From: Amir Goldstein <amir73il@gmail.com>
To: "Darrick J . Wong" <djwong@kernel.org>
Cc: Leah Rumancik <leah.rumancik@gmail.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Dave Chinner <david@fromorbit.com>,
Christoph Hellwig <hch@lst.de>,
Christian Brauner <christian.brauner@ubuntu.com>,
linux-xfs@vger.kernel.org, fstests@vger.kernel.org,
Dave Chinner <dchinner@redhat.com>
Subject: [PATCH 5.10 CANDIDATE 05/11] xfs: check sb_meta_uuid for dabuf buffer recovery
Date: Fri, 17 Jun 2022 13:06:35 +0300 [thread overview]
Message-ID: <20220617100641.1653164-6-amir73il@gmail.com> (raw)
In-Reply-To: <20220617100641.1653164-1-amir73il@gmail.com>
From: Dave Chinner <dchinner@redhat.com>
commit 09654ed8a18cfd45027a67d6cbca45c9ea54feab upstream.
Got a report that a repeated crash test of a container host would
eventually fail with a log recovery error preventing the system from
mounting the root filesystem. It manifested as a directory leaf node
corruption on writeback like so:
XFS (loop0): Mounting V5 Filesystem
XFS (loop0): Starting recovery (logdev: internal)
XFS (loop0): Metadata corruption detected at xfs_dir3_leaf_check_int+0x99/0xf0, xfs_dir3_leaf1 block 0x12faa158
XFS (loop0): Unmount and run xfs_repair
XFS (loop0): First 128 bytes of corrupted metadata buffer:
00000000: 00 00 00 00 00 00 00 00 3d f1 00 00 e1 9e d5 8b ........=.......
00000010: 00 00 00 00 12 fa a1 58 00 00 00 29 00 00 1b cc .......X...)....
00000020: 91 06 78 ff f7 7e 4a 7d 8d 53 86 f2 ac 47 a8 23 ..x..~J}.S...G.#
00000030: 00 00 00 00 17 e0 00 80 00 43 00 00 00 00 00 00 .........C......
00000040: 00 00 00 2e 00 00 00 08 00 00 17 2e 00 00 00 0a ................
00000050: 02 35 79 83 00 00 00 30 04 d3 b4 80 00 00 01 50 .5y....0.......P
00000060: 08 40 95 7f 00 00 02 98 08 41 fe b7 00 00 02 d4 .@.......A......
00000070: 0d 62 ef a7 00 00 01 f2 14 50 21 41 00 00 00 0c .b.......P!A....
XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_do_force_shutdown+0x1a/0x20 (fs/xfs/xfs_buf.c:1514). Shutting down.
XFS (loop0): Please unmount the filesystem and rectify the problem(s)
XFS (loop0): log mount/recovery failed: error -117
XFS (loop0): log mount failed
Tracing indicated that we were recovering changes from a transaction
at LSN 0x29/0x1c16 into a buffer that had an LSN of 0x29/0x1d57.
That is, log recovery was overwriting a buffer with newer changes on
disk than was in the transaction. Tracing indicated that we were
hitting the "recovery immediately" case in
xfs_buf_log_recovery_lsn(), and hence it was ignoring the LSN in the
buffer.
The code was extracting the LSN correctly, then ignoring it because
the UUID in the buffer did not match the superblock UUID. The
problem arises because the UUID check uses the wrong UUID - it
should be checking the sb_meta_uuid, not sb_uuid. This filesystem
has sb_uuid != sb_meta_uuid (which is fine), and the buffer has the
correct matching sb_meta_uuid in it, it's just the code checked it
against the wrong superblock uuid.
The is no corruption in the filesystem, and failing to recover the
buffer due to a write verifier failure means the recovery bug did
not propagate the corruption to disk. Hence there is no corruption
before or after this bug has manifested, the impact is limited
simply to an unmountable filesystem....
This was missed back in 2015 during an audit of incorrect sb_uuid
usage that resulted in commit fcfbe2c4ef42 ("xfs: log recovery needs
to validate against sb_meta_uuid") that fixed the magic32 buffers to
validate against sb_meta_uuid instead of sb_uuid. It missed the
magicda buffers....
Fixes: ce748eaa65f2 ("xfs: create new metadata UUID field and incompat flag")
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
fs/xfs/xfs_buf_item_recover.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/xfs/xfs_buf_item_recover.c b/fs/xfs/xfs_buf_item_recover.c
index d44e8b4a3391..1d649462d731 100644
--- a/fs/xfs/xfs_buf_item_recover.c
+++ b/fs/xfs/xfs_buf_item_recover.c
@@ -805,7 +805,7 @@ xlog_recover_get_buf_lsn(
}
if (lsn != (xfs_lsn_t)-1) {
- if (!uuid_equal(&mp->m_sb.sb_uuid, uuid))
+ if (!uuid_equal(&mp->m_sb.sb_meta_uuid, uuid))
goto recover_immediately;
return lsn;
}
--
2.25.1
next prev parent reply other threads:[~2022-06-17 10:07 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-17 10:06 [PATCH 5.10 CANDIDATE 00/11] xfs stable candidate patches for 5.10.y (v5.15+) Amir Goldstein
2022-06-17 10:06 ` [PATCH 5.10 CANDIDATE 01/11] xfs: use kmem_cache_free() for kmem_cache objects Amir Goldstein
2022-06-17 10:06 ` [PATCH 5.10 CANDIDATE 02/11] xfs: punch out data fork delalloc blocks on COW writeback failure Amir Goldstein
2022-06-17 10:06 ` [PATCH 5.10 CANDIDATE 03/11] xfs: Fix the free logic of state in xfs_attr_node_hasname Amir Goldstein
2022-06-22 16:32 ` Darrick J. Wong
2022-06-22 18:46 ` Amir Goldstein
2022-06-22 21:50 ` Darrick J. Wong
2022-06-17 10:06 ` [PATCH 5.10 CANDIDATE 04/11] xfs: remove all COW fork extents when remounting readonly Amir Goldstein
2022-06-17 10:06 ` Amir Goldstein [this message]
2022-06-17 10:06 ` [PATCH 5.10 CANDIDATE 06/11] xfs: refactor xfs_file_fsync Amir Goldstein
2022-06-17 10:06 ` [PATCH 5.10 CANDIDATE 07/11] xfs: xfs_log_force_lsn isn't passed a LSN Amir Goldstein
2022-06-22 16:45 ` Darrick J. Wong
2022-06-22 17:09 ` Amir Goldstein
2022-06-17 10:06 ` [PATCH 5.10 CANDIDATE 08/11] xfs: prevent UAF in xfs_log_item_in_current_chkpt Amir Goldstein
2022-06-17 10:06 ` [PATCH 5.10 CANDIDATE 09/11] xfs: only bother with sync_filesystem during readonly remount Amir Goldstein
2022-06-22 16:38 ` Darrick J. Wong
2022-06-22 16:54 ` Amir Goldstein
2022-06-22 23:42 ` Darrick J. Wong
2022-06-23 6:38 ` Amir Goldstein
2022-06-17 10:06 ` [PATCH 5.10 CANDIDATE 10/11] xfs: fix up non-directory creation in SGID directories Amir Goldstein
2022-06-17 10:06 ` [PATCH 5.10 CANDIDATE 11/11] xfs: use setattr_copy to set vfs inode attributes Amir Goldstein
2022-06-22 16:41 ` Darrick J. Wong
2022-06-22 18:36 ` Amir Goldstein
2022-06-22 22:17 ` Leah Rumancik
2022-06-23 4:22 ` Amir Goldstein
2022-06-22 23:45 ` [PATCH 5.10 CANDIDATE 00/11] xfs stable candidate patches for 5.10.y (v5.15+) Darrick J. Wong
2022-06-23 7:33 ` Amir Goldstein
2022-06-23 16:05 ` Darrick J. Wong
2022-07-24 8:36 ` Amir Goldstein
2022-07-26 2:10 ` Darrick J. Wong
2022-07-26 8:41 ` Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220617100641.1653164-6-amir73il@gmail.com \
--to=amir73il@gmail.com \
--cc=christian.brauner@ubuntu.com \
--cc=david@fromorbit.com \
--cc=dchinner@redhat.com \
--cc=djwong@kernel.org \
--cc=fstests@vger.kernel.org \
--cc=hch@lst.de \
--cc=leah.rumancik@gmail.com \
--cc=linux-xfs@vger.kernel.org \
--cc=mcgrof@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.