Ext2 - ext3 unstable under 2.6.24: now solved (?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Could someone please check the following?

The ext2 and ext3 filesystems of 2.6.24 show many Oops and hangups. After debugging I found the following common cause:

In a new 2.6.24 function an unwanted sign-extension takes place in:

fs/ext2/dir.c

static inline unsigned ext2_rec_len_from_disk(__le16 dlen)
{
  unsigned len = le16_to_cpu(dlen);

  if (len == EXT2_MAX_REC_LEN)
      return 1 << 16;
  return len;
}

include/ext3_fs.h :

static inline unsigned ext3_rec_len_from_disk(__le16 dlen)
{
   unsigned len = le16_to_cpu(dlen);

   if (len == EXT3_MAX_REC_LEN)
       return 1 << 16;
   return len;
}

00A0 will be returned as 0xFFFFA000 !!

Many code which iterates through dirent's, uses the above function to determine the start of the next dirent.(ext2_dirent, ext3_dir_entry_2)
See fs/ext2/dir.c and fs/ext3/namei.c

As a test I replaced "le16_to_cpu()" by a simple:

static inline unsigned my_le16_to_cpu (__le16 value)
{
   return ((value & 0x00FF) << 8) | ((value & 0xFF00) >> 8);
}

It showed no more "negative" rec_len values which cause the crashes, and both ext2/3 now run stable.

Compiler: gcc version 4.1.2 (Ubuntu 4.1.2-0ubuntu4)
Kernel: 2.6.24.atmel.1
Platform: Atmel AP7000 CPU, compiling with "ARCH=avr32 CROSS_COMPILE=avr32-linux-"


Hein Tibosch


Haavard Skinnemoen wrote:
(Adding the ext2/ext3/ext4 list to Cc)

Note that the MMC/SD card driver in question, atmel-mci, is not in
mainline, and may be the real cause of this problem. But it looks like
there might be a potential problem in the ext3 code as well?

Haavard

On Thu, 21 Feb 2008 14:17:04 +0800
Hein_Tibosch <hein_tibosch@xxxxxxxx> wrote:

Hi James,


I've had all kinds of problems with the SD-card hooked to an NGW100, just as John Voltz reported earlier:

    http://www.avr32linux.org/archives/kernel/2007-November/000421.html
    http://www.avr32linux.org/archives/kernel/2007-November/000425.html

I debugged this problem and my conclusion is: using an SD-card may lead to both BUS-errors and a complete hanging of the system, with 2.6.23.atmel.5 as well as 2.6.24.atmel.1.

Both the driver for ext2 and ext3 are using this type of function to iterate through a array of inodes:

    static inline ext2_dirent *ext2_next_entry(ext2_dirent *p)
    {
        return (ext2_dirent *)((char*)p + le16_to_cpu(p->rec_len));
    }

    static inline struct ext3_dir_entry_2 *
        ext3_next_entry(struct ext3_dir_entry_2 *p)
    {
        return (struct ext3_dir_entry_2 *)((char *)p +
            ext3_rec_len_from_disk(p->rec_len));
    }


Sometimes, rec_len is checked for a zero-value, sometimes the entry is checked thoroughly for validity (like with ext2_check_page() or ext3_check_dir_entry()), but in other cases rec_len isn't checked at all! This is the case in e.g. fs/ext3/namei.c, function ext3_dx_find_entry(). This function is always enabled since 2.6.24 (CONFIG_EXT3_INDEX not used anymore).

I had a card on which at one place rec_len turned out to be a small negative number. When iterating, it would either cycle for ever (until WDT) or it could enter invalid memory (OOPS: BUS error).

( strange though that the rec_len appeared to have a negative number, I just did a "mkfs -t ext3" on Ubuntu. Could that be caused by the Atmel-driver? )

I don't yet feel qualified to make a patch for this, I only did it for myself. Maybe someone can pick this up: a validity check should be made before any call to xxx_next_entry().


Regards,

Hein Tibosch (HeinBali at avr32linux)



James Stewart wrote:
Hi,
I'm wondering if there are any known issues with booting from SD card on the ATNGW100 using this kernel. I get a bunch of ext2 looking errors and then a stack dump immediately after mounting VFS. 2.6.23.atmel.5 runs perfectly, however. This is just compiling using atngw100_defconfig. Thanks, James

------------------------------------------------

_______________________________________________
Kernel mailing list
Kernel@xxxxxxxxxxxxxx
http://duppen.flaskehals.net/cgi-bin/mailman/listinfo/kernel


--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux