On Thu, 21 Jul 2022, Mariusz Tkaczyk wrote:
> Hi Neil,
>
> On Wed, 13 Jul 2022 13:48:11 +1000
> "NeilBrown" <neilb@xxxxxxx> wrote:
>
> > When the metadata is at the start of the device, it is possible that it
> > describes a device large than the one it is actually stored on. When
> > this happens, report it loudly in --examine.
> >
> > ....
> > Unused Space : before=1968 sectors, after=-2047 sectors DEVICE TOO SMALL
> > State : clean TRUNCATED DEVICE
> > ....
>
> State : clean TRUNCATED DEVICE is enough. "DEVICE TOO SMALL" seems to be
> redundant.
I needed to change the "Unused Space" line because before the patch the
"after=" value is close to 2^64. I needed to make it negative. But having
a negative value there is strange so I thought it would be good to
highlight it and explain why.
> >
> > Also report in --assemble so that the failure which the kernel will
> > report will be explained.
>
> Understand but you've added it in load_super1() so it affects all load_super()
> calls, is it indented? I assume yes but please confirm.
Yes, it is intended for all calls to ->load_super() on v1 metadata.
The test is gated on ->ignore_hw_compat so that it does still look like
v1.x metadata (so --examine can report on it), but an error results for
any attempt to use the metadata in an active array.
->ignore_hw_compat isn't a perfect fit for the concept, but it is a
perfect fit for the desired behaviour. Maybe we should rethink the name
for that field.
> >
> > mdadm: Device /dev/sdb is not large enough for data described in superblock
> > mdadm: no RAID superblock on /dev/sdb
> > mdadm: /dev/sdb has no superblock - assembly aborted
> >
> > Scenario can be demonstrated as follows:
> >
> > mdadm: Note: this array has metadata at the start and
> > may not be suitable as a boot device. If you plan to
> > store '/boot' on this device please ensure that
> > your boot-loader understands md/v1.x metadata, or use
> > --metadata=0.90
> > mdadm: Defaulting to version 1.2 metadata
> > mdadm: array /dev/md/test started.
> > mdadm: stopped /dev/md/test
> > Unused Space : before=1968 sectors, after=-2047 sectors DEVICE TOO SMALL
> > State : clean TRUNCATED DEVICE
> > Unused Space : before=1968 sectors, after=-2047 sectors DEVICE TOO SMALL
> > State : clean TRUNCATED DEVICE
> >
> > Signed-off-by: NeilBrown <neilb@xxxxxxx>
> > ---
> > super1.c | 34 +++++++++++++++++++++++++++-------
> > 1 file changed, 27 insertions(+), 7 deletions(-)
> >
> > diff --git a/super1.c b/super1.c
> > index 71af860c0e3e..4d8dba8a5a44 100644
> > --- a/super1.c
> > +++ b/super1.c
> > @@ -406,12 +406,18 @@ static void examine_super1(struct supertype *st, char
> > *homehost)
> > st->ss->getinfo_super(st, &info, NULL);
> > if (info.space_after != 1 &&
> > - !(__le32_to_cpu(sb->feature_map) & MD_FEATURE_NEW_OFFSET))
> > - printf(" Unused Space : before=%llu sectors, after=%llu
> > sectors\n",
> > - info.space_before, info.space_after);
> > -
> > - printf(" State : %s\n",
> > - (__le64_to_cpu(sb->resync_offset)+1)? "active":"clean");
> > + !(__le32_to_cpu(sb->feature_map) & MD_FEATURE_NEW_OFFSET)) {
> > + printf(" Unused Space : before=%llu sectors, ",
> > + info.space_before);
> > + if (info.space_after < INT64_MAX)
> > + printf("after=%llu sectors\n", info.space_after);
> > + else
> > + printf("after=-%llu sectors DEVICE TOO SMALL\n",
> > + UINT64_MAX - info.space_after);
> As above, for me this else here is not necessary.
The change to report a negative is necessary.
>
> > + }
> > + printf(" State : %s%s\n",
> > + (__le64_to_cpu(sb->resync_offset)+1)? "active":"clean",
> > + info.space_after > INT64_MAX ? " TRUNCATED DEVICE" : "");
>
> Could you use standard if instruction to make the code more readable? We are
> avoiding ternary operators if possible now.
I could. I don't want to.
I think the code is quite readable. Putting a space before the first
'?' would help, as might lining up the two '?'.
>
> > printf(" Device UUID : ");
> > for (i=0; i<16; i++) {
> > if ((i&3)==0 && i != 0)
> > @@ -2206,6 +2212,7 @@ static int load_super1(struct supertype *st, int fd,
> > char *devname) tst.ss = &super1;
> > for (tst.minor_version = 0; tst.minor_version <= 2;
> > tst.minor_version++) {
> > + tst.ignore_hw_compat = st->ignore_hw_compat;
> > switch(load_super1(&tst, fd, devname)) {
> > case 0: super = tst.sb;
> > if (bestvers == -1 ||
> > @@ -2312,7 +2319,6 @@ static int load_super1(struct supertype *st, int fd,
> > char *devname) free(super);
> > return 2;
> > }
> > - st->sb = super;
> >
> > bsb = (struct bitmap_super_s *)(((char*)super)+MAX_SB_SIZE);
> >
> > @@ -2322,6 +2328,20 @@ static int load_super1(struct supertype *st, int fd,
> > char *devname) if (st->data_offset == INVALID_SECTORS)
> > st->data_offset = __le64_to_cpu(super->data_offset);
> >
> > + if (st->minor_version >= 1 &&
> > + st->ignore_hw_compat == 0 &&
> > + (__le64_to_cpu(super->data_offset) +
> > + __le64_to_cpu(super->size) > dsize ||
> > + __le64_to_cpu(super->data_offset) +
> > + __le64_to_cpu(super->data_size) > dsize)) {
> > + if (devname)
> > + pr_err("Device %s is not large enough for data
> > described in superblock\n",
> > + devname);
>
> why not just:
> if (__le64_to_cpu(super->data_offset) + __le64_to_cpu(super->data_size) > dsize)
> from my understanding, only this check matters.
It seemed safest to test both. I don't remember the difference between
->size and ->data_size. In getinfo_super1() we have
if (info->array.level <= 0)
data_size = __le64_to_cpu(sb->data_size);
else
data_size = __le64_to_cpu(sb->size);
which suggests that either could be relevant.
I guess ->size should always be less than ->data_size. But
load_super1() doesn't check that, so it isn't safe to assume it.
Thanks,
NeilBrown
>
> Thanks,
> Mariusz
>
>
