Re: [PATCH 2/2] ext4: correct the judgment of BUG in ext4_mb_normalize_request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



在 2022/5/24 17:30, Jan Kara 写道:
On Mon 23-05-22 21:04:16, libaokun (A) wrote:
在 2022/5/23 17:40, Jan Kara 写道:
On Sat 21-05-22 21:42:17, Baokun Li wrote:
When either of the "start + size <= ac->ac_o_ex.fe_logical" or
"start > ac->ac_o_ex.fe_logical" conditions is met, it indicates
that the fe_logical is not in the allocated range.
In this case, it should be bug_ON.

Fixes: dfe076c106f6 ("ext4: get rid of code duplication")
Signed-off-by: Baokun Li<libaokun1@xxxxxxxxxx>
I think this is actually wrong. The original condition checks whether
start + size does not overflow the used integer type. Your condition is
much stronger and I don't think it always has to be true. E.g. allocation
goal block (start variable) can be pushed to larger values by existing
preallocation or so.

								Honza

I think there are two reasons for this:

First of all, the code here is as follows.
```
         size = end - start;
         [...]
if (start + size <= ac->ac_o_ex.fe_logical &&
                         start > ac->ac_o_ex.fe_logical) {
                 ext4_msg(ac->ac_sb, KERN_ERR,
                          "start %lu, size %lu, fe_logical %lu",
                          (unsigned long) start, (unsigned long) size,
                          (unsigned long) ac->ac_o_ex.fe_logical);
BUG();
}
         BUG_ON(size <= 0 || size > EXT4_BLOCKS_PER_GROUP(ac->ac_sb));
```
First of all, there is no need to compare with ac_o_ex.fe_logical if it is
to determine whether there is an overflow.
Because the previous logic guarantees start < = ac_o_ex.fe_logical, and
How does it guarantee that? The logic:

         if (ar->pleft && start <= ar->lleft) {
                 size -= ar->lleft + 1 - start;
                 start = ar->lleft + 1;
         }

can move 'start' to further blocks...
This is not the case. According to the code of the preceding process,
ar->pleft and ar->pright are assigned values in ext4_ext_map_blocks.
ar->pleft is the first allocated block found to the left by map->m_lblk (that is, fe_logical),
and ar->pright is the first allocated block found to the right.
ar->lleft and ar->lright are logical block numbers, so there must be "ar->lleft < ac_o_ex.fe_logical < ar->lright".

limits the scope of size in
"BUG_ON (size < = 0 | | size > EXT4_BLOCKS_PER_GROUP (ac- > ac_sb))"
immediately following.
OK, but what guarantees that ac_o_ex.fe_logical < UINT_MAX - size?
When ac_o_ex.fe_logical is too large to overflow, predict filesize enters the last branch.
In this case, start = ac->ac_o_ex.fe_logical and size = ac->ac_o_ex.fe_len.
However, the overflow is checked in ext4_ext_check_overlap of ext4_ext_map_blocks.
The code is as follows:
```
1898         /* check for wrap through zero on extent logical start block*/
1899         if (b1 + len1 < b1) {
1900                 len1 = EXT_MAX_BLOCKS - b1;
1901                 newext->ee_len = cpu_to_le16(len1);
1902                 ret = 1;
1903         }
```
Therefore, no overflow occurs.

Secondly, the following code flow also reflects this logic.

            ext4_mb_normalize_request
             >>> start + size <= ac->ac_o_ex.fe_logical
            ext4_mb_regular_allocator
             ext4_mb_simple_scan_group
              ext4_mb_use_best_found
               ext4_mb_new_preallocation
                ext4_mb_new_inode_pa
                 ext4_mb_use_inode_pa
                  >>> set ac->ac_b_ex.fe_len <= 0
            ext4_mb_mark_diskspace_used
             >>> BUG_ON(ac->ac_b_ex.fe_len <= 0);

In ext4_mb_use_inode_pa, you have the following code.
```
start = pa->pa_pstart + (ac->ac_o_ex.fe_logical - pa->pa_lstart);
end = min(pa->pa_pstart + EXT4_C2B(sbi, pa->pa_len), start + EXT4_C2B(sbi,
ac->ac_o_ex.fe_len));
len = EXT4_NUM_B2C(sbi, end - start);
ac->ac_b_ex.fe_len = len;
```
The starting position in ext4_mb_mark_diskspace_used will be assert.
BUG_ON(ac->ac_b_ex.fe_len <= 0);
When end == start + EXT4_C2B(sbi, ac->ac_o_ex.fe_len) is used, the value of
end - start must be greater than 0.
However, when end == pa->pa_pstart + EXT4_C2B(sbi, pa->pa_len) occurs, this
bug_ON may be triggered.
When this bug_ON is triggered, that is,

ac->ac_b_ex.fe_len <= 0
end - start <= 0
end <= start
pa->pa_pstart + EXT4_C2B(sbi, pa->pa_len) <= pa->pa_pstart +
(ac->ac_o_ex.fe_logical - pa->pa_lstart)
pa->pa_len <= ac->ac_o_ex.fe_logical - pa->pa_lstart
pa->pa_lstart + pa->pa_len <= ac->ac_o_ex.fe_logical
start + size <= ac->ac_o_ex.fe_logical

So I think that "&&" here should be changed to "||".
Sorry, I still disagree. After some more code reading I agree that
ac->ac_o_ex.fe_logical is the logical block where we want allocated blocks
to be placed in the inode so logical extent of allocated blocks should include
ac->ac_o_ex.fe_logical. But I would be reluctant to make assertion you
suggest unless we make sure ac->ac_o_ex.fe_logical in unallocated (in which
case we can also remove some other code from ext4_mb_normalize_request()).

									Honza

What codes are you referring to that can be deleted?

--
With Best Regards,
Baokun Li




[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux