Message ID | 20220228071442.48733-1-xiubli@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | ceph: increase the offset when fail to decode dentry names | expand |
Forgot to mention, this patch is fixing a crash bug in 'wip-fscrypt' branch. - Xiubo On 2/28/22 3:14 PM, xiubli@redhat.com wrote: > From: Xiubo Li <xiubli@redhat.com> > > ------------[ cut here ]------------ > kernel BUG at fs/ceph/dir.c:537! > invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI > CPU: 16 PID: 21641 Comm: ls Tainted: G E 5.17.0-rc2+ #92 > Hardware name: Red Hat RHEV Hypervisor, BIOS 1.11.0-2.el7 04/01/2014 > > The corresponding code in ceph_readdir() is: > > BUG_ON(rde->offset < ctx->pos); > > Signed-off-by: Xiubo Li <xiubli@redhat.com> > --- > fs/ceph/dir.c | 13 +++++++------ > fs/ceph/inode.c | 3 ++- > 2 files changed, 9 insertions(+), 7 deletions(-) > > diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c > index a449f4a07c07..f28eb568e0e2 100644 > --- a/fs/ceph/dir.c > +++ b/fs/ceph/dir.c > @@ -534,6 +534,13 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx) > .ctext_len = rde->altname_len }; > u32 olen = oname.len; > > + err = ceph_fname_to_usr(&fname, &tname, &oname, NULL); > + if (err) { > + pr_warn("Unable to decode %.*s. Skipping it.\n", rde->name_len, rde->name); > + ctx->pos++; > + continue; > + } > + > BUG_ON(rde->offset < ctx->pos); > BUG_ON(!rde->inode.in); > > @@ -542,12 +549,6 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx) > i, rinfo->dir_nr, ctx->pos, > rde->name_len, rde->name, &rde->inode.in); > > - err = ceph_fname_to_usr(&fname, &tname, &oname, NULL); > - if (err) { > - dout("Unable to decode %.*s. Skipping it.\n", rde->name_len, rde->name); > - continue; > - } > - > if (!dir_emit(ctx, oname.name, oname.len, > ceph_present_ino(inode->i_sb, le64_to_cpu(rde->inode.in->ino)), > le32_to_cpu(rde->inode.in->mode) >> 12)) { > diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c > index 8b0832271fdf..b1552e6a6f0e 100644 > --- a/fs/ceph/inode.c > +++ b/fs/ceph/inode.c > @@ -1898,7 +1898,8 @@ int ceph_readdir_prepopulate(struct ceph_mds_request *req, > > err = ceph_fname_to_usr(&fname, &tname, &oname, &is_nokey); > if (err) { > - dout("Unable to decode %.*s. Skipping it.", rde->name_len, rde->name); > + fpos_offset++; > + pr_warn("Unable to decode %.*s. Skipping it.", rde->name_len, rde->name); > continue; > } >
There still has bugs when skipping this. We should just fail the readdir request and propagate the error to user space. Sent a V2 to fix it. - Xiubo On 2/28/22 3:14 PM, xiubli@redhat.com wrote: > From: Xiubo Li <xiubli@redhat.com> > > ------------[ cut here ]------------ > kernel BUG at fs/ceph/dir.c:537! > invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI > CPU: 16 PID: 21641 Comm: ls Tainted: G E 5.17.0-rc2+ #92 > Hardware name: Red Hat RHEV Hypervisor, BIOS 1.11.0-2.el7 04/01/2014 > > The corresponding code in ceph_readdir() is: > > BUG_ON(rde->offset < ctx->pos); > > Signed-off-by: Xiubo Li <xiubli@redhat.com> > --- > fs/ceph/dir.c | 13 +++++++------ > fs/ceph/inode.c | 3 ++- > 2 files changed, 9 insertions(+), 7 deletions(-) > > diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c > index a449f4a07c07..f28eb568e0e2 100644 > --- a/fs/ceph/dir.c > +++ b/fs/ceph/dir.c > @@ -534,6 +534,13 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx) > .ctext_len = rde->altname_len }; > u32 olen = oname.len; > > + err = ceph_fname_to_usr(&fname, &tname, &oname, NULL); > + if (err) { > + pr_warn("Unable to decode %.*s. Skipping it.\n", rde->name_len, rde->name); > + ctx->pos++; > + continue; > + } > + > BUG_ON(rde->offset < ctx->pos); > BUG_ON(!rde->inode.in); > > @@ -542,12 +549,6 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx) > i, rinfo->dir_nr, ctx->pos, > rde->name_len, rde->name, &rde->inode.in); > > - err = ceph_fname_to_usr(&fname, &tname, &oname, NULL); > - if (err) { > - dout("Unable to decode %.*s. Skipping it.\n", rde->name_len, rde->name); > - continue; > - } > - > if (!dir_emit(ctx, oname.name, oname.len, > ceph_present_ino(inode->i_sb, le64_to_cpu(rde->inode.in->ino)), > le32_to_cpu(rde->inode.in->mode) >> 12)) { > diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c > index 8b0832271fdf..b1552e6a6f0e 100644 > --- a/fs/ceph/inode.c > +++ b/fs/ceph/inode.c > @@ -1898,7 +1898,8 @@ int ceph_readdir_prepopulate(struct ceph_mds_request *req, > > err = ceph_fname_to_usr(&fname, &tname, &oname, &is_nokey); > if (err) { > - dout("Unable to decode %.*s. Skipping it.", rde->name_len, rde->name); > + fpos_offset++; > + pr_warn("Unable to decode %.*s. Skipping it.", rde->name_len, rde->name); > continue; > } >
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c index a449f4a07c07..f28eb568e0e2 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -534,6 +534,13 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx) .ctext_len = rde->altname_len }; u32 olen = oname.len; + err = ceph_fname_to_usr(&fname, &tname, &oname, NULL); + if (err) { + pr_warn("Unable to decode %.*s. Skipping it.\n", rde->name_len, rde->name); + ctx->pos++; + continue; + } + BUG_ON(rde->offset < ctx->pos); BUG_ON(!rde->inode.in); @@ -542,12 +549,6 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx) i, rinfo->dir_nr, ctx->pos, rde->name_len, rde->name, &rde->inode.in); - err = ceph_fname_to_usr(&fname, &tname, &oname, NULL); - if (err) { - dout("Unable to decode %.*s. Skipping it.\n", rde->name_len, rde->name); - continue; - } - if (!dir_emit(ctx, oname.name, oname.len, ceph_present_ino(inode->i_sb, le64_to_cpu(rde->inode.in->ino)), le32_to_cpu(rde->inode.in->mode) >> 12)) { diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c index 8b0832271fdf..b1552e6a6f0e 100644 --- a/fs/ceph/inode.c +++ b/fs/ceph/inode.c @@ -1898,7 +1898,8 @@ int ceph_readdir_prepopulate(struct ceph_mds_request *req, err = ceph_fname_to_usr(&fname, &tname, &oname, &is_nokey); if (err) { - dout("Unable to decode %.*s. Skipping it.", rde->name_len, rde->name); + fpos_offset++; + pr_warn("Unable to decode %.*s. Skipping it.", rde->name_len, rde->name); continue; }