Message ID | 20230704134233.110812-12-yi.zhang@huaweicloud.com |
---|---|
State | Superseded |
Headers | show |
Series | ext4,jbd2: cleanup journal load and initialization process | expand |
On Tue 04-07-23 21:42:32, Zhang Yi wrote: > From: Zhang Yi <yi.zhang@huawei.com> > > Factor out a new helper form ext4_get_dev_journal() to get external > journal bdev and check validation of this device, drop ext4_blkdev_get() > helper, and also remove duplicate check of journal feature. It makes > ext4_get_dev_journal() more clear than before. > > Signed-off-by: Zhang Yi <yi.zhang@huawei.com> One comment below: > @@ -5838,25 +5815,25 @@ static journal_t *ext4_get_journal(struct super_block *sb, > return journal; > } > > -static journal_t *ext4_get_dev_journal(struct super_block *sb, > - dev_t j_dev) > +static struct block_device *ext4_get_journal_dev(struct super_block *sb, > + dev_t j_dev, ext4_fsblk_t *j_start, > + ext4_fsblk_t *j_len) > { > struct buffer_head *bh; > - journal_t *journal; > - ext4_fsblk_t start; > - ext4_fsblk_t len; > + struct block_device *bdev; > int hblock, blocksize; > ext4_fsblk_t sb_block; > unsigned long offset; > struct ext4_super_block *es; > - struct block_device *bdev; > > - if (WARN_ON_ONCE(!ext4_has_feature_journal(sb))) > - return NULL; > - > - bdev = ext4_blkdev_get(j_dev, sb); > - if (bdev == NULL) > + bdev = blkdev_get_by_dev(j_dev, BLK_OPEN_READ | BLK_OPEN_WRITE, sb, > + &ext4_holder_ops); > + if (IS_ERR(bdev)) { > + ext4_msg(sb, KERN_ERR, > + "failed to open journal device unknown-block(%u,%u) %ld", > + MAJOR(j_dev), MINOR(j_dev), PTR_ERR(bdev)); > return NULL; > + } > > blocksize = sb->s_blocksize; > hblock = bdev_logical_block_size(bdev); > @@ -5869,7 +5846,8 @@ static journal_t *ext4_get_dev_journal(struct super_block *sb, > sb_block = EXT4_MIN_BLOCK_SIZE / blocksize; > offset = EXT4_MIN_BLOCK_SIZE % blocksize; > set_blocksize(bdev, blocksize); > - if (!(bh = __bread(bdev, sb_block, blocksize))) { > + bh = __bread(bdev, sb_block, blocksize); > + if (!bh) { > ext4_msg(sb, KERN_ERR, "couldn't read superblock of " > "external journal"); > goto out_bdev; > @@ -5879,56 +5857,67 @@ static journal_t *ext4_get_dev_journal(struct super_block *sb, > if ((le16_to_cpu(es->s_magic) != EXT4_SUPER_MAGIC) || > !(le32_to_cpu(es->s_feature_incompat) & > EXT4_FEATURE_INCOMPAT_JOURNAL_DEV)) { > - ext4_msg(sb, KERN_ERR, "external journal has " > - "bad superblock"); > - brelse(bh); > - goto out_bdev; > + ext4_msg(sb, KERN_ERR, "external journal has bad superblock"); > + goto out_bh; > } > > if ((le32_to_cpu(es->s_feature_ro_compat) & > EXT4_FEATURE_RO_COMPAT_METADATA_CSUM) && > es->s_checksum != ext4_superblock_csum(sb, es)) { > - ext4_msg(sb, KERN_ERR, "external journal has " > - "corrupt superblock"); > - brelse(bh); > - goto out_bdev; > + ext4_msg(sb, KERN_ERR, "external journal has corrupt superblock"); > + goto out_bh; > } > > if (memcmp(EXT4_SB(sb)->s_es->s_journal_uuid, es->s_uuid, 16)) { > ext4_msg(sb, KERN_ERR, "journal UUID does not match"); > - brelse(bh); > - goto out_bdev; > + goto out_bh; > } > > - len = ext4_blocks_count(es); > - start = sb_block + 1; > - brelse(bh); /* we're done with the superblock */ > + brelse(bh); > + *j_start = sb_block + 1; > + *j_len = ext4_blocks_count(es); Here the ext4_blocks_count() is a use-after-free since you've released the bh a few lines above. Otherwise the patch looks good to me. Honza
On 2023/8/4 0:14, Jan Kara wrote: > On Tue 04-07-23 21:42:32, Zhang Yi wrote: >> From: Zhang Yi <yi.zhang@huawei.com> >> >> Factor out a new helper form ext4_get_dev_journal() to get external >> journal bdev and check validation of this device, drop ext4_blkdev_get() >> helper, and also remove duplicate check of journal feature. It makes >> ext4_get_dev_journal() more clear than before. >> >> Signed-off-by: Zhang Yi <yi.zhang@huawei.com> > > One comment below: > >> @@ -5838,25 +5815,25 @@ static journal_t *ext4_get_journal(struct super_block *sb, >> return journal; >> } >> >> -static journal_t *ext4_get_dev_journal(struct super_block *sb, >> - dev_t j_dev) >> +static struct block_device *ext4_get_journal_dev(struct super_block *sb, >> + dev_t j_dev, ext4_fsblk_t *j_start, >> + ext4_fsblk_t *j_len) >> { >> struct buffer_head *bh; >> - journal_t *journal; >> - ext4_fsblk_t start; >> - ext4_fsblk_t len; >> + struct block_device *bdev; >> int hblock, blocksize; >> ext4_fsblk_t sb_block; >> unsigned long offset; >> struct ext4_super_block *es; >> - struct block_device *bdev; >> >> - if (WARN_ON_ONCE(!ext4_has_feature_journal(sb))) >> - return NULL; >> - >> - bdev = ext4_blkdev_get(j_dev, sb); >> - if (bdev == NULL) >> + bdev = blkdev_get_by_dev(j_dev, BLK_OPEN_READ | BLK_OPEN_WRITE, sb, >> + &ext4_holder_ops); >> + if (IS_ERR(bdev)) { >> + ext4_msg(sb, KERN_ERR, >> + "failed to open journal device unknown-block(%u,%u) %ld", >> + MAJOR(j_dev), MINOR(j_dev), PTR_ERR(bdev)); >> return NULL; >> + } >> >> blocksize = sb->s_blocksize; >> hblock = bdev_logical_block_size(bdev); >> @@ -5869,7 +5846,8 @@ static journal_t *ext4_get_dev_journal(struct super_block *sb, >> sb_block = EXT4_MIN_BLOCK_SIZE / blocksize; >> offset = EXT4_MIN_BLOCK_SIZE % blocksize; >> set_blocksize(bdev, blocksize); >> - if (!(bh = __bread(bdev, sb_block, blocksize))) { >> + bh = __bread(bdev, sb_block, blocksize); >> + if (!bh) { >> ext4_msg(sb, KERN_ERR, "couldn't read superblock of " >> "external journal"); >> goto out_bdev; >> @@ -5879,56 +5857,67 @@ static journal_t *ext4_get_dev_journal(struct super_block *sb, >> if ((le16_to_cpu(es->s_magic) != EXT4_SUPER_MAGIC) || >> !(le32_to_cpu(es->s_feature_incompat) & >> EXT4_FEATURE_INCOMPAT_JOURNAL_DEV)) { >> - ext4_msg(sb, KERN_ERR, "external journal has " >> - "bad superblock"); >> - brelse(bh); >> - goto out_bdev; >> + ext4_msg(sb, KERN_ERR, "external journal has bad superblock"); >> + goto out_bh; >> } >> >> if ((le32_to_cpu(es->s_feature_ro_compat) & >> EXT4_FEATURE_RO_COMPAT_METADATA_CSUM) && >> es->s_checksum != ext4_superblock_csum(sb, es)) { >> - ext4_msg(sb, KERN_ERR, "external journal has " >> - "corrupt superblock"); >> - brelse(bh); >> - goto out_bdev; >> + ext4_msg(sb, KERN_ERR, "external journal has corrupt superblock"); >> + goto out_bh; >> } >> >> if (memcmp(EXT4_SB(sb)->s_es->s_journal_uuid, es->s_uuid, 16)) { >> ext4_msg(sb, KERN_ERR, "journal UUID does not match"); >> - brelse(bh); >> - goto out_bdev; >> + goto out_bh; >> } >> >> - len = ext4_blocks_count(es); >> - start = sb_block + 1; >> - brelse(bh); /* we're done with the superblock */ >> + brelse(bh); >> + *j_start = sb_block + 1; >> + *j_len = ext4_blocks_count(es); > > Here the ext4_blocks_count() is a use-after-free since you've released the > bh a few lines above. > Indeed, will move it before the brelse(bh). Thanks, Yi.
diff --git a/fs/ext4/super.c b/fs/ext4/super.c index ce2e02b139af..25ae536a370f 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1105,26 +1105,6 @@ static const struct blk_holder_ops ext4_holder_ops = { .mark_dead = ext4_bdev_mark_dead, }; -/* - * Open the external journal device - */ -static struct block_device *ext4_blkdev_get(dev_t dev, struct super_block *sb) -{ - struct block_device *bdev; - - bdev = blkdev_get_by_dev(dev, BLK_OPEN_READ | BLK_OPEN_WRITE, sb, - &ext4_holder_ops); - if (IS_ERR(bdev)) - goto fail; - return bdev; - -fail: - ext4_msg(sb, KERN_ERR, - "failed to open journal device unknown-block(%u,%u) %ld", - MAJOR(dev), MINOR(dev), PTR_ERR(bdev)); - return NULL; -} - /* * Release the journal device */ @@ -5780,14 +5760,14 @@ static struct inode *ext4_get_journal_inode(struct super_block *sb, ext4_msg(sb, KERN_ERR, "journal inode is deleted"); return NULL; } - - ext4_debug("Journal inode found at %p: %lld bytes\n", - journal_inode, journal_inode->i_size); if (!S_ISREG(journal_inode->i_mode) || IS_ENCRYPTED(journal_inode)) { ext4_msg(sb, KERN_ERR, "invalid journal inode"); iput(journal_inode); return NULL; } + + ext4_debug("Journal inode found at %p: %lld bytes\n", + journal_inode, journal_inode->i_size); return journal_inode; } @@ -5819,9 +5799,6 @@ static journal_t *ext4_get_journal(struct super_block *sb, struct inode *journal_inode; journal_t *journal; - if (WARN_ON_ONCE(!ext4_has_feature_journal(sb))) - return NULL; - journal_inode = ext4_get_journal_inode(sb, journal_inum); if (!journal_inode) return NULL; @@ -5838,25 +5815,25 @@ static journal_t *ext4_get_journal(struct super_block *sb, return journal; } -static journal_t *ext4_get_dev_journal(struct super_block *sb, - dev_t j_dev) +static struct block_device *ext4_get_journal_dev(struct super_block *sb, + dev_t j_dev, ext4_fsblk_t *j_start, + ext4_fsblk_t *j_len) { struct buffer_head *bh; - journal_t *journal; - ext4_fsblk_t start; - ext4_fsblk_t len; + struct block_device *bdev; int hblock, blocksize; ext4_fsblk_t sb_block; unsigned long offset; struct ext4_super_block *es; - struct block_device *bdev; - if (WARN_ON_ONCE(!ext4_has_feature_journal(sb))) - return NULL; - - bdev = ext4_blkdev_get(j_dev, sb); - if (bdev == NULL) + bdev = blkdev_get_by_dev(j_dev, BLK_OPEN_READ | BLK_OPEN_WRITE, sb, + &ext4_holder_ops); + if (IS_ERR(bdev)) { + ext4_msg(sb, KERN_ERR, + "failed to open journal device unknown-block(%u,%u) %ld", + MAJOR(j_dev), MINOR(j_dev), PTR_ERR(bdev)); return NULL; + } blocksize = sb->s_blocksize; hblock = bdev_logical_block_size(bdev); @@ -5869,7 +5846,8 @@ static journal_t *ext4_get_dev_journal(struct super_block *sb, sb_block = EXT4_MIN_BLOCK_SIZE / blocksize; offset = EXT4_MIN_BLOCK_SIZE % blocksize; set_blocksize(bdev, blocksize); - if (!(bh = __bread(bdev, sb_block, blocksize))) { + bh = __bread(bdev, sb_block, blocksize); + if (!bh) { ext4_msg(sb, KERN_ERR, "couldn't read superblock of " "external journal"); goto out_bdev; @@ -5879,56 +5857,67 @@ static journal_t *ext4_get_dev_journal(struct super_block *sb, if ((le16_to_cpu(es->s_magic) != EXT4_SUPER_MAGIC) || !(le32_to_cpu(es->s_feature_incompat) & EXT4_FEATURE_INCOMPAT_JOURNAL_DEV)) { - ext4_msg(sb, KERN_ERR, "external journal has " - "bad superblock"); - brelse(bh); - goto out_bdev; + ext4_msg(sb, KERN_ERR, "external journal has bad superblock"); + goto out_bh; } if ((le32_to_cpu(es->s_feature_ro_compat) & EXT4_FEATURE_RO_COMPAT_METADATA_CSUM) && es->s_checksum != ext4_superblock_csum(sb, es)) { - ext4_msg(sb, KERN_ERR, "external journal has " - "corrupt superblock"); - brelse(bh); - goto out_bdev; + ext4_msg(sb, KERN_ERR, "external journal has corrupt superblock"); + goto out_bh; } if (memcmp(EXT4_SB(sb)->s_es->s_journal_uuid, es->s_uuid, 16)) { ext4_msg(sb, KERN_ERR, "journal UUID does not match"); - brelse(bh); - goto out_bdev; + goto out_bh; } - len = ext4_blocks_count(es); - start = sb_block + 1; - brelse(bh); /* we're done with the superblock */ + brelse(bh); + *j_start = sb_block + 1; + *j_len = ext4_blocks_count(es); + return bdev; + +out_bh: + brelse(bh); +out_bdev: + blkdev_put(bdev, sb); + return NULL; +} + +static journal_t *ext4_get_dev_journal(struct super_block *sb, + dev_t j_dev) +{ + journal_t *journal; + ext4_fsblk_t j_start; + ext4_fsblk_t j_len; + struct block_device *journal_bdev; + + journal_bdev = ext4_get_journal_dev(sb, j_dev, &j_start, &j_len); + if (!journal_bdev) + return NULL; - journal = jbd2_journal_init_dev(bdev, sb->s_bdev, - start, len, blocksize); + journal = jbd2_journal_init_dev(journal_bdev, sb->s_bdev, j_start, + j_len, sb->s_blocksize); if (IS_ERR(journal)) { ext4_msg(sb, KERN_ERR, "failed to create device journal"); goto out_bdev; } - journal->j_private = sb; - if (ext4_read_bh_lock(journal->j_sb_buffer, REQ_META | REQ_PRIO, true)) { - ext4_msg(sb, KERN_ERR, "I/O error on journal device"); - goto out_journal; - } if (be32_to_cpu(journal->j_superblock->s_nr_users) != 1) { ext4_msg(sb, KERN_ERR, "External journal has more than one " "user (unsupported) - %d", be32_to_cpu(journal->j_superblock->s_nr_users)); goto out_journal; } - EXT4_SB(sb)->s_journal_bdev = bdev; + journal->j_private = sb; + EXT4_SB(sb)->s_journal_bdev = journal_bdev; ext4_init_journal_params(sb, journal); return journal; out_journal: jbd2_journal_destroy(journal); out_bdev: - blkdev_put(bdev, sb); + blkdev_put(journal_bdev, sb); return NULL; }