linux/fs/ext4
Toshiyuki Okajima 0c9169ccad ext4: fix potential infinite loop in ext4_da_writepages()
On linux-2.6.36-rc2, if we execute the following script, we can hang
the system when the /bin/sync command is executed:

========================================================================
#!/bin/sh

echo -n "HANG UP TEST: "
/bin/dd if=/dev/zero of=/tmp/img bs=1k count=1 seek=1M 2> /dev/null
/sbin/mkfs.ext4 -Fq /tmp/img
/bin/mount -o loop -t ext4 /tmp/img /mnt
/bin/dd if=/dev/zero of=/mnt/file bs=1 count=1 \
seek=$((16*1024*1024*1024*1024-4096)) 2> /dev/null
/bin/sync
/bin/umount /mnt
echo "DONE"
exit 0
========================================================================

We can see the following backtrace if we get the kdump when this
hangup occurs:

======================================================================
kthread()
=> bdi_writeback_thread()
   => wb_do_writeback()
      => wb_writeback()
         => writeback_inodes_wb()
            => writeback_sb_inodes()
               => writeback_single_inode()
                  => ext4_da_writepages()  ---+ 
                                ^ infinite    |
                                |   loop      |
                                +-------------+
======================================================================

The reason why this hangup happens is described as follows:
1) We write the last extent block of the file whose size is the filesystem 
   maximum size.
2) "BH_Delay" flag is set on the buffer_head of its block.
3) - the member, "m_lblk" of struct mpage_da_data is 4294967295 (UINT_MAX)
   - the member, "m_len" of struct mpage_da_data is 1
  mpage_put_bnr_to_bhs() which is called via ext4_da_writepages()
  cannot clear "BH_Delay" flag of the buffer_head because the type of
  m_lblk is ext4_lblk_t and then m_lblk + m_len is overflow.

  Therefore an infinite loop occurs because ext4_da_writepages()
  cannot write the page (which corresponds to the block) since
  "BH_Delay" flag isn't cleared.
----------------------------------------------------------------------
static void mpage_put_bnr_to_bhs(struct mpage_da_data *mpd,
				struct ext4_map_blocks *map)
{
...
	int blocks = map->m_len;
...
		do {
			// cur_logical = 4294967295
			// map->m_lblk = 4294967295
			// blocks = 1
			// *** map->m_lblk + blocks == 0 (OVERFLOW!) ***
			// (cur_logical >= map->m_lblk + blocks) => true
			if (cur_logical >= map->m_lblk + blocks)
				break;
----------------------------------------------------------------------

NOTE: Mounting with the nodelalloc option will avoid this codepath,
and thus, avoid this hang

Signed-off-by: Toshiyuki Okajima <toshi.okajima@jp.fujitsu.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2010-10-27 21:30:07 -04:00
..
acl.c ext4: update ctime when changing the file's permission by setfacl 2010-06-15 12:19:59 -04:00
acl.h ext[234]: move over to 'check_acl' permission model 2009-09-08 11:09:04 -07:00
balloc.c ext4: Clean up s_dirt handling 2010-06-11 23:14:04 -04:00
bitmap.c ext4: Change unsigned long to unsigned int 2008-11-05 00:14:04 -05:00
block_validity.c ext4: Save error information to the superblock for analysis 2010-07-27 11:56:03 -04:00
dir.c ext4: improve llseek error handling for overly large seek offsets 2010-10-27 21:30:06 -04:00
ext4_extents.h ext4: Calculate metadata requirements more accurately 2010-01-01 02:41:30 -05:00
ext4_jbd2.c ext4: Pass line numbers to ext4_error() and friends 2010-07-27 11:56:40 -04:00
ext4_jbd2.h ext4: Pass line numbers to ext4_error() and friends 2010-07-27 11:56:40 -04:00
ext4.h ext4: improve llseek error handling for overly large seek offsets 2010-10-27 21:30:06 -04:00
extents.c ext4: use sb_issue_zeroout in ext4_ext_zeroout 2010-10-27 21:30:06 -04:00
file.c ext4: improve llseek error handling for overly large seek offsets 2010-10-27 21:30:06 -04:00
fsync.c rename the generic fsync implementations 2010-05-27 22:06:06 -04:00
hash.c ext4: Add support for non-native signed/unsigned htree hash algorithms 2008-10-28 13:21:44 -04:00
ialloc.c ext4: add interface to advertise ext4 features in sysfs 2010-10-27 21:30:05 -04:00
inode.c ext4: fix potential infinite loop in ext4_da_writepages() 2010-10-27 21:30:07 -04:00
ioctl.c ext4: Drop whitespace at end of lines 2010-05-17 07:00:00 -04:00
Kconfig ext4: Don't ask about supporting ext2/3 in ext4 if ext4 is not configured 2009-12-21 10:54:09 -05:00
Makefile ext4: online defrag -- Add EXT4_IOC_MOVE_EXT ioctl 2009-06-17 19:24:03 -04:00
mballoc.c ext4: don't hold spinlock while calling ext4_issue_discard() 2010-10-27 21:30:04 -04:00
mballoc.h ext4: consolidate in_range() definitions 2010-03-03 23:55:01 -05:00
migrate.c ext4: Convert more i_flags references to use accessor functions 2010-06-14 09:54:48 -04:00
move_extent.c ext4: Pass line numbers to ext4_error() and friends 2010-07-27 11:56:40 -04:00
namei.c ext4: re-inline ext4_rec_len_(to|from)_disk functions 2010-08-05 01:46:37 -04:00
resize.c ext4: use sb_issue_zeroout in setup_new_group_blocks 2010-10-27 21:30:05 -04:00
super.c ext4: don't update sb journal_devnum when RO dev 2010-10-27 21:30:06 -04:00
symlink.c ext4: symlink must be handled via filesystem specific operation 2010-05-16 02:00:00 -04:00
xattr_security.c ext4: constify xattr_handler 2010-05-21 18:31:19 -04:00
xattr_trusted.c ext4: constify xattr_handler 2010-05-21 18:31:19 -04:00
xattr_user.c ext4: constify xattr_handler 2010-05-21 18:31:19 -04:00
xattr.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2010-08-10 11:26:52 -07:00
xattr.h ext4: constify xattr_handler 2010-05-21 18:31:19 -04:00