From patchwork Mon Feb 10 20:04:14 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Whitney X-Patchwork-Id: 319031 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id C59562C0091 for ; Tue, 11 Feb 2014 07:04:48 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755180AbaBJUEj (ORCPT ); Mon, 10 Feb 2014 15:04:39 -0500 Received: from mail-qc0-f179.google.com ([209.85.216.179]:38267 "EHLO mail-qc0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752877AbaBJUEf (ORCPT ); Mon, 10 Feb 2014 15:04:35 -0500 Received: by mail-qc0-f179.google.com with SMTP id e16so11291250qcx.38 for ; Mon, 10 Feb 2014 12:04:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:user-agent; bh=bIgWTG9iKFxvlWpDUijfVWSjITqY0vyXsEfp3c5GNR8=; b=L/GOEjnt11wCSAFnzFZ3gtFOUD65vj+DnbkI+QvIrirCEdpv2nsY98R0eqiuR/OD7Q gl4xDZXHM7iG1SS8rDZRGL0zd1r7I15PnllH3Lv+iE9a58Jwehnc42n13qUdClNFGVx8 z0H252J5OD67U7pwFbdh2Rzzdm0vd6S04ru7Va3lWbIaQTM0XrLPYmu/WaHLoyPsc05t OgIit6ZWYPDClc9UvNXiNC2r4kS3QYKdxmTGGHTXFfOZiYXyclcbXmkWK/A0Ss5E1on1 42PRannslo7MoZggtW6tTZnH/uHxpD59bxmjmbXHKM8uT8VG7wxltaWxkfftKS7RWlut yASA== X-Received: by 10.140.29.139 with SMTP id b11mr48173050qgb.48.1392062658405; Mon, 10 Feb 2014 12:04:18 -0800 (PST) Received: from wallace (c-75-67-250-69.hsd1.nh.comcast.net. [75.67.250.69]) by mx.google.com with ESMTPSA id i7sm42506484qan.0.2014.02.10.12.04.17 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Mon, 10 Feb 2014 12:04:17 -0800 (PST) Date: Mon, 10 Feb 2014 15:04:14 -0500 From: Eric Whitney To: linux-ext4@vger.kernel.org Cc: tytso@mit.edu Subject: [PATCH] ext4: fix xfstest generic/299 block validity failures Message-ID: <20140210200414.GA2155@wallace> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org Commit a115f749c1 (ext4: remove wait for unwritten extent conversion from ext4_truncate) exposed a bug in ext4_ext_handle_uninitialized_extents(). It can be triggered by xfstest generic/299 when run on a test file system created without a journal. This test continuously fallocates and truncates files to which random dio/aio writes are simultaneously performed by a separate process. The test completes successfully, but if the test filesystem is mounted with the block_validity option, a warning message stating that a logical block has been mapped to an illegal physical block is posted in the kernel log. The bug occurs when an extent is being converted to the written state by ext4_end_io_dio() and ext4_ext_handle_uninitialized_extents() discovers a mapping for an existing uninitialized extent. Although it sets EXT4_MAP_MAPPED in map->m_flags, it fails to set map->m_pblk to the discovered physical block number. Because map->m_pblk is not otherwise initialized or set by this function or its callers, its uninitialized value is returned to ext4_map_blocks(), where it is stored as a bogus mapping in the extent status tree. Since map->m_pblk can accidentally contain illegal values that are larger than the physical size of the file system, calls to check_block_validity() in ext4_map_blocks() that are enabled if the block_validity mount option is used can fail, resulting in the logged warning message. Signed-off-by: Eric Whitney --- fs/ext4/extents.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 10cff47..74bc2d5 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -3906,6 +3906,7 @@ ext4_ext_handle_uninitialized_extents(handle_t *handle, struct inode *inode, } else err = ret; map->m_flags |= EXT4_MAP_MAPPED; + map->m_pblk = newblock; if (allocated > map->m_len) allocated = map->m_len; map->m_len = allocated;