEBUGGER))
> + return NULL;
> + fprintf(stderr, _("%s: limiting reads to AG 0\n"),
> + progname);
> + sbp->sb_agcount = 1;
> + }
> + libxfs_putbuf(bp);
> + }
> +
> error = libxfs_initialize_perag(mp, sbp->sb_agcount, &mp->m_maxagi);
> if (error) {
> fprintf(stderr, _("%s: perag init failed\n"),
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-01-26 1:27 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-20 20:25 [PATCH 0/5] xfsprogs: miscellaneous cleanups Darrick J. Wong
2017-01-20 20:25 ` [PATCH 1/5] xfs_db: sanitize geometry on load Darrick J. Wong
2017-01-20 23:33 ` Eric Sandeen
2017-01-21 0:15 ` [PATCH v5 " Darrick J. Wong
2017-01-23 20:02 ` Eric Sandeen
2017-01-23 20:35 ` Darrick J. Wong
2017-01-23 21:30 ` Darrick J. Wong
2017-01-23 21:31 ` [PATCH v6 " Darrick J. Wong
2017-01-24 22:38 ` Eric Sandeen
2017-01-24 22:52 ` [PATCH v7 1/5] xfs_db: sanitize agcount " Eric Sandeen
2017-01-25 0:21 ` Darrick J. Wong
2017-01-25 0:55 ` Eric Sandeen
2017-01-25 3:09 ` [PATCH v8 " Eric Sandeen
2017-01-25 4:48 ` Darrick J. Wong
2017-01-26 1:05 ` [PATCH v9 " Eric Sandeen
2017-01-26 1:17 ` [PATCH v10 " Eric Sandeen
2017-01-26 1:27 ` Darrick J. Wong [this message]
2017-01-20 20:25 ` [PATCH 2/5] xfs_db: fix the 'source' command when passed as a -c option Darrick J. Wong
2017-01-23 22:29 ` Eric Sandeen
2017-01-23 23:39 ` Darrick J. Wong
2017-01-23 23:41 ` [PATCH v2 " Darrick J. Wong
2017-01-20 20:25 ` [PATCH 3/5] xfs_repair: strengthen geometry checks Darrick J. Wong
2017-01-23 23:47 ` Eric Sandeen
2017-01-24 0:13 ` Darrick J. Wong
2017-01-24 0:29 ` Eric Sandeen
2017-01-24 0:55 ` [PATCH v2 " Darrick J. Wong
2017-01-20 20:25 ` [PATCH 4/5] xfs_repair: zero shared_vn Darrick J. Wong
2017-01-20 22:20 ` Eric Sandeen
2017-01-20 22:51 ` Darrick J. Wong
2017-01-20 22:52 ` [PATCH v2 " Darrick J. Wong
2017-01-20 23:08 ` Eric Sandeen
2017-01-21 0:08 ` Darrick J. Wong
2017-01-21 0:09 ` [PATCH v3 " Darrick J. Wong
2017-01-24 2:38 ` Eric Sandeen
2017-01-20 20:25 ` [PATCH 5/5] xfs_repair: trash dirattr btrees that cycle to the root Darrick J. Wong
2017-01-24 3:03 ` Eric Sandeen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170126012732.GQ9134@birch.djwong.org \
--to=darrick.wong@oracle.com \
--cc=linux-xfs@vger.kernel.org \
--cc=sandeen@redhat.com \
--cc=sandeen@sandeen.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.