- 28 Sep, 2024 9 commits
-
-
Kent Overstreet authored
A couple small error handling fixes Signed-off-by:Kent Overstreet <kent.overstreet@linux.dev>
-
Kent Overstreet authored
this allows for various cleanups in fsck Signed-off-by: -
Diogo Jahchan Koike authored
syzbot reported a null ptr deref in __copy_user [0] In __bch2_read_super, when a corrupt backup superblock matches the default opts offset, no error is assigned to ret and the freed superblock gets through, possibly being assigned as the best sb in bch2_fs_open and being later dereferenced, causing a fault. Assign EINVALID to ret when iterating through layout. [0]: https://syzkaller.appspot.com/bug?extid=18a5c5e8a9c856944876 Reported-by: syzbot+18a5c5e8a9c856944876@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=18a5c5e8a9c856944876Signed-off-by:
Diogo Jahchan Koike <djahchankoike@gmail.com> Signed-off-by:
-
Kent Overstreet authored
check_topology doesn't need the srcu lock and doesn't use normal btree transactions - we can just drop the srcu lock. Signed-off-by: -
Kent Overstreet authored
fsck_err() jumps to the fsck_err label when bailing out; need to make sure bp_iter was initialized... Signed-off-by: -
Piotr Zalewski authored
Zero-initialize part of allocated bounce buffer which wasn't touched by subsequent bch2_key_sort_fix_overlapping to mitigate later uinit-value use KMSAN bug[1]. After applying the patch reproducer still triggers stack overflow[2] but it seems unrelated to the uninit-value use warning. After further investigation it was found that stack overflow occurs because KMSAN adds too many function calls[3]. Backtrace of where the stack magic number gets smashed was added as a reply to syzkaller thread[3]. It was confirmed that task's stack magic number gets smashed after the code path where KSMAN detects uninit-value use is executed, so it can be assumed that it doesn't contribute in any way to uninit-value use detection. [1] https://syzkaller.appspot.com/bug?extid=6f655a60d3244d0c6718 [2] https://lore.kernel.org/lkml/66e57e46.050a0220.115905.0002.GAE@google.com [3] https://lore.kernel.org/all/rVaWgPULej8K7HqMPNIu8kVNyXNjjCiTB-QBtItLFBmk0alH6fV2tk4joVPk97Evnuv4ZRDd8HB5uDCkiFG6u81xKdzDj-KrtIMJSlF6Kt8=@proton.me Reported-by: syzbot+6f655a60d3244d0c6718@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=6f655a60d3244d0c6718 Fixes: ec4edd7b ("bcachefs: Prep work for variable size btree node buffers") Suggested-by:
Piotr Zalewski <pZ010001011111@proton.me> Signed-off-by:
-
Kent Overstreet authored
Signed-off-by: -
Kent Overstreet authored
This fixes a kasan splat in propagate_key_to_snapshot_leaves() - varint_decode_fast() does reads (that it never uses) up to 7 bytes past the end of the integer. Signed-off-by: -
Kent Overstreet authored
Most or all errors will be autofix in the future, we're currently just doing the ones that we know are well tested. Signed-off-by:
-
- 23 Sep, 2024 2 commits
-
-
Kent Overstreet authored
As we iterate we need to mark that we no longer need iterators - otherwise we'll infinite loop via the "too many iters" check when there's many snapshots. Signed-off-by: -
Kent Overstreet authored
if it doesn't get set we'll never be able to flush the btree write buffer; this only happens in fake rw mode, but prevents us from shutting down. Signed-off-by:
-
- 21 Sep, 2024 29 commits
-
-
Ahmed Ehab authored
Syzbot reports a problem that a warning is triggered due to suspicious use of rcu_dereference_check(). That is triggered by a call of bch2_snapshot_tree_oldest_subvol(). The cause of the warning is that inside bch2_snapshot_tree_oldest_subvol(), snapshot_t() is called which calls rcu_dereference() that requires a read lock to be held. Also, the call of bch2_snapshot_tree_next() eventually calls snapshot_t(). To fix this, call rcu_read_lock() before calling snapshot_t(). Then, release the lock after the termination of the while loop. Reported-by: <syzbot+f7c41a878676b72c16a6@syzkaller.appspotmail.com> Signed-off-by:
Ahmed Ehab <bottaawesome633@gmail.com> Signed-off-by:
-
Diogo Jahchan Koike authored
syzbot reported a null-ptr-deref in bch2_fs_start. [0] When a sb is marked clear but doesn't have a clean section bch2_read_superblock_clean returns NULL which PTR_ERR_OR_ZERO lets through, eventually leading to a null ptr dereference down the line. Adjust read sb clean to return an ERR_PTR indicating the invalid clean section. [0] https://syzkaller.appspot.com/bug?extid=1cecc37d87c4286e5543 Reported-by: syzbot+1cecc37d87c4286e5543@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=1cecc37d87c4286e5543Signed-off-by:
-
Yang Li authored
The header files bbpos.h is included twice in backpointers.c, so one inclusion of each can be removed. Reported-by:
Abaci Robot <abaci@linux.alibaba.com> Closes: https://bugzilla.openanolis.cn/show_bug.cgi?id=10783Signed-off-by:
Yang Li <yang.lee@linux.alibaba.com> Signed-off-by:
-
Kent Overstreet authored
Signed-off-by: -
Kent Overstreet authored
This factors out ec_strie_head_devs_update(), which initializes the bitmap of devices we're allocating from, and runs it every time c->rw_devs_change_count changes. We also cancel pending, not allocated stripes, since they may refer to devices that are no longer available. Signed-off-by: -
Kent Overstreet authored
Add a counter that's incremented whenever rw devices change; this will be used for erasure coding so that it can keep ec_stripe_head in sync and not deadlock on a new stripe when a device it wants goes away. Signed-off-by: -
Kent Overstreet authored
We can now correctly force-remove a device that has stripes on it; this uses the new BCH_SB_MEMBER_INVALID sentinal value. Signed-off-by: -
Kent Overstreet authored
This is necessary for erasure coded pointers to devices that have been removed. Signed-off-by: -
Kent Overstreet authored
Signed-off-by: -
Kent Overstreet authored
Signed-off-by: -
Kent Overstreet authored
also print out the new stripe key Signed-off-by: -
Kent Overstreet authored
additional debug stat Signed-off-by: -
Kent Overstreet authored
When reshaping existing stripes, we should keep them on the same target that they were allocated on; to do this, we need to add a field to the btree stripe type. This is a tad awkward, because we only have 8 bits left, and targets are 16 bits - but we only need to store a label, not a full target. Signed-off-by: -
Kent Overstreet authored
factor out a common helper Signed-off-by: -
Kent Overstreet authored
We want to be using private errcodes whenever possible, for better error messages. Signed-off-by: -
Kent Overstreet authored
In backpointers fsck, we do a seqential scan of one btree, and check references to another: extents <-> backpointers Checking references generates random lookups, so we want to pin that btree in memory (or only a range, if it doesn't fit in ram). Previously, this was done with a simple check in the shrinker - "if btree node is in range being pinned, don't free it" - but this generated OOMs, as our shrinker wasn't well behaved if there was less memory available than expected. Instead, we now have two different shrinkers and lru lists; the second shrinker being for pinned nodes, with seeks set much higher than normal - so they can still be freed if necessary, but we'll prefer not to. Signed-off-by: -
Kent Overstreet authored
this is prep for introducing a second live list and shrinker for pinned nodes Signed-off-by: -
Kent Overstreet authored
32 bits won't overflow any time soon, but size_t is the correct type for counting objects in memory. Signed-off-by: -
Kent Overstreet authored
Signed-off-by: -
Kent Overstreet authored
Signed-off-by: -
Kent Overstreet authored
bch2_dev_rcu() now properly errors if the device is invalid Signed-off-by: -
Kent Overstreet authored
Signed-off-by: -
Kent Overstreet authored
Factor out bch2_show_options() into a generic helper, for debugging option passing issues. Signed-off-by: -
Kent Overstreet authored
Signed-off-by: -
Hongbo Li authored
Fix the following compilation error: ``` fs/bcachefs/sb-members.c: In function ‘bch2_sb_member_alloc’: fs/bcachefs/sb-members.c:508:2: error: a label can only be part of a statement and a declaration is not a statement 508 | unsigned nr_devices = max_t(unsigned, dev_idx + 1, c->sb.nr_devices); ``` Fixes: a7d364a133c7 ("bcachefs: bch2_sb_member_alloc()") Signed-off-by:Hongbo Li <lihongbo22@huawei.com> Signed-off-by:
-
Kent Overstreet authored
refactoring Signed-off-by: -
Kent Overstreet authored
Signed-off-by: -
Kent Overstreet authored
No reason for it not to be where it's needed. Signed-off-by: -
Kent Overstreet authored
This adds mount options for specifying recovery passes to run, or exclude; the immediate need for this is that backpointers fsck is having trouble completing, so we need a way to skip it. Signed-off-by:
-
