2018-09-05 06:46:30 +08:00
|
|
|
// SPDX-License-Identifier: GPL-2.0+
|
2009-04-07 10:01:35 +08:00
|
|
|
/*
|
2021-11-09 10:35:01 +08:00
|
|
|
* the_nilfs shared structure.
|
2009-04-07 10:01:35 +08:00
|
|
|
*
|
|
|
|
* Copyright (C) 2005-2008 Nippon Telegraph and Telephone Corporation.
|
|
|
|
*
|
2016-05-24 07:23:09 +08:00
|
|
|
* Written by Ryusuke Konishi.
|
2009-04-07 10:01:35 +08:00
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/buffer_head.h>
|
|
|
|
#include <linux/slab.h>
|
|
|
|
#include <linux/blkdev.h>
|
|
|
|
#include <linux/backing-dev.h>
|
2011-03-09 10:05:08 +08:00
|
|
|
#include <linux/random.h>
|
2022-10-27 12:43:05 +08:00
|
|
|
#include <linux/log2.h>
|
2009-04-07 10:01:59 +08:00
|
|
|
#include <linux/crc32.h>
|
2009-04-07 10:01:35 +08:00
|
|
|
#include "nilfs.h"
|
|
|
|
#include "segment.h"
|
|
|
|
#include "alloc.h"
|
|
|
|
#include "cpfile.h"
|
|
|
|
#include "sufile.h"
|
|
|
|
#include "dat.h"
|
|
|
|
#include "segbuf.h"
|
|
|
|
|
2009-06-08 00:39:29 +08:00
|
|
|
|
2010-06-28 18:15:26 +08:00
|
|
|
static int nilfs_valid_sb(struct nilfs_super_block *sbp);
|
|
|
|
|
2009-04-07 10:01:35 +08:00
|
|
|
void nilfs_set_last_segment(struct the_nilfs *nilfs,
|
|
|
|
sector_t start_blocknr, u64 seq, __u64 cno)
|
|
|
|
{
|
|
|
|
spin_lock(&nilfs->ns_last_segment_lock);
|
|
|
|
nilfs->ns_last_pseg = start_blocknr;
|
|
|
|
nilfs->ns_last_seq = seq;
|
|
|
|
nilfs->ns_last_cno = cno;
|
2010-06-29 13:42:13 +08:00
|
|
|
|
|
|
|
if (!nilfs_sb_dirty(nilfs)) {
|
|
|
|
if (nilfs->ns_prev_seq == nilfs->ns_last_seq)
|
|
|
|
goto stay_cursor;
|
|
|
|
|
|
|
|
set_nilfs_sb_dirty(nilfs);
|
|
|
|
}
|
|
|
|
nilfs->ns_prev_seq = nilfs->ns_last_seq;
|
|
|
|
|
|
|
|
stay_cursor:
|
2009-04-07 10:01:35 +08:00
|
|
|
spin_unlock(&nilfs->ns_last_segment_lock);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2010-09-09 01:07:56 +08:00
|
|
|
* alloc_nilfs - allocate a nilfs object
|
2016-08-03 05:05:06 +08:00
|
|
|
* @sb: super block instance
|
2009-04-07 10:01:35 +08:00
|
|
|
*
|
|
|
|
* Return Value: On success, pointer to the_nilfs is returned.
|
|
|
|
* On error, NULL is returned.
|
|
|
|
*/
|
2016-08-03 05:05:06 +08:00
|
|
|
struct the_nilfs *alloc_nilfs(struct super_block *sb)
|
2009-04-07 10:01:35 +08:00
|
|
|
{
|
|
|
|
struct the_nilfs *nilfs;
|
|
|
|
|
|
|
|
nilfs = kzalloc(sizeof(*nilfs), GFP_KERNEL);
|
|
|
|
if (!nilfs)
|
|
|
|
return NULL;
|
|
|
|
|
2016-08-03 05:05:06 +08:00
|
|
|
nilfs->ns_sb = sb;
|
|
|
|
nilfs->ns_bdev = sb->s_bdev;
|
2009-04-07 10:01:35 +08:00
|
|
|
atomic_set(&nilfs->ns_ndirtyblks, 0);
|
|
|
|
init_rwsem(&nilfs->ns_sem);
|
2012-07-31 05:42:07 +08:00
|
|
|
mutex_init(&nilfs->ns_snapshot_mount_mutex);
|
2011-03-09 10:05:07 +08:00
|
|
|
INIT_LIST_HEAD(&nilfs->ns_dirty_files);
|
2010-08-20 18:06:11 +08:00
|
|
|
INIT_LIST_HEAD(&nilfs->ns_gc_inodes);
|
2011-03-09 10:05:07 +08:00
|
|
|
spin_lock_init(&nilfs->ns_inode_lock);
|
2011-03-09 10:05:08 +08:00
|
|
|
spin_lock_init(&nilfs->ns_next_gen_lock);
|
2009-04-07 10:01:35 +08:00
|
|
|
spin_lock_init(&nilfs->ns_last_segment_lock);
|
2010-08-14 11:59:15 +08:00
|
|
|
nilfs->ns_cptree = RB_ROOT;
|
|
|
|
spin_lock_init(&nilfs->ns_cptree_lock);
|
2009-04-07 10:01:35 +08:00
|
|
|
init_rwsem(&nilfs->ns_segctor_sem);
|
2014-08-09 05:20:42 +08:00
|
|
|
nilfs->ns_sb_update_freq = NILFS_SB_FREQ;
|
2009-04-07 10:01:35 +08:00
|
|
|
|
|
|
|
return nilfs;
|
|
|
|
}
|
|
|
|
|
2009-06-08 00:39:29 +08:00
|
|
|
/**
|
2010-09-09 01:07:56 +08:00
|
|
|
* destroy_nilfs - destroy nilfs object
|
|
|
|
* @nilfs: nilfs object to be released
|
2009-04-07 10:01:35 +08:00
|
|
|
*/
|
2010-09-09 01:07:56 +08:00
|
|
|
void destroy_nilfs(struct the_nilfs *nilfs)
|
2009-04-07 10:01:35 +08:00
|
|
|
{
|
|
|
|
might_sleep();
|
|
|
|
if (nilfs_init(nilfs)) {
|
2009-04-07 10:01:59 +08:00
|
|
|
brelse(nilfs->ns_sbh[0]);
|
|
|
|
brelse(nilfs->ns_sbh[1]);
|
2009-04-07 10:01:35 +08:00
|
|
|
}
|
|
|
|
kfree(nilfs);
|
|
|
|
}
|
|
|
|
|
2010-09-05 11:20:59 +08:00
|
|
|
static int nilfs_load_super_root(struct the_nilfs *nilfs,
|
|
|
|
struct super_block *sb, sector_t sr_block)
|
2009-04-07 10:01:35 +08:00
|
|
|
{
|
|
|
|
struct buffer_head *bh_sr;
|
|
|
|
struct nilfs_super_root *raw_sr;
|
2009-04-07 10:01:59 +08:00
|
|
|
struct nilfs_super_block **sbp = nilfs->ns_sbp;
|
2010-09-05 11:20:59 +08:00
|
|
|
struct nilfs_inode *rawi;
|
2016-05-24 07:23:39 +08:00
|
|
|
unsigned int dat_entry_size, segment_usage_size, checkpoint_size;
|
|
|
|
unsigned int inode_size;
|
2009-04-07 10:01:35 +08:00
|
|
|
int err;
|
|
|
|
|
2010-05-23 00:39:02 +08:00
|
|
|
err = nilfs_read_super_root_block(nilfs, sr_block, &bh_sr, 1);
|
2009-04-07 10:01:35 +08:00
|
|
|
if (unlikely(err))
|
|
|
|
return err;
|
|
|
|
|
|
|
|
down_read(&nilfs->ns_sem);
|
2009-04-07 10:01:59 +08:00
|
|
|
dat_entry_size = le16_to_cpu(sbp[0]->s_dat_entry_size);
|
|
|
|
checkpoint_size = le16_to_cpu(sbp[0]->s_checkpoint_size);
|
|
|
|
segment_usage_size = le16_to_cpu(sbp[0]->s_segment_usage_size);
|
2009-04-07 10:01:35 +08:00
|
|
|
up_read(&nilfs->ns_sem);
|
|
|
|
|
|
|
|
inode_size = nilfs->ns_inode_size;
|
|
|
|
|
2010-09-05 11:20:59 +08:00
|
|
|
rawi = (void *)bh_sr->b_data + NILFS_SR_DAT_OFFSET(inode_size);
|
|
|
|
err = nilfs_dat_read(sb, dat_entry_size, rawi, &nilfs->ns_dat);
|
|
|
|
if (err)
|
2009-04-07 10:01:35 +08:00
|
|
|
goto failed;
|
|
|
|
|
2010-09-05 11:20:59 +08:00
|
|
|
rawi = (void *)bh_sr->b_data + NILFS_SR_CPFILE_OFFSET(inode_size);
|
|
|
|
err = nilfs_cpfile_read(sb, checkpoint_size, rawi, &nilfs->ns_cpfile);
|
|
|
|
if (err)
|
2009-04-07 10:01:35 +08:00
|
|
|
goto failed_dat;
|
|
|
|
|
2010-09-05 11:20:59 +08:00
|
|
|
rawi = (void *)bh_sr->b_data + NILFS_SR_SUFILE_OFFSET(inode_size);
|
|
|
|
err = nilfs_sufile_read(sb, segment_usage_size, rawi,
|
|
|
|
&nilfs->ns_sufile);
|
|
|
|
if (err)
|
2009-04-07 10:01:35 +08:00
|
|
|
goto failed_cpfile;
|
|
|
|
|
|
|
|
raw_sr = (struct nilfs_super_root *)bh_sr->b_data;
|
|
|
|
nilfs->ns_nongc_ctime = le64_to_cpu(raw_sr->sr_nongc_ctime);
|
|
|
|
|
|
|
|
failed:
|
|
|
|
brelse(bh_sr);
|
|
|
|
return err;
|
|
|
|
|
|
|
|
failed_cpfile:
|
2010-09-05 11:20:59 +08:00
|
|
|
iput(nilfs->ns_cpfile);
|
2009-04-07 10:01:35 +08:00
|
|
|
|
|
|
|
failed_dat:
|
2010-09-05 11:20:59 +08:00
|
|
|
iput(nilfs->ns_dat);
|
2009-04-07 10:01:35 +08:00
|
|
|
goto failed;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void nilfs_init_recovery_info(struct nilfs_recovery_info *ri)
|
|
|
|
{
|
|
|
|
memset(ri, 0, sizeof(*ri));
|
|
|
|
INIT_LIST_HEAD(&ri->ri_used_segments);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void nilfs_clear_recovery_info(struct nilfs_recovery_info *ri)
|
|
|
|
{
|
|
|
|
nilfs_dispose_segment_list(&ri->ri_used_segments);
|
|
|
|
}
|
|
|
|
|
2010-06-28 18:15:24 +08:00
|
|
|
/**
|
|
|
|
* nilfs_store_log_cursor - load log cursor from a super block
|
|
|
|
* @nilfs: nilfs object
|
|
|
|
* @sbp: buffer storing super block to be read
|
|
|
|
*
|
|
|
|
* nilfs_store_log_cursor() reads the last position of the log
|
|
|
|
* containing a super root from a given super block, and initializes
|
|
|
|
* relevant information on the nilfs object preparatory for log
|
|
|
|
* scanning and recovery.
|
|
|
|
*/
|
|
|
|
static int nilfs_store_log_cursor(struct the_nilfs *nilfs,
|
|
|
|
struct nilfs_super_block *sbp)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
nilfs->ns_last_pseg = le64_to_cpu(sbp->s_last_pseg);
|
|
|
|
nilfs->ns_last_cno = le64_to_cpu(sbp->s_last_cno);
|
|
|
|
nilfs->ns_last_seq = le64_to_cpu(sbp->s_last_seq);
|
|
|
|
|
2010-06-29 13:42:13 +08:00
|
|
|
nilfs->ns_prev_seq = nilfs->ns_last_seq;
|
2010-06-28 18:15:24 +08:00
|
|
|
nilfs->ns_seg_seq = nilfs->ns_last_seq;
|
|
|
|
nilfs->ns_segnum =
|
|
|
|
nilfs_get_segnum_of_block(nilfs, nilfs->ns_last_pseg);
|
|
|
|
nilfs->ns_cno = nilfs->ns_last_cno + 1;
|
|
|
|
if (nilfs->ns_segnum >= nilfs->ns_nsegments) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(nilfs->ns_sb,
|
2016-08-03 05:05:10 +08:00
|
|
|
"pointed segment number is out of range: segnum=%llu, nsegments=%lu",
|
|
|
|
(unsigned long long)nilfs->ns_segnum,
|
|
|
|
nilfs->ns_nsegments);
|
2010-06-28 18:15:24 +08:00
|
|
|
ret = -EINVAL;
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2022-10-27 12:43:06 +08:00
|
|
|
/**
|
|
|
|
* nilfs_get_blocksize - get block size from raw superblock data
|
|
|
|
* @sb: super block instance
|
|
|
|
* @sbp: superblock raw data buffer
|
|
|
|
* @blocksize: place to store block size
|
|
|
|
*
|
|
|
|
* nilfs_get_blocksize() calculates the block size from the block size
|
|
|
|
* exponent information written in @sbp and stores it in @blocksize,
|
|
|
|
* or aborts with an error message if it's too large.
|
|
|
|
*
|
|
|
|
* Return Value: On success, 0 is returned. If the block size is too
|
|
|
|
* large, -EINVAL is returned.
|
|
|
|
*/
|
|
|
|
static int nilfs_get_blocksize(struct super_block *sb,
|
|
|
|
struct nilfs_super_block *sbp, int *blocksize)
|
|
|
|
{
|
|
|
|
unsigned int shift_bits = le32_to_cpu(sbp->s_log_block_size);
|
|
|
|
|
|
|
|
if (unlikely(shift_bits >
|
|
|
|
ilog2(NILFS_MAX_BLOCK_SIZE) - BLOCK_SIZE_BITS)) {
|
|
|
|
nilfs_err(sb, "too large filesystem blocksize: 2 ^ %u KiB",
|
|
|
|
shift_bits);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
*blocksize = BLOCK_SIZE << shift_bits;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2009-04-07 10:01:35 +08:00
|
|
|
/**
|
|
|
|
* load_nilfs - load and recover the nilfs
|
|
|
|
* @nilfs: the_nilfs structure to be released
|
2021-05-07 09:04:16 +08:00
|
|
|
* @sb: super block instance used to recover past segment
|
2009-04-07 10:01:35 +08:00
|
|
|
*
|
|
|
|
* load_nilfs() searches and load the latest super root,
|
|
|
|
* attaches the last segment, and does recovery if needed.
|
|
|
|
* The caller must call this exclusively for simultaneous mounts.
|
|
|
|
*/
|
2011-03-09 10:05:08 +08:00
|
|
|
int load_nilfs(struct the_nilfs *nilfs, struct super_block *sb)
|
2009-04-07 10:01:35 +08:00
|
|
|
{
|
|
|
|
struct nilfs_recovery_info ri;
|
2011-03-09 10:05:08 +08:00
|
|
|
unsigned int s_flags = sb->s_flags;
|
2009-04-07 10:01:35 +08:00
|
|
|
int really_read_only = bdev_read_only(nilfs->ns_bdev);
|
2009-11-19 18:58:46 +08:00
|
|
|
int valid_fs = nilfs_valid_fs(nilfs);
|
2009-11-19 15:58:40 +08:00
|
|
|
int err;
|
2009-04-07 10:01:35 +08:00
|
|
|
|
2009-11-19 15:58:40 +08:00
|
|
|
if (!valid_fs) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_warn(sb, "mounting unchecked fs");
|
2017-11-28 05:05:09 +08:00
|
|
|
if (s_flags & SB_RDONLY) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_info(sb,
|
|
|
|
"recovery required for readonly filesystem");
|
|
|
|
nilfs_info(sb,
|
|
|
|
"write access will be enabled during recovery");
|
2009-04-07 10:01:35 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-11-19 15:58:40 +08:00
|
|
|
nilfs_init_recovery_info(&ri);
|
|
|
|
|
2010-05-23 00:39:02 +08:00
|
|
|
err = nilfs_search_super_root(nilfs, &ri);
|
2009-04-07 10:01:35 +08:00
|
|
|
if (unlikely(err)) {
|
2010-06-28 18:15:26 +08:00
|
|
|
struct nilfs_super_block **sbp = nilfs->ns_sbp;
|
|
|
|
int blocksize;
|
|
|
|
|
|
|
|
if (err != -EINVAL)
|
|
|
|
goto scan_error;
|
|
|
|
|
|
|
|
if (!nilfs_valid_sb(sbp[1])) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_warn(sb,
|
|
|
|
"unable to fall back to spare super block");
|
2010-06-28 18:15:26 +08:00
|
|
|
goto scan_error;
|
|
|
|
}
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_info(sb, "trying rollback from an earlier position");
|
2010-06-28 18:15:26 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* restore super block with its spare and reconfigure
|
|
|
|
* relevant states of the nilfs object.
|
|
|
|
*/
|
|
|
|
memcpy(sbp[0], sbp[1], nilfs->ns_sbsize);
|
|
|
|
nilfs->ns_crc_seed = le32_to_cpu(sbp[0]->s_crc_seed);
|
|
|
|
nilfs->ns_sbwtime = le64_to_cpu(sbp[0]->s_wtime);
|
|
|
|
|
|
|
|
/* verify consistency between two super blocks */
|
2022-10-27 12:43:06 +08:00
|
|
|
err = nilfs_get_blocksize(sb, sbp[0], &blocksize);
|
|
|
|
if (err)
|
|
|
|
goto scan_error;
|
|
|
|
|
2010-06-28 18:15:26 +08:00
|
|
|
if (blocksize != nilfs->ns_blocksize) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_warn(sb,
|
|
|
|
"blocksize differs between two super blocks (%d != %d)",
|
|
|
|
blocksize, nilfs->ns_blocksize);
|
2022-10-27 12:43:06 +08:00
|
|
|
err = -EINVAL;
|
2010-06-28 18:15:26 +08:00
|
|
|
goto scan_error;
|
|
|
|
}
|
|
|
|
|
|
|
|
err = nilfs_store_log_cursor(nilfs, sbp[0]);
|
|
|
|
if (err)
|
|
|
|
goto scan_error;
|
|
|
|
|
|
|
|
/* drop clean flag to allow roll-forward and recovery */
|
|
|
|
nilfs->ns_mount_state &= ~NILFS_VALID_FS;
|
|
|
|
valid_fs = 0;
|
|
|
|
|
|
|
|
err = nilfs_search_super_root(nilfs, &ri);
|
|
|
|
if (err)
|
|
|
|
goto scan_error;
|
2009-04-07 10:01:35 +08:00
|
|
|
}
|
|
|
|
|
2011-03-09 10:05:08 +08:00
|
|
|
err = nilfs_load_super_root(nilfs, sb, ri.ri_super_root);
|
2009-04-07 10:01:35 +08:00
|
|
|
if (unlikely(err)) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(sb, "error %d while loading super root", err);
|
2009-04-07 10:01:35 +08:00
|
|
|
goto failed;
|
|
|
|
}
|
|
|
|
|
nilfs2: fix sysfs interface lifetime
The current nilfs2 sysfs support has issues with the timing of creation
and deletion of sysfs entries, potentially leading to null pointer
dereferences, use-after-free, and lockdep warnings.
Some of the sysfs attributes for nilfs2 per-filesystem instance refer to
metadata file "cpfile", "sufile", or "dat", but
nilfs_sysfs_create_device_group that creates those attributes is executed
before the inodes for these metadata files are loaded, and
nilfs_sysfs_delete_device_group which deletes these sysfs entries is
called after releasing their metadata file inodes.
Therefore, access to some of these sysfs attributes may occur outside of
the lifetime of these metadata files, resulting in inode NULL pointer
dereferences or use-after-free.
In addition, the call to nilfs_sysfs_create_device_group() is made during
the locking period of the semaphore "ns_sem" of nilfs object, so the
shrinker call caused by the memory allocation for the sysfs entries, may
derive lock dependencies "ns_sem" -> (shrinker) -> "locks acquired in
nilfs_evict_inode()".
Since nilfs2 may acquire "ns_sem" deep in the call stack holding other
locks via its error handler __nilfs_error(), this causes lockdep to report
circular locking. This is a false positive and no circular locking
actually occurs as no inodes exist yet when
nilfs_sysfs_create_device_group() is called. Fortunately, the lockdep
warnings can be resolved by simply moving the call to
nilfs_sysfs_create_device_group() out of "ns_sem".
This fixes these sysfs issues by revising where the device's sysfs
interface is created/deleted and keeping its lifetime within the lifetime
of the metadata files above.
Link: https://lkml.kernel.org/r/20230330205515.6167-1-konishi.ryusuke@gmail.com
Fixes: dd70edbde262 ("nilfs2: integrate sysfs support into driver")
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+979fa7f9c0d086fdc282@syzkaller.appspotmail.com
Link: https://lkml.kernel.org/r/0000000000003414b505f7885f7e@google.com
Reported-by: syzbot+5b7d542076d9bddc3c6a@syzkaller.appspotmail.com
Link: https://lkml.kernel.org/r/0000000000006ac86605f5f44eb9@google.com
Cc: Viacheslav Dubeyko <slava@dubeyko.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-03-31 04:55:15 +08:00
|
|
|
err = nilfs_sysfs_create_device_group(sb);
|
|
|
|
if (unlikely(err))
|
|
|
|
goto sysfs_error;
|
|
|
|
|
2009-11-19 15:58:40 +08:00
|
|
|
if (valid_fs)
|
|
|
|
goto skip_recovery;
|
|
|
|
|
2017-11-28 05:05:09 +08:00
|
|
|
if (s_flags & SB_RDONLY) {
|
2010-07-22 02:22:20 +08:00
|
|
|
__u64 features;
|
|
|
|
|
2011-03-09 10:05:07 +08:00
|
|
|
if (nilfs_test_opt(nilfs, NORECOVERY)) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_info(sb,
|
|
|
|
"norecovery option specified, skipping roll-forward recovery");
|
2009-11-20 02:28:01 +08:00
|
|
|
goto skip_recovery;
|
|
|
|
}
|
2010-07-22 02:22:20 +08:00
|
|
|
features = le64_to_cpu(nilfs->ns_sbp[0]->s_feature_compat_ro) &
|
|
|
|
~NILFS_FEATURE_COMPAT_RO_SUPP;
|
|
|
|
if (features) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(sb,
|
2016-08-03 05:05:10 +08:00
|
|
|
"couldn't proceed with recovery because of unsupported optional features (%llx)",
|
|
|
|
(unsigned long long)features);
|
2010-07-22 02:22:20 +08:00
|
|
|
err = -EROFS;
|
|
|
|
goto failed_unload;
|
|
|
|
}
|
2009-11-19 15:58:40 +08:00
|
|
|
if (really_read_only) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(sb,
|
2016-08-03 05:05:10 +08:00
|
|
|
"write access unavailable, cannot proceed");
|
2009-11-19 15:58:40 +08:00
|
|
|
err = -EROFS;
|
|
|
|
goto failed_unload;
|
2009-04-07 10:01:35 +08:00
|
|
|
}
|
2017-11-28 05:05:09 +08:00
|
|
|
sb->s_flags &= ~SB_RDONLY;
|
2011-03-09 10:05:07 +08:00
|
|
|
} else if (nilfs_test_opt(nilfs, NORECOVERY)) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(sb,
|
2016-08-03 05:05:10 +08:00
|
|
|
"recovery cancelled because norecovery option was specified for a read/write mount");
|
2009-11-20 02:28:01 +08:00
|
|
|
err = -EINVAL;
|
|
|
|
goto failed_unload;
|
2009-11-19 15:58:40 +08:00
|
|
|
}
|
|
|
|
|
2011-03-09 10:05:08 +08:00
|
|
|
err = nilfs_salvage_orphan_logs(nilfs, sb, &ri);
|
2009-11-19 15:58:40 +08:00
|
|
|
if (err)
|
|
|
|
goto failed_unload;
|
|
|
|
|
|
|
|
down_write(&nilfs->ns_sem);
|
2010-06-28 16:49:29 +08:00
|
|
|
nilfs->ns_mount_state |= NILFS_VALID_FS; /* set "clean" flag */
|
2011-03-09 10:05:08 +08:00
|
|
|
err = nilfs_cleanup_super(sb);
|
2009-11-19 15:58:40 +08:00
|
|
|
up_write(&nilfs->ns_sem);
|
|
|
|
|
|
|
|
if (err) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(sb,
|
2016-08-03 05:05:10 +08:00
|
|
|
"error %d updating super block. recovery unfinished.",
|
|
|
|
err);
|
2009-11-19 15:58:40 +08:00
|
|
|
goto failed_unload;
|
2009-04-07 10:01:35 +08:00
|
|
|
}
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_info(sb, "recovery complete");
|
2009-04-07 10:01:35 +08:00
|
|
|
|
2009-11-19 15:58:40 +08:00
|
|
|
skip_recovery:
|
|
|
|
nilfs_clear_recovery_info(&ri);
|
2011-03-09 10:05:08 +08:00
|
|
|
sb->s_flags = s_flags;
|
2009-11-19 15:58:40 +08:00
|
|
|
return 0;
|
|
|
|
|
2010-06-28 18:15:26 +08:00
|
|
|
scan_error:
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(sb, "error %d while searching super root", err);
|
2010-06-28 18:15:26 +08:00
|
|
|
goto failed;
|
|
|
|
|
2009-11-19 15:58:40 +08:00
|
|
|
failed_unload:
|
nilfs2: fix sysfs interface lifetime
The current nilfs2 sysfs support has issues with the timing of creation
and deletion of sysfs entries, potentially leading to null pointer
dereferences, use-after-free, and lockdep warnings.
Some of the sysfs attributes for nilfs2 per-filesystem instance refer to
metadata file "cpfile", "sufile", or "dat", but
nilfs_sysfs_create_device_group that creates those attributes is executed
before the inodes for these metadata files are loaded, and
nilfs_sysfs_delete_device_group which deletes these sysfs entries is
called after releasing their metadata file inodes.
Therefore, access to some of these sysfs attributes may occur outside of
the lifetime of these metadata files, resulting in inode NULL pointer
dereferences or use-after-free.
In addition, the call to nilfs_sysfs_create_device_group() is made during
the locking period of the semaphore "ns_sem" of nilfs object, so the
shrinker call caused by the memory allocation for the sysfs entries, may
derive lock dependencies "ns_sem" -> (shrinker) -> "locks acquired in
nilfs_evict_inode()".
Since nilfs2 may acquire "ns_sem" deep in the call stack holding other
locks via its error handler __nilfs_error(), this causes lockdep to report
circular locking. This is a false positive and no circular locking
actually occurs as no inodes exist yet when
nilfs_sysfs_create_device_group() is called. Fortunately, the lockdep
warnings can be resolved by simply moving the call to
nilfs_sysfs_create_device_group() out of "ns_sem".
This fixes these sysfs issues by revising where the device's sysfs
interface is created/deleted and keeping its lifetime within the lifetime
of the metadata files above.
Link: https://lkml.kernel.org/r/20230330205515.6167-1-konishi.ryusuke@gmail.com
Fixes: dd70edbde262 ("nilfs2: integrate sysfs support into driver")
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+979fa7f9c0d086fdc282@syzkaller.appspotmail.com
Link: https://lkml.kernel.org/r/0000000000003414b505f7885f7e@google.com
Reported-by: syzbot+5b7d542076d9bddc3c6a@syzkaller.appspotmail.com
Link: https://lkml.kernel.org/r/0000000000006ac86605f5f44eb9@google.com
Cc: Viacheslav Dubeyko <slava@dubeyko.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-03-31 04:55:15 +08:00
|
|
|
nilfs_sysfs_delete_device_group(nilfs);
|
|
|
|
|
|
|
|
sysfs_error:
|
2010-09-05 11:20:59 +08:00
|
|
|
iput(nilfs->ns_cpfile);
|
|
|
|
iput(nilfs->ns_sufile);
|
|
|
|
iput(nilfs->ns_dat);
|
2009-04-07 10:01:35 +08:00
|
|
|
|
|
|
|
failed:
|
|
|
|
nilfs_clear_recovery_info(&ri);
|
2011-03-09 10:05:08 +08:00
|
|
|
sb->s_flags = s_flags;
|
2009-04-07 10:01:35 +08:00
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static unsigned long long nilfs_max_size(unsigned int blkbits)
|
|
|
|
{
|
|
|
|
unsigned int max_bits;
|
|
|
|
unsigned long long res = MAX_LFS_FILESIZE; /* page cache limit */
|
|
|
|
|
|
|
|
max_bits = blkbits + NILFS_BMAP_KEY_BIT; /* bmap size limit */
|
|
|
|
if (max_bits < 64)
|
|
|
|
res = min_t(unsigned long long, res, (1ULL << max_bits) - 1);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
2011-05-05 00:23:58 +08:00
|
|
|
/**
|
|
|
|
* nilfs_nrsvsegs - calculate the number of reserved segments
|
|
|
|
* @nilfs: nilfs object
|
|
|
|
* @nsegs: total number of segments
|
|
|
|
*/
|
|
|
|
unsigned long nilfs_nrsvsegs(struct the_nilfs *nilfs, unsigned long nsegs)
|
|
|
|
{
|
|
|
|
return max_t(unsigned long, NILFS_MIN_NRSVSEGS,
|
|
|
|
DIV_ROUND_UP(nsegs * nilfs->ns_r_segments_percentage,
|
|
|
|
100));
|
|
|
|
}
|
|
|
|
|
2023-05-26 10:13:32 +08:00
|
|
|
/**
|
|
|
|
* nilfs_max_segment_count - calculate the maximum number of segments
|
|
|
|
* @nilfs: nilfs object
|
|
|
|
*/
|
|
|
|
static u64 nilfs_max_segment_count(struct the_nilfs *nilfs)
|
|
|
|
{
|
|
|
|
u64 max_count = U64_MAX;
|
|
|
|
|
|
|
|
do_div(max_count, nilfs->ns_blocks_per_segment);
|
|
|
|
return min_t(u64, max_count, ULONG_MAX);
|
|
|
|
}
|
|
|
|
|
2011-05-05 00:23:58 +08:00
|
|
|
void nilfs_set_nsegments(struct the_nilfs *nilfs, unsigned long nsegs)
|
|
|
|
{
|
|
|
|
nilfs->ns_nsegments = nsegs;
|
|
|
|
nilfs->ns_nrsvsegs = nilfs_nrsvsegs(nilfs, nsegs);
|
|
|
|
}
|
|
|
|
|
2009-04-07 10:01:59 +08:00
|
|
|
static int nilfs_store_disk_layout(struct the_nilfs *nilfs,
|
|
|
|
struct nilfs_super_block *sbp)
|
2009-04-07 10:01:35 +08:00
|
|
|
{
|
2023-05-26 10:13:32 +08:00
|
|
|
u64 nsegments, nblocks;
|
|
|
|
|
2010-08-09 23:58:41 +08:00
|
|
|
if (le32_to_cpu(sbp->s_rev_level) < NILFS_MIN_SUPP_REV) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(nilfs->ns_sb,
|
2016-08-03 05:05:10 +08:00
|
|
|
"unsupported revision (superblock rev.=%d.%d, current rev.=%d.%d). Please check the version of mkfs.nilfs(2).",
|
|
|
|
le32_to_cpu(sbp->s_rev_level),
|
|
|
|
le16_to_cpu(sbp->s_minor_rev_level),
|
|
|
|
NILFS_CURRENT_REV, NILFS_MINOR_REV);
|
2009-04-07 10:01:35 +08:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
2009-04-07 10:01:59 +08:00
|
|
|
nilfs->ns_sbsize = le16_to_cpu(sbp->s_bytes);
|
|
|
|
if (nilfs->ns_sbsize > BLOCK_SIZE)
|
|
|
|
return -EINVAL;
|
|
|
|
|
2009-04-07 10:01:35 +08:00
|
|
|
nilfs->ns_inode_size = le16_to_cpu(sbp->s_inode_size);
|
2014-04-04 05:50:31 +08:00
|
|
|
if (nilfs->ns_inode_size > nilfs->ns_blocksize) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(nilfs->ns_sb, "too large inode size: %d bytes",
|
2016-08-03 05:05:10 +08:00
|
|
|
nilfs->ns_inode_size);
|
2014-04-04 05:50:31 +08:00
|
|
|
return -EINVAL;
|
|
|
|
} else if (nilfs->ns_inode_size < NILFS_MIN_INODE_SIZE) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(nilfs->ns_sb, "too small inode size: %d bytes",
|
2016-08-03 05:05:10 +08:00
|
|
|
nilfs->ns_inode_size);
|
2014-04-04 05:50:31 +08:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2009-04-07 10:01:35 +08:00
|
|
|
nilfs->ns_first_ino = le32_to_cpu(sbp->s_first_ino);
|
|
|
|
|
|
|
|
nilfs->ns_blocks_per_segment = le32_to_cpu(sbp->s_blocks_per_segment);
|
|
|
|
if (nilfs->ns_blocks_per_segment < NILFS_SEG_MIN_BLOCKS) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(nilfs->ns_sb, "too short segment: %lu blocks",
|
2016-08-03 05:05:10 +08:00
|
|
|
nilfs->ns_blocks_per_segment);
|
2009-04-07 10:01:35 +08:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
nilfs->ns_first_data_block = le64_to_cpu(sbp->s_first_data_block);
|
|
|
|
nilfs->ns_r_segments_percentage =
|
|
|
|
le32_to_cpu(sbp->s_r_segments_percentage);
|
2012-03-17 08:08:38 +08:00
|
|
|
if (nilfs->ns_r_segments_percentage < 1 ||
|
|
|
|
nilfs->ns_r_segments_percentage > 99) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(nilfs->ns_sb,
|
2016-08-03 05:05:10 +08:00
|
|
|
"invalid reserved segments percentage: %lu",
|
|
|
|
nilfs->ns_r_segments_percentage);
|
2012-03-17 08:08:38 +08:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2023-05-26 10:13:32 +08:00
|
|
|
nsegments = le64_to_cpu(sbp->s_nsegments);
|
|
|
|
if (nsegments > nilfs_max_segment_count(nilfs)) {
|
|
|
|
nilfs_err(nilfs->ns_sb,
|
|
|
|
"segment count %llu exceeds upper limit (%llu segments)",
|
|
|
|
(unsigned long long)nsegments,
|
|
|
|
(unsigned long long)nilfs_max_segment_count(nilfs));
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
nblocks = sb_bdev_nr_blocks(nilfs->ns_sb);
|
|
|
|
if (nblocks) {
|
|
|
|
u64 min_block_count = nsegments * nilfs->ns_blocks_per_segment;
|
|
|
|
/*
|
|
|
|
* To avoid failing to mount early device images without a
|
|
|
|
* second superblock, exclude that block count from the
|
|
|
|
* "min_block_count" calculation.
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (nblocks < min_block_count) {
|
|
|
|
nilfs_err(nilfs->ns_sb,
|
|
|
|
"total number of segment blocks %llu exceeds device size (%llu blocks)",
|
|
|
|
(unsigned long long)min_block_count,
|
|
|
|
(unsigned long long)nblocks);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
nilfs_set_nsegments(nilfs, nsegments);
|
2009-04-07 10:01:35 +08:00
|
|
|
nilfs->ns_crc_seed = le32_to_cpu(sbp->s_crc_seed);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2009-04-07 10:01:59 +08:00
|
|
|
static int nilfs_valid_sb(struct nilfs_super_block *sbp)
|
|
|
|
{
|
|
|
|
static unsigned char sum[4];
|
|
|
|
const int sumoff = offsetof(struct nilfs_super_block, s_sum);
|
|
|
|
size_t bytes;
|
|
|
|
u32 crc;
|
|
|
|
|
|
|
|
if (!sbp || le16_to_cpu(sbp->s_magic) != NILFS_SUPER_MAGIC)
|
|
|
|
return 0;
|
|
|
|
bytes = le16_to_cpu(sbp->s_bytes);
|
2016-06-25 05:50:18 +08:00
|
|
|
if (bytes < sumoff + 4 || bytes > BLOCK_SIZE)
|
2009-04-07 10:01:59 +08:00
|
|
|
return 0;
|
|
|
|
crc = crc32_le(le32_to_cpu(sbp->s_crc_seed), (unsigned char *)sbp,
|
|
|
|
sumoff);
|
|
|
|
crc = crc32_le(crc, sum, 4);
|
|
|
|
crc = crc32_le(crc, (unsigned char *)sbp + sumoff + 4,
|
|
|
|
bytes - sumoff - 4);
|
|
|
|
return crc == le32_to_cpu(sbp->s_sum);
|
|
|
|
}
|
|
|
|
|
2022-10-27 12:43:05 +08:00
|
|
|
/**
|
|
|
|
* nilfs_sb2_bad_offset - check the location of the second superblock
|
|
|
|
* @sbp: superblock raw data buffer
|
|
|
|
* @offset: byte offset of second superblock calculated from device size
|
|
|
|
*
|
|
|
|
* nilfs_sb2_bad_offset() checks if the position on the second
|
|
|
|
* superblock is valid or not based on the filesystem parameters
|
|
|
|
* stored in @sbp. If @offset points to a location within the segment
|
|
|
|
* area, or if the parameters themselves are not normal, it is
|
|
|
|
* determined to be invalid.
|
|
|
|
*
|
|
|
|
* Return Value: true if invalid, false if valid.
|
|
|
|
*/
|
|
|
|
static bool nilfs_sb2_bad_offset(struct nilfs_super_block *sbp, u64 offset)
|
2009-04-07 10:01:59 +08:00
|
|
|
{
|
2022-10-27 12:43:05 +08:00
|
|
|
unsigned int shift_bits = le32_to_cpu(sbp->s_log_block_size);
|
|
|
|
u32 blocks_per_segment = le32_to_cpu(sbp->s_blocks_per_segment);
|
|
|
|
u64 nsegments = le64_to_cpu(sbp->s_nsegments);
|
|
|
|
u64 index;
|
|
|
|
|
|
|
|
if (blocks_per_segment < NILFS_SEG_MIN_BLOCKS ||
|
|
|
|
shift_bits > ilog2(NILFS_MAX_BLOCK_SIZE) - BLOCK_SIZE_BITS)
|
|
|
|
return true;
|
|
|
|
|
|
|
|
index = offset >> (shift_bits + BLOCK_SIZE_BITS);
|
|
|
|
do_div(index, blocks_per_segment);
|
|
|
|
return index < nsegments;
|
2009-04-07 10:01:59 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void nilfs_release_super_block(struct the_nilfs *nilfs)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < 2; i++) {
|
|
|
|
if (nilfs->ns_sbp[i]) {
|
|
|
|
brelse(nilfs->ns_sbh[i]);
|
|
|
|
nilfs->ns_sbh[i] = NULL;
|
|
|
|
nilfs->ns_sbp[i] = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void nilfs_fall_back_super_block(struct the_nilfs *nilfs)
|
|
|
|
{
|
|
|
|
brelse(nilfs->ns_sbh[0]);
|
|
|
|
nilfs->ns_sbh[0] = nilfs->ns_sbh[1];
|
|
|
|
nilfs->ns_sbp[0] = nilfs->ns_sbp[1];
|
|
|
|
nilfs->ns_sbh[1] = NULL;
|
|
|
|
nilfs->ns_sbp[1] = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
void nilfs_swap_super_block(struct the_nilfs *nilfs)
|
|
|
|
{
|
|
|
|
struct buffer_head *tsbh = nilfs->ns_sbh[0];
|
|
|
|
struct nilfs_super_block *tsbp = nilfs->ns_sbp[0];
|
|
|
|
|
|
|
|
nilfs->ns_sbh[0] = nilfs->ns_sbh[1];
|
|
|
|
nilfs->ns_sbp[0] = nilfs->ns_sbp[1];
|
|
|
|
nilfs->ns_sbh[1] = tsbh;
|
|
|
|
nilfs->ns_sbp[1] = tsbp;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int nilfs_load_super_block(struct the_nilfs *nilfs,
|
|
|
|
struct super_block *sb, int blocksize,
|
|
|
|
struct nilfs_super_block **sbpp)
|
|
|
|
{
|
|
|
|
struct nilfs_super_block **sbp = nilfs->ns_sbp;
|
|
|
|
struct buffer_head **sbh = nilfs->ns_sbh;
|
nilfs2: fix underflow in second superblock position calculations
Macro NILFS_SB2_OFFSET_BYTES, which computes the position of the second
superblock, underflows when the argument device size is less than 4096
bytes. Therefore, when using this macro, it is necessary to check in
advance that the device size is not less than a lower limit, or at least
that underflow does not occur.
The current nilfs2 implementation lacks this check, causing out-of-bound
block access when mounting devices smaller than 4096 bytes:
I/O error, dev loop0, sector 36028797018963960 op 0x0:(READ) flags 0x0
phys_seg 1 prio class 2
NILFS (loop0): unable to read secondary superblock (blocksize = 1024)
In addition, when trying to resize the filesystem to a size below 4096
bytes, this underflow occurs in nilfs_resize_fs(), passing a huge number
of segments to nilfs_sufile_resize(), corrupting parameters such as the
number of segments in superblocks. This causes excessive loop iterations
in nilfs_sufile_resize() during a subsequent resize ioctl, causing
semaphore ns_segctor_sem to block for a long time and hang the writer
thread:
INFO: task segctord:5067 blocked for more than 143 seconds.
Not tainted 6.2.0-rc8-syzkaller-00015-gf6feea56f66d #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:segctord state:D stack:23456 pid:5067 ppid:2
flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5293 [inline]
__schedule+0x1409/0x43f0 kernel/sched/core.c:6606
schedule+0xc3/0x190 kernel/sched/core.c:6682
rwsem_down_write_slowpath+0xfcf/0x14a0 kernel/locking/rwsem.c:1190
nilfs_transaction_lock+0x25c/0x4f0 fs/nilfs2/segment.c:357
nilfs_segctor_thread_construct fs/nilfs2/segment.c:2486 [inline]
nilfs_segctor_thread+0x52f/0x1140 fs/nilfs2/segment.c:2570
kthread+0x270/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
...
Call Trace:
<TASK>
folio_mark_accessed+0x51c/0xf00 mm/swap.c:515
__nilfs_get_page_block fs/nilfs2/page.c:42 [inline]
nilfs_grab_buffer+0x3d3/0x540 fs/nilfs2/page.c:61
nilfs_mdt_submit_block+0xd7/0x8f0 fs/nilfs2/mdt.c:121
nilfs_mdt_read_block+0xeb/0x430 fs/nilfs2/mdt.c:176
nilfs_mdt_get_block+0x12d/0xbb0 fs/nilfs2/mdt.c:251
nilfs_sufile_get_segment_usage_block fs/nilfs2/sufile.c:92 [inline]
nilfs_sufile_truncate_range fs/nilfs2/sufile.c:679 [inline]
nilfs_sufile_resize+0x7a3/0x12b0 fs/nilfs2/sufile.c:777
nilfs_resize_fs+0x20c/0xed0 fs/nilfs2/super.c:422
nilfs_ioctl_resize fs/nilfs2/ioctl.c:1033 [inline]
nilfs_ioctl+0x137c/0x2440 fs/nilfs2/ioctl.c:1301
...
This fixes these issues by inserting appropriate minimum device size
checks or anti-underflow checks, depending on where the macro is used.
Link: https://lkml.kernel.org/r/0000000000004e1dfa05f4a48e6b@google.com
Link: https://lkml.kernel.org/r/20230214224043.24141-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: <syzbot+f0c4082ce5ebebdac63b@syzkaller.appspotmail.com>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-02-15 06:40:43 +08:00
|
|
|
u64 sb2off, devsize = bdev_nr_bytes(nilfs->ns_bdev);
|
2009-04-07 10:01:59 +08:00
|
|
|
int valid[2], swp = 0;
|
|
|
|
|
nilfs2: fix underflow in second superblock position calculations
Macro NILFS_SB2_OFFSET_BYTES, which computes the position of the second
superblock, underflows when the argument device size is less than 4096
bytes. Therefore, when using this macro, it is necessary to check in
advance that the device size is not less than a lower limit, or at least
that underflow does not occur.
The current nilfs2 implementation lacks this check, causing out-of-bound
block access when mounting devices smaller than 4096 bytes:
I/O error, dev loop0, sector 36028797018963960 op 0x0:(READ) flags 0x0
phys_seg 1 prio class 2
NILFS (loop0): unable to read secondary superblock (blocksize = 1024)
In addition, when trying to resize the filesystem to a size below 4096
bytes, this underflow occurs in nilfs_resize_fs(), passing a huge number
of segments to nilfs_sufile_resize(), corrupting parameters such as the
number of segments in superblocks. This causes excessive loop iterations
in nilfs_sufile_resize() during a subsequent resize ioctl, causing
semaphore ns_segctor_sem to block for a long time and hang the writer
thread:
INFO: task segctord:5067 blocked for more than 143 seconds.
Not tainted 6.2.0-rc8-syzkaller-00015-gf6feea56f66d #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:segctord state:D stack:23456 pid:5067 ppid:2
flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5293 [inline]
__schedule+0x1409/0x43f0 kernel/sched/core.c:6606
schedule+0xc3/0x190 kernel/sched/core.c:6682
rwsem_down_write_slowpath+0xfcf/0x14a0 kernel/locking/rwsem.c:1190
nilfs_transaction_lock+0x25c/0x4f0 fs/nilfs2/segment.c:357
nilfs_segctor_thread_construct fs/nilfs2/segment.c:2486 [inline]
nilfs_segctor_thread+0x52f/0x1140 fs/nilfs2/segment.c:2570
kthread+0x270/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
...
Call Trace:
<TASK>
folio_mark_accessed+0x51c/0xf00 mm/swap.c:515
__nilfs_get_page_block fs/nilfs2/page.c:42 [inline]
nilfs_grab_buffer+0x3d3/0x540 fs/nilfs2/page.c:61
nilfs_mdt_submit_block+0xd7/0x8f0 fs/nilfs2/mdt.c:121
nilfs_mdt_read_block+0xeb/0x430 fs/nilfs2/mdt.c:176
nilfs_mdt_get_block+0x12d/0xbb0 fs/nilfs2/mdt.c:251
nilfs_sufile_get_segment_usage_block fs/nilfs2/sufile.c:92 [inline]
nilfs_sufile_truncate_range fs/nilfs2/sufile.c:679 [inline]
nilfs_sufile_resize+0x7a3/0x12b0 fs/nilfs2/sufile.c:777
nilfs_resize_fs+0x20c/0xed0 fs/nilfs2/super.c:422
nilfs_ioctl_resize fs/nilfs2/ioctl.c:1033 [inline]
nilfs_ioctl+0x137c/0x2440 fs/nilfs2/ioctl.c:1301
...
This fixes these issues by inserting appropriate minimum device size
checks or anti-underflow checks, depending on where the macro is used.
Link: https://lkml.kernel.org/r/0000000000004e1dfa05f4a48e6b@google.com
Link: https://lkml.kernel.org/r/20230214224043.24141-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: <syzbot+f0c4082ce5ebebdac63b@syzkaller.appspotmail.com>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2023-02-15 06:40:43 +08:00
|
|
|
if (devsize < NILFS_SEG_MIN_BLOCKS * NILFS_MIN_BLOCK_SIZE + 4096) {
|
|
|
|
nilfs_err(sb, "device size too small");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
sb2off = NILFS_SB2_OFFSET_BYTES(devsize);
|
|
|
|
|
2009-04-07 10:01:59 +08:00
|
|
|
sbp[0] = nilfs_read_super_block(sb, NILFS_SB_OFFSET_BYTES, blocksize,
|
|
|
|
&sbh[0]);
|
|
|
|
sbp[1] = nilfs_read_super_block(sb, sb2off, blocksize, &sbh[1]);
|
|
|
|
|
|
|
|
if (!sbp[0]) {
|
|
|
|
if (!sbp[1]) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(sb, "unable to read superblock");
|
2009-04-07 10:01:59 +08:00
|
|
|
return -EIO;
|
|
|
|
}
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_warn(sb,
|
|
|
|
"unable to read primary superblock (blocksize = %d)",
|
|
|
|
blocksize);
|
2011-01-23 23:28:22 +08:00
|
|
|
} else if (!sbp[1]) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_warn(sb,
|
|
|
|
"unable to read secondary superblock (blocksize = %d)",
|
|
|
|
blocksize);
|
2011-01-23 23:28:22 +08:00
|
|
|
}
|
2009-04-07 10:01:59 +08:00
|
|
|
|
2010-05-01 10:54:21 +08:00
|
|
|
/*
|
|
|
|
* Compare two super blocks and set 1 in swp if the secondary
|
|
|
|
* super block is valid and newer. Otherwise, set 0 in swp.
|
|
|
|
*/
|
2009-04-07 10:01:59 +08:00
|
|
|
valid[0] = nilfs_valid_sb(sbp[0]);
|
|
|
|
valid[1] = nilfs_valid_sb(sbp[1]);
|
2010-05-01 10:54:21 +08:00
|
|
|
swp = valid[1] && (!valid[0] ||
|
|
|
|
le64_to_cpu(sbp[1]->s_last_cno) >
|
|
|
|
le64_to_cpu(sbp[0]->s_last_cno));
|
2009-04-07 10:01:59 +08:00
|
|
|
|
|
|
|
if (valid[swp] && nilfs_sb2_bad_offset(sbp[swp], sb2off)) {
|
|
|
|
brelse(sbh[1]);
|
|
|
|
sbh[1] = NULL;
|
|
|
|
sbp[1] = NULL;
|
2012-03-17 08:08:39 +08:00
|
|
|
valid[1] = 0;
|
2009-04-07 10:01:59 +08:00
|
|
|
swp = 0;
|
|
|
|
}
|
|
|
|
if (!valid[swp]) {
|
|
|
|
nilfs_release_super_block(nilfs);
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(sb, "couldn't find nilfs on the device");
|
2009-04-07 10:01:59 +08:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2010-08-15 19:16:11 +08:00
|
|
|
if (!valid[!swp])
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_warn(sb,
|
|
|
|
"broken superblock, retrying with spare superblock (blocksize = %d)",
|
|
|
|
blocksize);
|
2010-08-15 19:16:11 +08:00
|
|
|
if (swp)
|
2009-04-07 10:01:59 +08:00
|
|
|
nilfs_swap_super_block(nilfs);
|
|
|
|
|
2010-06-28 16:49:33 +08:00
|
|
|
nilfs->ns_sbwcount = 0;
|
|
|
|
nilfs->ns_sbwtime = le64_to_cpu(sbp[0]->s_wtime);
|
2009-04-07 10:01:59 +08:00
|
|
|
nilfs->ns_prot_seq = le64_to_cpu(sbp[valid[1] & !swp]->s_last_seq);
|
|
|
|
*sbpp = sbp[0];
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2009-04-07 10:01:35 +08:00
|
|
|
/**
|
|
|
|
* init_nilfs - initialize a NILFS instance.
|
|
|
|
* @nilfs: the_nilfs structure
|
|
|
|
* @sb: super block
|
|
|
|
* @data: mount options
|
|
|
|
*
|
|
|
|
* init_nilfs() performs common initialization per block device (e.g.
|
|
|
|
* reading the super block, getting disk layout information, initializing
|
2010-08-16 00:54:52 +08:00
|
|
|
* shared fields in the_nilfs).
|
2009-04-07 10:01:35 +08:00
|
|
|
*
|
|
|
|
* Return Value: On success, 0 is returned. On error, a negative error
|
|
|
|
* code is returned.
|
|
|
|
*/
|
2011-03-09 10:05:08 +08:00
|
|
|
int init_nilfs(struct the_nilfs *nilfs, struct super_block *sb, char *data)
|
2009-04-07 10:01:35 +08:00
|
|
|
{
|
|
|
|
struct nilfs_super_block *sbp;
|
|
|
|
int blocksize;
|
2009-04-07 10:01:59 +08:00
|
|
|
int err;
|
2009-04-07 10:01:35 +08:00
|
|
|
|
|
|
|
down_write(&nilfs->ns_sem);
|
|
|
|
|
2010-07-25 21:44:53 +08:00
|
|
|
blocksize = sb_min_blocksize(sb, NILFS_MIN_BLOCK_SIZE);
|
2009-04-07 10:01:59 +08:00
|
|
|
if (!blocksize) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(sb, "unable to set blocksize");
|
2009-04-07 10:01:35 +08:00
|
|
|
err = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
2009-04-07 10:01:59 +08:00
|
|
|
err = nilfs_load_super_block(nilfs, sb, blocksize, &sbp);
|
|
|
|
if (err)
|
|
|
|
goto out;
|
|
|
|
|
2009-04-07 10:01:35 +08:00
|
|
|
err = nilfs_store_magic_and_option(sb, sbp, data);
|
|
|
|
if (err)
|
|
|
|
goto failed_sbh;
|
|
|
|
|
2010-07-22 02:22:20 +08:00
|
|
|
err = nilfs_check_feature_compatibility(sb, sbp);
|
|
|
|
if (err)
|
|
|
|
goto failed_sbh;
|
|
|
|
|
2022-10-27 12:43:06 +08:00
|
|
|
err = nilfs_get_blocksize(sb, sbp, &blocksize);
|
|
|
|
if (err)
|
|
|
|
goto failed_sbh;
|
|
|
|
|
|
|
|
if (blocksize < NILFS_MIN_BLOCK_SIZE) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(sb,
|
2016-08-03 05:05:10 +08:00
|
|
|
"couldn't mount because of unsupported filesystem blocksize %d",
|
|
|
|
blocksize);
|
2010-07-25 21:44:53 +08:00
|
|
|
err = -EINVAL;
|
|
|
|
goto failed_sbh;
|
|
|
|
}
|
2009-04-07 10:01:35 +08:00
|
|
|
if (sb->s_blocksize != blocksize) {
|
2009-05-23 05:17:49 +08:00
|
|
|
int hw_blocksize = bdev_logical_block_size(sb->s_bdev);
|
2009-04-07 10:01:59 +08:00
|
|
|
|
|
|
|
if (blocksize < hw_blocksize) {
|
2020-08-12 09:35:49 +08:00
|
|
|
nilfs_err(sb,
|
2016-08-03 05:05:10 +08:00
|
|
|
"blocksize %d too small for device (sector-size = %d)",
|
|
|
|
blocksize, hw_blocksize);
|
2009-04-07 10:01:35 +08:00
|
|
|
err = -EINVAL;
|
2009-04-07 10:01:59 +08:00
|
|
|
goto failed_sbh;
|
|
|
|
}
|
|
|
|
nilfs_release_super_block(nilfs);
|
|
|
|
sb_set_blocksize(sb, blocksize);
|
|
|
|
|
|
|
|
err = nilfs_load_super_block(nilfs, sb, blocksize, &sbp);
|
|
|
|
if (err)
|
2009-04-07 10:01:35 +08:00
|
|
|
goto out;
|
2016-05-24 07:23:48 +08:00
|
|
|
/*
|
|
|
|
* Not to failed_sbh; sbh is released automatically
|
|
|
|
* when reloading fails.
|
|
|
|
*/
|
2009-04-07 10:01:35 +08:00
|
|
|
}
|
|
|
|
nilfs->ns_blocksize_bits = sb->s_blocksize_bits;
|
2010-05-22 23:17:48 +08:00
|
|
|
nilfs->ns_blocksize = blocksize;
|
2009-04-07 10:01:35 +08:00
|
|
|
|
2011-03-09 10:05:08 +08:00
|
|
|
get_random_bytes(&nilfs->ns_next_generation,
|
|
|
|
sizeof(nilfs->ns_next_generation));
|
|
|
|
|
2009-04-07 10:01:59 +08:00
|
|
|
err = nilfs_store_disk_layout(nilfs, sbp);
|
2009-04-07 10:01:35 +08:00
|
|
|
if (err)
|
|
|
|
goto failed_sbh;
|
|
|
|
|
|
|
|
sb->s_maxbytes = nilfs_max_size(sb->s_blocksize_bits);
|
|
|
|
|
|
|
|
nilfs->ns_mount_state = le16_to_cpu(sbp->s_state);
|
|
|
|
|
2010-06-28 18:15:24 +08:00
|
|
|
err = nilfs_store_log_cursor(nilfs, sbp);
|
|
|
|
if (err)
|
2009-04-07 10:01:35 +08:00
|
|
|
goto failed_sbh;
|
|
|
|
|
|
|
|
set_nilfs_init(nilfs);
|
|
|
|
err = 0;
|
|
|
|
out:
|
|
|
|
up_write(&nilfs->ns_sem);
|
|
|
|
return err;
|
|
|
|
|
|
|
|
failed_sbh:
|
2009-04-07 10:01:59 +08:00
|
|
|
nilfs_release_super_block(nilfs);
|
2009-04-07 10:01:35 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2010-01-30 17:06:35 +08:00
|
|
|
int nilfs_discard_segments(struct the_nilfs *nilfs, __u64 *segnump,
|
|
|
|
size_t nsegs)
|
|
|
|
{
|
|
|
|
sector_t seg_start, seg_end;
|
|
|
|
sector_t start = 0, nblocks = 0;
|
|
|
|
unsigned int sects_per_block;
|
|
|
|
__u64 *sn;
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
sects_per_block = (1 << nilfs->ns_blocksize_bits) /
|
|
|
|
bdev_logical_block_size(nilfs->ns_bdev);
|
|
|
|
for (sn = segnump; sn < segnump + nsegs; sn++) {
|
|
|
|
nilfs_get_segment_range(nilfs, *sn, &seg_start, &seg_end);
|
|
|
|
|
|
|
|
if (!nblocks) {
|
|
|
|
start = seg_start;
|
|
|
|
nblocks = seg_end - seg_start + 1;
|
|
|
|
} else if (start + nblocks == seg_start) {
|
|
|
|
nblocks += seg_end - seg_start + 1;
|
|
|
|
} else {
|
|
|
|
ret = blkdev_issue_discard(nilfs->ns_bdev,
|
|
|
|
start * sects_per_block,
|
|
|
|
nblocks * sects_per_block,
|
2022-04-15 12:52:57 +08:00
|
|
|
GFP_NOFS);
|
2010-01-30 17:06:35 +08:00
|
|
|
if (ret < 0)
|
|
|
|
return ret;
|
|
|
|
nblocks = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (nblocks)
|
|
|
|
ret = blkdev_issue_discard(nilfs->ns_bdev,
|
|
|
|
start * sects_per_block,
|
|
|
|
nblocks * sects_per_block,
|
2022-04-15 12:52:57 +08:00
|
|
|
GFP_NOFS);
|
2010-01-30 17:06:35 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2009-04-07 10:01:35 +08:00
|
|
|
int nilfs_count_free_blocks(struct the_nilfs *nilfs, sector_t *nblocks)
|
|
|
|
{
|
|
|
|
unsigned long ncleansegs;
|
|
|
|
|
2009-11-13 07:45:32 +08:00
|
|
|
ncleansegs = nilfs_sufile_get_ncleansegs(nilfs->ns_sufile);
|
|
|
|
*nblocks = (sector_t)ncleansegs * nilfs->ns_blocks_per_segment;
|
|
|
|
return 0;
|
2009-04-07 10:01:35 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
int nilfs_near_disk_full(struct the_nilfs *nilfs)
|
|
|
|
{
|
|
|
|
unsigned long ncleansegs, nincsegs;
|
2009-11-13 07:45:32 +08:00
|
|
|
|
|
|
|
ncleansegs = nilfs_sufile_get_ncleansegs(nilfs->ns_sufile);
|
|
|
|
nincsegs = atomic_read(&nilfs->ns_ndirtyblks) /
|
|
|
|
nilfs->ns_blocks_per_segment + 1;
|
|
|
|
|
|
|
|
return ncleansegs <= nilfs->ns_nrsvsegs + nincsegs;
|
2009-04-07 10:01:35 +08:00
|
|
|
}
|
|
|
|
|
2010-08-14 11:59:15 +08:00
|
|
|
struct nilfs_root *nilfs_lookup_root(struct the_nilfs *nilfs, __u64 cno)
|
2009-06-08 00:39:31 +08:00
|
|
|
{
|
2010-08-14 11:59:15 +08:00
|
|
|
struct rb_node *n;
|
|
|
|
struct nilfs_root *root;
|
|
|
|
|
|
|
|
spin_lock(&nilfs->ns_cptree_lock);
|
|
|
|
n = nilfs->ns_cptree.rb_node;
|
|
|
|
while (n) {
|
|
|
|
root = rb_entry(n, struct nilfs_root, rb_node);
|
|
|
|
|
|
|
|
if (cno < root->cno) {
|
|
|
|
n = n->rb_left;
|
|
|
|
} else if (cno > root->cno) {
|
|
|
|
n = n->rb_right;
|
|
|
|
} else {
|
2017-11-18 07:29:39 +08:00
|
|
|
refcount_inc(&root->count);
|
2010-08-14 11:59:15 +08:00
|
|
|
spin_unlock(&nilfs->ns_cptree_lock);
|
|
|
|
return root;
|
|
|
|
}
|
2009-06-08 00:39:31 +08:00
|
|
|
}
|
2010-08-14 11:59:15 +08:00
|
|
|
spin_unlock(&nilfs->ns_cptree_lock);
|
2009-06-08 00:39:31 +08:00
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2010-08-14 11:59:15 +08:00
|
|
|
struct nilfs_root *
|
|
|
|
nilfs_find_or_create_root(struct the_nilfs *nilfs, __u64 cno)
|
2009-04-07 10:01:35 +08:00
|
|
|
{
|
2010-08-14 11:59:15 +08:00
|
|
|
struct rb_node **p, *parent;
|
|
|
|
struct nilfs_root *root, *new;
|
2014-08-09 05:20:55 +08:00
|
|
|
int err;
|
2009-04-07 10:01:35 +08:00
|
|
|
|
2010-08-14 11:59:15 +08:00
|
|
|
root = nilfs_lookup_root(nilfs, cno);
|
|
|
|
if (root)
|
|
|
|
return root;
|
2009-04-07 10:01:35 +08:00
|
|
|
|
2014-08-09 05:20:55 +08:00
|
|
|
new = kzalloc(sizeof(*root), GFP_KERNEL);
|
2010-08-14 11:59:15 +08:00
|
|
|
if (!new)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
spin_lock(&nilfs->ns_cptree_lock);
|
|
|
|
|
|
|
|
p = &nilfs->ns_cptree.rb_node;
|
|
|
|
parent = NULL;
|
|
|
|
|
|
|
|
while (*p) {
|
|
|
|
parent = *p;
|
|
|
|
root = rb_entry(parent, struct nilfs_root, rb_node);
|
|
|
|
|
|
|
|
if (cno < root->cno) {
|
|
|
|
p = &(*p)->rb_left;
|
|
|
|
} else if (cno > root->cno) {
|
|
|
|
p = &(*p)->rb_right;
|
|
|
|
} else {
|
2017-11-18 07:29:39 +08:00
|
|
|
refcount_inc(&root->count);
|
2010-08-14 11:59:15 +08:00
|
|
|
spin_unlock(&nilfs->ns_cptree_lock);
|
|
|
|
kfree(new);
|
|
|
|
return root;
|
2009-04-07 10:01:35 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-08-14 11:59:15 +08:00
|
|
|
new->cno = cno;
|
|
|
|
new->ifile = NULL;
|
|
|
|
new->nilfs = nilfs;
|
2017-11-18 07:29:39 +08:00
|
|
|
refcount_set(&new->count, 1);
|
2013-07-04 06:08:06 +08:00
|
|
|
atomic64_set(&new->inodes_count, 0);
|
|
|
|
atomic64_set(&new->blocks_count, 0);
|
2010-08-14 11:59:15 +08:00
|
|
|
|
|
|
|
rb_link_node(&new->rb_node, parent, p);
|
|
|
|
rb_insert_color(&new->rb_node, &nilfs->ns_cptree);
|
|
|
|
|
|
|
|
spin_unlock(&nilfs->ns_cptree_lock);
|
|
|
|
|
2014-08-09 05:20:55 +08:00
|
|
|
err = nilfs_sysfs_create_snapshot_group(new);
|
|
|
|
if (err) {
|
|
|
|
kfree(new);
|
|
|
|
new = NULL;
|
|
|
|
}
|
|
|
|
|
2010-08-14 11:59:15 +08:00
|
|
|
return new;
|
|
|
|
}
|
|
|
|
|
|
|
|
void nilfs_put_root(struct nilfs_root *root)
|
|
|
|
{
|
2021-09-08 11:00:26 +08:00
|
|
|
struct the_nilfs *nilfs = root->nilfs;
|
2010-08-14 11:59:15 +08:00
|
|
|
|
2021-09-08 11:00:26 +08:00
|
|
|
if (refcount_dec_and_lock(&root->count, &nilfs->ns_cptree_lock)) {
|
2010-08-14 11:59:15 +08:00
|
|
|
rb_erase(&root->rb_node, &nilfs->ns_cptree);
|
|
|
|
spin_unlock(&nilfs->ns_cptree_lock);
|
2021-09-08 11:00:26 +08:00
|
|
|
|
|
|
|
nilfs_sysfs_delete_snapshot_group(root);
|
2014-12-11 07:54:31 +08:00
|
|
|
iput(root->ifile);
|
2010-08-14 11:59:15 +08:00
|
|
|
|
|
|
|
kfree(root);
|
|
|
|
}
|
2009-04-07 10:01:35 +08:00
|
|
|
}
|