From: Alli <allison.henderson@oracle.com>
To: Dave Chinner <david@fromorbit.com>
Cc: linux-xfs@vger.kernel.org
Subject: Re: [PATCH v1 01/17] xfs: Add larp state XFS_DAS_CREATE_FORK
Date: Wed, 15 Jun 2022 16:40:07 -0700 [thread overview]
Message-ID: <fe4ec2a3959af674b29557d82dedd7924f36406c.camel@oracle.com> (raw)
In-Reply-To: <20220615010932.GZ227878@dread.disaster.area>
On Wed, 2022-06-15 at 11:09 +1000, Dave Chinner wrote:
> On Sat, Jun 11, 2022 at 02:41:44AM -0700, Allison Henderson wrote:
> > Recent parent pointer testing has exposed a bug in the underlying
> > larp state machine. A replace operation may remove an old attr
> > before adding the new one, but if it is the only attr in the fork,
> > then the fork is removed. This later causes a null pointer in
> > xfs_attr_try_sf_addname which expects the fork present. This
> > patch adds an extra state to create the fork.
>
> Hmmmm.
>
> I thought I fixed those problems - in xfs_attr_sf_removename() there
> is this code:
>
> if (totsize == sizeof(xfs_attr_sf_hdr_t) && xfs_has_attr2(mp)
> &&
> (dp->i_df.if_format != XFS_DINODE_FMT_BTREE) &&
> !(args->op_flags & (XFS_DA_OP_ADDNAME |
> XFS_DA_OP_REPLACE))) {
> xfs_attr_fork_remove(dp, args->trans);
Hmm, ok, let me shuffle in some traces around there to see where things
fall off the rails
>
> A replace operation will have XFS_DA_OP_REPLACE set, and so the
> final remove from a sf directory will not remove the attr fork in
> this case. There is equivalent checks in the leaf/node remove name
> paths to avoid removing the attr fork if the last attr is removed
> while the attr fork is in those formats.
>
> How do you reproduce this issue?
>
Sure, you can apply this kernel set or download it here:
https://github.com/allisonhenderson/xfs/tree/xfs_new_pptrs
Next you'll need this xfsprogs that has the neccassary updates to run
parent pointers
https://github.com/allisonhenderson/xfsprogs/tree/xfsprogs_new_pptrs
To reproduce the bug, you'll need to apply a quick patch on the kernel
side:
diff --git a/fs/xfs/libxfs/xfs_attr.c b/fs/xfs/libxfs/xfs_attr.c
index b86188b63897..f279afd43462 100644
--- a/fs/xfs/libxfs/xfs_attr.c
+++ b/fs/xfs/libxfs/xfs_attr.c
@@ -741,8 +741,8 @@ xfs_attr_set_iter(
fallthrough;
case XFS_DAS_SF_ADD:
if (!args->dp->i_afp) {
- attr->xattri_dela_state = XFS_DAS_CREATE_FORK;
- goto next_state;
+// attr->xattri_dela_state = XFS_DAS_CREATE_FORK;
+// goto next_state;
}
return xfs_attr_sf_addname(attr);
case XFS_DAS_LEAF_ADD:
Lastly, you'll need Catherines parent pointer tests that she sent out a
day or so ago. Once you have that, just run the parent pointers test:
echo 1 > /sys/fs/xfs/debug/larp; ./check xfs/549
Dmesg below:
==================================================================
[ 365.288788] BUG: KASAN: null-ptr-deref in
xfs_attr_try_sf_addname+0x2a/0xd0 [xfs]
[ 365.289170] Read of size 1 at addr 000000000000002a by task
mount/23669
[ 365.289182] CPU: 10 PID: 23669 Comm: mount Tainted:
G E 5.18.0-rc2 #84
[ 365.289196] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS
VirtualBox 12/01/2006
[ 365.289202] Call Trace:
[ 365.289206] <TASK>
[ 365.289211] dump_stack_lvl+0x49/0x5f
[ 365.289232] print_report.cold+0x494/0x6b4
[ 365.289242] ? path_mount+0x641/0xfd0
[ 365.289258] ? __x64_sys_mount+0xca/0x110
[ 365.289265] ? do_syscall_64+0x3b/0x90
[ 365.289274] ? xfs_attr_try_sf_addname+0x2a/0xd0 [xfs]
[ 365.289649] kasan_report+0xa7/0x120
[ 365.289660] ? xfs_attr_try_sf_addname+0x2a/0xd0 [xfs]
[ 365.290034] __asan_load1+0x6a/0x70
[ 365.290048] xfs_attr_try_sf_addname+0x2a/0xd0 [xfs]
[ 365.290423] xfs_attr_set_iter+0x2f9/0x1510 [xfs]
[ 365.290801] ? xfs_init_attr_trans+0x130/0x130 [xfs]
[ 365.291178] ? kasan_poison+0x3c/0x50
[ 365.291187] ? kasan_unpoison+0x28/0x50
[ 365.291197] ? xfs_errortag_test+0x57/0x120 [xfs]
[ 365.291592] xfs_xattri_finish_update+0x66/0xd0 [xfs]
[ 365.292008] xfs_attr_finish_item+0x43/0x120 [xfs]
[ 365.292410] xfs_defer_finish_noroll+0x3c2/0xcc0 [xfs]
[ 365.292804] ? xfs_defer_cancel+0xc0/0xc0 [xfs]
[ 365.293184] ? kasan_quarantine_put+0x57/0x180
[ 365.293196] __xfs_trans_commit+0x333/0x610 [xfs]
[ 365.293599] ? xfs_trans_free_items+0x150/0x150 [xfs]
[ 365.293995] ? kvfree+0x28/0x30
[ 365.294004] ? kvfree+0x28/0x30
[ 365.294017] ? xfs_defer_ops_continue+0x1c5/0x280 [xfs]
[ 365.294401] xfs_trans_commit+0x10/0x20 [xfs]
[ 365.294797] xlog_finish_defer_ops+0x133/0x270 [xfs]
[ 365.295203] ? xlog_recover_free_trans+0x1c0/0x1c0 [xfs]
[ 365.295609] ? xfs_attr_finish_item+0x120/0x120 [xfs]
[ 365.296036] ? _raw_spin_lock+0x88/0xd7
[ 365.296044] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 365.296054] xlog_recover_process_intents+0x1f7/0x3e0 [xfs]
[ 365.296469] ? xlog_do_recover+0x290/0x290 [xfs]
[ 365.296757] ? __queue_delayed_work+0xdc/0x140
[ 365.296766] xlog_recover_finish+0x18/0x150 [xfs]
[ 365.296949] xfs_log_mount_finish+0x194/0x310 [xfs]
[ 365.297132] xfs_mountfs+0x957/0xeb0 [xfs]
[ 365.297313] ? xfs_mount_reset_sbqflags+0xa0/0xa0 [xfs]
[ 365.297494] ? xfs_filestream_put_ag+0x40/0x40 [xfs]
[ 365.297674] ? xfs_mru_cache_create+0x226/0x280 [xfs]
[ 365.297855] xfs_fs_fill_super+0x7f0/0xd20 [xfs]
[ 365.298034] get_tree_bdev+0x22e/0x360
[ 365.298041] ? xfs_fs_sync_fs+0x150/0x150 [xfs]
[ 365.298223] xfs_fs_get_tree+0x15/0x20 [xfs]
[ 365.298401] vfs_get_tree+0x4c/0x120
[ 365.298408] path_mount+0x641/0xfd0
[ 365.298411] ? putname+0x7c/0x90
[ 365.298416] ? finish_automount+0x2e0/0x2e0
[ 365.298419] ? kmem_cache_free+0x104/0x4d0
[ 365.298422] ? putname+0x7c/0x90
[ 365.298426] ? putname+0x7c/0x90
[ 365.298430] do_mount+0xd2/0xf0
[ 365.298433] ? path_mount+0xfd0/0xfd0
[ 365.298436] ? memdup_user+0x52/0x90
[ 365.298440] __x64_sys_mount+0xca/0x110
[ 365.298444] do_syscall_64+0x3b/0x90
[ 365.298448] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 365.298451] RIP: 0033:0x7f7e4e213cae
[ 365.298455] Code: 48 8b 0d e5 c1 0c 00 f7 d8 64 89 01 48 83 c8 ff c3
66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b2 c1 0c 00 f7 d8 64 89 01 48
[ 365.298459] RSP: 002b:00007ffee6811418 EFLAGS: 00000246 ORIG_RAX:
00000000000000a5
[ 365.298467] RAX: ffffffffffffffda RBX: 00007f7e4e345204 RCX:
00007f7e4e213cae
[ 365.298470] RDX: 000056006007db70 RSI: 000056006007dbb0 RDI:
000056006007db90
[ 365.298472] RBP: 000056006007d960 R08: 0000000000000000 R09:
00007ffee6810190
[ 365.298475] R10: 0000000000000000 R11: 0000000000000246 R12:
0000000000000000
[ 365.298477] R13: 000056006007db90 R14: 000056006007db70 R15:
000056006007d960
> > Additionally the new state will be used by parent pointers which
> > need to add attributes to newly created inodes that do not yet
> > have a fork.
>
> We already have the capability of doing that in xfs_init_new_inode()
> by passing in init_xattrs == true. So when we are creating a new
> inode with parent pointers enabled, we know that we are going to be
> creating an xattr on the inode and so we should always set
> init_xattrs in that case.
Hmm, ok. I'll add some tracing around in there too, if I back out the
entire first patch, we crash out earlier in recovery path because no
state is set. If we enter xfs_attri_item_recover with no fork, we end
up in the following switch:
case
XFS_ATTRI_OP_FLAGS_REPLACE:
args->value = nv-
>value.i_addr;
args->valuelen = nv-
>value.i_len;
args->total = xfs_attr_calc_size(args,
&local);
if (xfs_inode_hasattr(args-
>dp))
attr->xattri_dela_state =
xfs_attr_init_replace_state(args);
else
attr->xattri_dela_state =
xfs_attr_init_add_state(args);
break;
Which will leave the state unset if the fork is absent.
>
> This should avoid the need for parent pointers to ever need to run
> an extra transaction to create the attr fork. Hence, AFAICT, this
> new state to handle attr fork creation shouldn't ever be needed for
> parent pointers....
>
> What am I missing?
>
I hope the description helped? I'll do some more poking around too and
post back if I find anything else.
Allison
> Cheers,
>
> Dave.
next prev parent reply other threads:[~2022-06-15 23:40 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-11 9:41 [PATCH v1 00/17] Return of the Parent Pointers Allison Henderson
2022-06-11 9:41 ` [PATCH v1 01/17] xfs: Add larp state XFS_DAS_CREATE_FORK Allison Henderson
2022-06-15 1:09 ` Dave Chinner
2022-06-15 23:40 ` Alli [this message]
2022-06-16 2:08 ` Dave Chinner
2022-06-16 5:32 ` Dave Chinner
2022-06-29 6:33 ` Alli
2022-06-30 0:40 ` Darrick J. Wong
2022-06-11 9:41 ` [PATCH v1 02/17] xfs: Hold inode locks in xfs_ialloc Allison Henderson
2022-06-29 18:28 ` Darrick J. Wong
2022-06-11 9:41 ` [PATCH v1 03/17] xfs: get directory offset when adding directory name Allison Henderson
2022-06-29 18:29 ` Darrick J. Wong
2022-06-11 9:41 ` [PATCH v1 04/17] xfs: get directory offset when removing " Allison Henderson
2022-06-29 18:30 ` Darrick J. Wong
2022-06-11 9:41 ` [PATCH v1 05/17] xfs: get directory offset when replacing a " Allison Henderson
2022-06-29 18:30 ` Darrick J. Wong
2022-06-11 9:41 ` [PATCH v1 06/17] xfs: add parent pointer support to attribute code Allison Henderson
2022-06-29 18:33 ` Darrick J. Wong
2022-06-29 18:58 ` Alli
2022-06-11 9:41 ` [PATCH v1 07/17] xfs: define parent pointer xattr format Allison Henderson
2022-06-29 18:34 ` Darrick J. Wong
2022-06-11 9:41 ` [PATCH v1 08/17] xfs: Add xfs_verify_pptr Allison Henderson
2022-06-29 18:35 ` Darrick J. Wong
2022-06-11 9:41 ` [PATCH v1 09/17] xfs: extent transaction reservations for parent attributes Allison Henderson
2022-06-16 5:38 ` Dave Chinner
2022-06-18 0:31 ` Alli
2022-06-29 18:37 ` Darrick J. Wong
2022-06-29 19:23 ` Alli
2022-06-11 9:41 ` [PATCH v1 10/17] xfs: parent pointer attribute creation Allison Henderson
2022-06-11 15:10 ` kernel test robot
2022-06-16 5:49 ` Dave Chinner
2022-06-18 0:32 ` Alli
2022-06-29 18:41 ` Darrick J. Wong
2022-06-30 1:29 ` Alli
2022-06-11 9:41 ` [PATCH v1 11/17] xfs: add parent attributes to link Allison Henderson
2022-06-16 22:39 ` Dave Chinner
2022-06-18 0:32 ` Alli
2022-06-29 18:09 ` Darrick J. Wong
2022-06-11 9:41 ` [PATCH v1 12/17] xfs: remove parent pointers in unlink Allison Henderson
2022-06-29 17:35 ` Darrick J. Wong
2022-06-11 9:41 ` [PATCH v1 13/17] xfs: Add parent pointers to rename Allison Henderson
2022-06-29 18:02 ` Darrick J. Wong
2022-06-11 9:41 ` [PATCH v1 14/17] xfs: Add the parent pointer support to the superblock version 5 Allison Henderson
2022-06-16 6:03 ` Dave Chinner
2022-06-18 0:32 ` Alli
2022-06-20 0:21 ` Dave Chinner
2022-06-29 18:16 ` Darrick J. Wong
2022-06-11 9:41 ` [PATCH v1 15/17] xfs: Add helper function xfs_attr_list_context_init Allison Henderson
2022-06-29 18:42 ` Darrick J. Wong
2022-06-30 1:30 ` Alli
2022-06-11 9:41 ` [PATCH v1 16/17] xfs: Increase XFS_DEFER_OPS_NR_INODES to 4 Allison Henderson
2022-06-16 21:54 ` Dave Chinner
2022-06-18 0:32 ` Alli
2022-06-29 18:43 ` Darrick J. Wong
2022-06-30 1:30 ` Alli
2022-06-11 9:42 ` [PATCH v1 17/17] xfs: Add parent pointer ioctl Allison Henderson
2022-06-29 18:52 ` Darrick J. Wong
2022-06-30 1:30 ` Alli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fe4ec2a3959af674b29557d82dedd7924f36406c.camel@oracle.com \
--to=allison.henderson@oracle.com \
--cc=david@fromorbit.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.