From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72B97C433EF for ; Thu, 16 Dec 2021 00:24:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232316AbhLPAYI (ORCPT ); Wed, 15 Dec 2021 19:24:08 -0500 Received: from mail106.syd.optusnet.com.au ([211.29.132.42]:42469 "EHLO mail106.syd.optusnet.com.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229517AbhLPAYH (ORCPT ); Wed, 15 Dec 2021 19:24:07 -0500 Received: from dread.disaster.area (pa49-181-243-119.pa.nsw.optusnet.com.au [49.181.243.119]) by mail106.syd.optusnet.com.au (Postfix) with ESMTPS id C66E886B119 for ; Thu, 16 Dec 2021 11:24:05 +1100 (AEDT) Received: from dave by dread.disaster.area with local (Exim 4.92.3) (envelope-from ) id 1mxeYW-003YkX-D3 for linux-xfs@vger.kernel.org; Thu, 16 Dec 2021 11:23:32 +1100 Date: Thu, 16 Dec 2021 11:23:32 +1100 From: Dave Chinner To: linux-xfs@vger.kernel.org Subject: Re: [PATCH] xfs: check sb_meta_uuid for dabuf buffer recovery Message-ID: <20211216002332.GU449541@dread.disaster.area> References: <20211216001709.3451729-1-david@fromorbit.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20211216001709.3451729-1-david@fromorbit.com> X-Optus-CM-Score: 0 X-Optus-CM-Analysis: v=2.4 cv=epq8cqlX c=1 sm=1 tr=0 ts=61ba8726 a=BEa52nrBdFykVEm6RU8P4g==:117 a=BEa52nrBdFykVEm6RU8P4g==:17 a=kj9zAlcOel0A:10 a=IOMw9HtfNCkA:10 a=20KFwNOVAAAA:8 a=7-415B0cAAAA:8 a=T2dUF9uMBGLEABF67zsA:9 a=CjuIK1q_8ugA:10 a=biEYGPWJfzWAr4FL6Ov7:22 Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org On Thu, Dec 16, 2021 at 11:17:09AM +1100, Dave Chinner wrote: > From: Dave Chinner > > Got a report that a repeated crash test of a container host would > eventually fail with a log recovery error preventing the system from > mounting the root filesystem. It manifested as a directory leaf node > corruption on writeback like so: > > XFS (loop0): Mounting V5 Filesystem > XFS (loop0): Starting recovery (logdev: internal) > XFS (loop0): Metadata corruption detected at xfs_dir3_leaf_check_int+0x99/0xf0, xfs_dir3_leaf1 block 0x12faa158 > XFS (loop0): Unmount and run xfs_repair > XFS (loop0): First 128 bytes of corrupted metadata buffer: > 00000000: 00 00 00 00 00 00 00 00 3d f1 00 00 e1 9e d5 8b ........=....... > 00000010: 00 00 00 00 12 fa a1 58 00 00 00 29 00 00 1b cc .......X...).... > 00000020: 91 06 78 ff f7 7e 4a 7d 8d 53 86 f2 ac 47 a8 23 ..x..~J}.S...G.# > 00000030: 00 00 00 00 17 e0 00 80 00 43 00 00 00 00 00 00 .........C...... > 00000040: 00 00 00 2e 00 00 00 08 00 00 17 2e 00 00 00 0a ................ > 00000050: 02 35 79 83 00 00 00 30 04 d3 b4 80 00 00 01 50 .5y....0.......P > 00000060: 08 40 95 7f 00 00 02 98 08 41 fe b7 00 00 02 d4 .@.......A...... > 00000070: 0d 62 ef a7 00 00 01 f2 14 50 21 41 00 00 00 0c .b.......P!A.... > XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_do_force_shutdown+0x1a/0x20 (fs/xfs/xfs_buf.c:1514). Shutting down. > XFS (loop0): Please unmount the filesystem and rectify the problem(s) > XFS (loop0): log mount/recovery failed: error -117 > XFS (loop0): log mount failed > > Tracing indicated that we were recovering changes from a transaction > at LSN 0x29/0x1c16 into a buffer that had an LSN of 0x29/0x1d57. > That is, log recovery was overwriting a buffer with newer changes on > disk than was in the transaction. Tracing indicated that we were > hitting the "recovery immediately" case in > xfs_buf_log_recovery_lsn(), and hence it was ignoring the LSN in the ^^^^^^^^^^^^^^^^^^^^^^^^^^ xlog_recover_get_buf_lsn() > buffer. > > The code was extracting the LSN correctly, then ignoring it because > the UUID in the buffer did not match the superblock UUID. The > problem arises because the UUID check uses the wrong UUID - it > should be checking the sb_meta_uuid, not sb_uuid. This filesystem > has sb_uuid != sb_meta_uuid (which is fine), and the buffer has the > correct matching sb_meta_uuid in it, it's just the code checked it > against the wrong superblock uuid. > > The is no corruption in the filesystem, and failing to recover the > buffer due to a write verifier failure means the recovery bug did > not propagate the corruption to disk. Hence there is no corruption > before or after this bug has manifested, the impact is limited > simply to an unmountable filesystem.... > > This was missed back in 2015 during an audit of incorrect sb_uuid > usage that resulted in commit fcfbe2c4ef42 ("xfs: log recovery needs > to validate against sb_meta_uuid") that fixed the magic32 buffers to > validate against sb_meta_uuid instead of sb_uuid. It missed the > magicda buffers.... > > Fixes: ce748eaa65f2 ("xfs: create new metadata UUID field and incompat flag") > Signed-off-by: Dave Chinner > --- > fs/xfs/xfs_buf_item_recover.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/xfs/xfs_buf_item_recover.c b/fs/xfs/xfs_buf_item_recover.c > index 70ca5751b13e..e484251dc9c8 100644 > --- a/fs/xfs/xfs_buf_item_recover.c > +++ b/fs/xfs/xfs_buf_item_recover.c > @@ -816,7 +816,7 @@ xlog_recover_get_buf_lsn( > } > > if (lsn != (xfs_lsn_t)-1) { > - if (!uuid_equal(&mp->m_sb.sb_uuid, uuid)) > + if (!uuid_equal(&mp->m_sb.sb_meta_uuid, uuid)) > goto recover_immediately; > return lsn; > } > -- > 2.33.0 > > -- Dave Chinner david@fromorbit.com