From: Christoph Hellwig <hch@infradead.org>
To: "Darrick J. Wong" <darrick.wong@oracle.com>
Cc: linux-xfs@vger.kernel.org
Subject: Re: [PATCH 2/5] xfs: fix memory corruption during remote attr value buffer invalidation
Date: Fri, 10 Jan 2020 03:57:42 -0800 [thread overview]
Message-ID: <20200110115742.GD19577@infradead.org> (raw)
In-Reply-To: <157859549406.164065.17179006268680393660.stgit@magnolia>
> While running generic/103, I observed what looks like memory corruption
> and (with slub debugging turned on) a slub redzone warning on i386 when
> inactivating an inode with a 64k remote attr value.
>
> On a v5 filesystem, maximally sized remote attr values require one block
> more than 64k worth of space to hold both the remote attribute value
> header (64 bytes). On a 4k block filesystem this results in a 68k
> buffer; on a 64k block filesystem, this would be a 128k buffer. Note
> that even though we'll never use more than 65,600 bytes of this buffer,
> XFS_MAX_BLOCKSIZE is 64k.
>
> This is a problem because the definition of struct xfs_buf_log_format
> allows for XFS_MAX_BLOCKSIZE worth of dirty bitmap (64k). On i386 when we
> invalidate a remote attribute, xfs_trans_binval zeroes all 68k worth of
> the dirty map, writing right off the end of the log item and corrupting
> memory. We've gotten away with this on x86_64 for years because the
> compiler inserts a u32 padding on the end of struct xfs_buf_log_format.
>
> Fortunately for us, remote attribute values are written to disk with
> xfs_bwrite(), which is to say that they are not logged. Fix the problem
> by removing all places where we could end up creating a buffer log item
> for a remote attribute value and leave a note explaining why.
I think this changelog needs an explanation why using
xfs_attr_rmtval_stale which just trylock and checks if the buffers are
in core only in xfs_attr3_leaf_freextent is fine. And while the incore
part looks sane to me, I think the trylock is wrong and we need to pass
the locking flag to xfs_attr_rmtval_stale.
next prev parent reply other threads:[~2020-01-10 11:57 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-09 18:44 [PATCH v2 0/5] xfs: fix buf log item memory corruption on non-amd64 Darrick J. Wong
2020-01-09 18:44 ` [PATCH 1/5] xfs: refactor remote attr value buffer invalidation Darrick J. Wong
2020-01-10 11:55 ` Christoph Hellwig
2020-01-14 0:43 ` Darrick J. Wong
2020-01-09 18:44 ` [PATCH 2/5] xfs: fix memory corruption during " Darrick J. Wong
2020-01-10 11:57 ` Christoph Hellwig [this message]
2020-01-14 0:59 ` Darrick J. Wong
2020-01-09 18:45 ` [PATCH 3/5] xfs: clean up xfs_buf_item_get_format return value Darrick J. Wong
2020-01-10 11:58 ` Christoph Hellwig
2020-01-09 18:45 ` [PATCH 4/5] xfs: complain if anyone tries to create a too-large buffer log item Darrick J. Wong
2020-01-10 11:58 ` Christoph Hellwig
2020-01-09 18:45 ` [PATCH 5/5] xfs: make struct xfs_buf_log_format have a consistent size Darrick J. Wong
2020-01-10 11:59 ` Christoph Hellwig
2020-01-10 16:53 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200110115742.GD19577@infradead.org \
--to=hch@infradead.org \
--cc=darrick.wong@oracle.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.