forked from Minki/linux
a3916e528b
Multi-block buffers are logged based on buffer offset in xfs_trans_log_buf(). xfs_buf_item_log() ultimately walks each mapping in the buffer and marks the associated range to be logged in the xfs_buf_log_format bitmap for that mapping. This code is broken, however, in that it marks the actual buffer offsets of the associated range in each bitmap rather than shifting to the byte range for that particular mapping. For example, on a 4k fsb fs, buffer offset 4096 refers to the first byte of the second mapping in the buffer. This means byte 0 of the second log format bitmap should be tagged as dirty. Instead, the current code marks byte offset 4096 of the second log format bitmap, which is invalid and potentially out of range of the mapping. As a result of this, the log item format code invoked at transaction commit time is not be able to correctly identify what parts of the buffer to copy into log vectors. This can lead to NULL log vector pointer dereferences in CIL push context if the item format code was not able to locate any dirty ranges at all. This crash has been reproduced on a 4k FSB filesystem using 16k directory blocks where an unlink operation happened not to log anything in the first block of the mapping. The logged offsets were all over 4k, marked as such in the subsequent log format mappings, and thus left the transaction with an xfs_log_item that is marked DIRTY but without any logged regions. Further, even when the logged regions are marked correctly in the buffer log format bitmaps, the format code doesn't copy the correct ranges of the buffer into the log. This means that any logged region beyond the first block of a multi-block buffer is subject to corruption after a crash and log recovery sequence. This is due to a failure to convert the mapping bm_len field from basic blocks to bytes in the buffer offset tracking code in xfs_buf_item_format(). Update xfs_buf_item_log() to convert buffer offsets to segment relative offsets when logging multi-block buffers. This ensures that the modified regions of a buffer are logged correctly and avoids the aforementioned crash. Also update xfs_buf_item_format() to correctly track the source offset into the buffer for the log vector formatting code. This ensures that the correct data is copied into the log. Signed-off-by: Brian Foster <bfoster@redhat.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Dave Chinner <david@fromorbit.com> |
||
|---|---|---|
| .. | ||
| libxfs | ||
| Kconfig | ||
| kmem.c | ||
| kmem.h | ||
| Makefile | ||
| mrlock.h | ||
| uuid.c | ||
| uuid.h | ||
| xfs_acl.c | ||
| xfs_acl.h | ||
| xfs_aops.c | ||
| xfs_aops.h | ||
| xfs_attr_inactive.c | ||
| xfs_attr_list.c | ||
| xfs_attr.h | ||
| xfs_bmap_util.c | ||
| xfs_bmap_util.h | ||
| xfs_buf_item.c | ||
| xfs_buf_item.h | ||
| xfs_buf.c | ||
| xfs_buf.h | ||
| xfs_dir2_readdir.c | ||
| xfs_discard.c | ||
| xfs_discard.h | ||
| xfs_dquot_item.c | ||
| xfs_dquot_item.h | ||
| xfs_dquot.c | ||
| xfs_dquot.h | ||
| xfs_error.c | ||
| xfs_error.h | ||
| xfs_export.c | ||
| xfs_export.h | ||
| xfs_extent_busy.c | ||
| xfs_extent_busy.h | ||
| xfs_extfree_item.c | ||
| xfs_extfree_item.h | ||
| xfs_file.c | ||
| xfs_filestream.c | ||
| xfs_filestream.h | ||
| xfs_fsops.c | ||
| xfs_fsops.h | ||
| xfs_globals.c | ||
| xfs_icache.c | ||
| xfs_icache.h | ||
| xfs_icreate_item.c | ||
| xfs_icreate_item.h | ||
| xfs_inode_item.c | ||
| xfs_inode_item.h | ||
| xfs_inode.c | ||
| xfs_inode.h | ||
| xfs_ioctl32.c | ||
| xfs_ioctl32.h | ||
| xfs_ioctl.c | ||
| xfs_ioctl.h | ||
| xfs_iomap.c | ||
| xfs_iomap.h | ||
| xfs_iops.c | ||
| xfs_iops.h | ||
| xfs_itable.c | ||
| xfs_itable.h | ||
| xfs_linux.h | ||
| xfs_log_cil.c | ||
| xfs_log_priv.h | ||
| xfs_log_recover.c | ||
| xfs_log.c | ||
| xfs_log.h | ||
| xfs_message.c | ||
| xfs_message.h | ||
| xfs_mount.c | ||
| xfs_mount.h | ||
| xfs_mru_cache.c | ||
| xfs_mru_cache.h | ||
| xfs_ondisk.h | ||
| xfs_pnfs.c | ||
| xfs_pnfs.h | ||
| xfs_qm_bhv.c | ||
| xfs_qm_syscalls.c | ||
| xfs_qm.c | ||
| xfs_qm.h | ||
| xfs_quota.h | ||
| xfs_quotaops.c | ||
| xfs_rtalloc.c | ||
| xfs_rtalloc.h | ||
| xfs_stats.c | ||
| xfs_stats.h | ||
| xfs_super.c | ||
| xfs_super.h | ||
| xfs_symlink.c | ||
| xfs_symlink.h | ||
| xfs_sysctl.c | ||
| xfs_sysctl.h | ||
| xfs_sysfs.c | ||
| xfs_sysfs.h | ||
| xfs_trace.c | ||
| xfs_trace.h | ||
| xfs_trans_ail.c | ||
| xfs_trans_buf.c | ||
| xfs_trans_dquot.c | ||
| xfs_trans_extfree.c | ||
| xfs_trans_inode.c | ||
| xfs_trans_priv.h | ||
| xfs_trans.c | ||
| xfs_trans.h | ||
| xfs_xattr.c | ||
| xfs.h | ||