Commit bb20b31d authored by Heming Zhao via Ocfs2-devel's avatar Heming Zhao via Ocfs2-devel Committed by akpm

ocfs2: fix mounting crash if journal is not alloced

Patch series "rewrite error handling during mounting stage".


This patch (of 5):

After commit da5e7c87 ("ocfs2: cleanup journal init and shutdown"),
journal init later than before, it makes NULL pointer access in free
routine.

Crash flow:

ocfs2_fill_super
 + ocfs2_mount_volume
 |  + ocfs2_dlm_init //fail & return, osb->journal is NULL.
 |  + ...
 |  + ocfs2_check_volume //no chance to init osb->journal
 |
 + ...
 + ocfs2_dismount_volume
    ocfs2_release_system_inodes
      ...
       evict
        ...
         ocfs2_clear_inode
          ocfs2_checkpoint_inode
           ocfs2_ci_fully_checkpointed
            time_after(journal->j_trans_id, ci->ci_last_trans)
             + journal is empty, crash!

For fixing, there are three solutions:

1> Partly revert commit da5e7c87

   For avoiding kernel crash, this make sense for us.  We only
   concerned whether there has any non-system inode access before dlm
   init.  The answer is NO.  And all journal replay/recovery handling
   happen after dlm & journal init done.  So this method is not graceful
   but workable.

2> Add osb->journal check in free inode routine (eg ocfs2_clear_inode)

   The fix code is special for mounting phase, but it will continue
   working after mounting stage.  In another word, this method adds
   useless code in normal inode free flow.

3> Do directly free inode in mounting phase

   This method is brutal/complex and may introduce unsafe code,
   currently maintainer didn't like.

At last, we chose method <1> and did partly reverted job.  We reverted
journal init codes, and kept cleanup codes flow.

Link: https://lkml.kernel.org/r/20220424130952.2436-1-heming.zhao@suse.com
Link: https://lkml.kernel.org/r/20220424130952.2436-2-heming.zhao@suse.com
Fixes: da5e7c87 ("ocfs2: cleanup journal init and shutdown")
Signed-off-by: default avatarHeming Zhao <heming.zhao@suse.com>
Reviewed-by: default avatarJoseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent b02da32b
...@@ -125,6 +125,7 @@ struct inode *ocfs2_iget(struct ocfs2_super *osb, u64 blkno, unsigned flags, ...@@ -125,6 +125,7 @@ struct inode *ocfs2_iget(struct ocfs2_super *osb, u64 blkno, unsigned flags,
struct inode *inode = NULL; struct inode *inode = NULL;
struct super_block *sb = osb->sb; struct super_block *sb = osb->sb;
struct ocfs2_find_inode_args args; struct ocfs2_find_inode_args args;
journal_t *journal = osb->journal->j_journal;
trace_ocfs2_iget_begin((unsigned long long)blkno, flags, trace_ocfs2_iget_begin((unsigned long long)blkno, flags,
sysfile_type); sysfile_type);
...@@ -171,11 +172,10 @@ struct inode *ocfs2_iget(struct ocfs2_super *osb, u64 blkno, unsigned flags, ...@@ -171,11 +172,10 @@ struct inode *ocfs2_iget(struct ocfs2_super *osb, u64 blkno, unsigned flags,
* part of the transaction - the inode could have been reclaimed and * part of the transaction - the inode could have been reclaimed and
* now it is reread from disk. * now it is reread from disk.
*/ */
if (osb->journal) { if (journal) {
transaction_t *transaction; transaction_t *transaction;
tid_t tid; tid_t tid;
struct ocfs2_inode_info *oi = OCFS2_I(inode); struct ocfs2_inode_info *oi = OCFS2_I(inode);
journal_t *journal = osb->journal->j_journal;
read_lock(&journal->j_state_lock); read_lock(&journal->j_state_lock);
if (journal->j_running_transaction) if (journal->j_running_transaction)
......
...@@ -810,22 +810,20 @@ void ocfs2_set_journal_params(struct ocfs2_super *osb) ...@@ -810,22 +810,20 @@ void ocfs2_set_journal_params(struct ocfs2_super *osb)
write_unlock(&journal->j_state_lock); write_unlock(&journal->j_state_lock);
} }
int ocfs2_journal_init(struct ocfs2_super *osb, int *dirty) /*
* alloc & initialize skeleton for journal structure.
* ocfs2_journal_init() will make fs have journal ability.
*/
int ocfs2_journal_alloc(struct ocfs2_super *osb)
{ {
int status = -1; int status = 0;
struct inode *inode = NULL; /* the journal inode */ struct ocfs2_journal *journal;
journal_t *j_journal = NULL;
struct ocfs2_journal *journal = NULL;
struct ocfs2_dinode *di = NULL;
struct buffer_head *bh = NULL;
int inode_lock = 0;
/* initialize our journal structure */
journal = kzalloc(sizeof(struct ocfs2_journal), GFP_KERNEL); journal = kzalloc(sizeof(struct ocfs2_journal), GFP_KERNEL);
if (!journal) { if (!journal) {
mlog(ML_ERROR, "unable to alloc journal\n"); mlog(ML_ERROR, "unable to alloc journal\n");
status = -ENOMEM; status = -ENOMEM;
goto done; goto bail;
} }
osb->journal = journal; osb->journal = journal;
journal->j_osb = osb; journal->j_osb = osb;
...@@ -839,6 +837,21 @@ int ocfs2_journal_init(struct ocfs2_super *osb, int *dirty) ...@@ -839,6 +837,21 @@ int ocfs2_journal_init(struct ocfs2_super *osb, int *dirty)
INIT_WORK(&journal->j_recovery_work, ocfs2_complete_recovery); INIT_WORK(&journal->j_recovery_work, ocfs2_complete_recovery);
journal->j_state = OCFS2_JOURNAL_FREE; journal->j_state = OCFS2_JOURNAL_FREE;
bail:
return status;
}
int ocfs2_journal_init(struct ocfs2_super *osb, int *dirty)
{
int status = -1;
struct inode *inode = NULL; /* the journal inode */
journal_t *j_journal = NULL;
struct ocfs2_journal *journal = osb->journal;
struct ocfs2_dinode *di = NULL;
struct buffer_head *bh = NULL;
int inode_lock = 0;
BUG_ON(!journal);
/* already have the inode for our journal */ /* already have the inode for our journal */
inode = ocfs2_get_system_file_inode(osb, JOURNAL_SYSTEM_INODE, inode = ocfs2_get_system_file_inode(osb, JOURNAL_SYSTEM_INODE,
osb->slot_num); osb->slot_num);
......
...@@ -154,6 +154,7 @@ int ocfs2_compute_replay_slots(struct ocfs2_super *osb); ...@@ -154,6 +154,7 @@ int ocfs2_compute_replay_slots(struct ocfs2_super *osb);
* Journal Control: * Journal Control:
* Initialize, Load, Shutdown, Wipe a journal. * Initialize, Load, Shutdown, Wipe a journal.
* *
* ocfs2_journal_alloc - Initialize skeleton for journal structure.
* ocfs2_journal_init - Initialize journal structures in the OSB. * ocfs2_journal_init - Initialize journal structures in the OSB.
* ocfs2_journal_load - Load the given journal off disk. Replay it if * ocfs2_journal_load - Load the given journal off disk. Replay it if
* there's transactions still in there. * there's transactions still in there.
...@@ -167,6 +168,7 @@ int ocfs2_compute_replay_slots(struct ocfs2_super *osb); ...@@ -167,6 +168,7 @@ int ocfs2_compute_replay_slots(struct ocfs2_super *osb);
* ocfs2_start_checkpoint - Kick the commit thread to do a checkpoint. * ocfs2_start_checkpoint - Kick the commit thread to do a checkpoint.
*/ */
void ocfs2_set_journal_params(struct ocfs2_super *osb); void ocfs2_set_journal_params(struct ocfs2_super *osb);
int ocfs2_journal_alloc(struct ocfs2_super *osb);
int ocfs2_journal_init(struct ocfs2_super *osb, int *dirty); int ocfs2_journal_init(struct ocfs2_super *osb, int *dirty);
void ocfs2_journal_shutdown(struct ocfs2_super *osb); void ocfs2_journal_shutdown(struct ocfs2_super *osb);
int ocfs2_journal_wipe(struct ocfs2_journal *journal, int ocfs2_journal_wipe(struct ocfs2_journal *journal,
......
...@@ -2195,6 +2195,15 @@ static int ocfs2_initialize_super(struct super_block *sb, ...@@ -2195,6 +2195,15 @@ static int ocfs2_initialize_super(struct super_block *sb,
get_random_bytes(&osb->s_next_generation, sizeof(u32)); get_random_bytes(&osb->s_next_generation, sizeof(u32));
/*
* FIXME
* This should be done in ocfs2_journal_init(), but any inode
* writes back operation will cause the filesystem to crash.
*/
status = ocfs2_journal_alloc(osb);
if (status < 0)
goto bail;
INIT_WORK(&osb->dquot_drop_work, ocfs2_drop_dquot_refs); INIT_WORK(&osb->dquot_drop_work, ocfs2_drop_dquot_refs);
init_llist_head(&osb->dquot_drop_list); init_llist_head(&osb->dquot_drop_list);
...@@ -2483,6 +2492,12 @@ static void ocfs2_delete_osb(struct ocfs2_super *osb) ...@@ -2483,6 +2492,12 @@ static void ocfs2_delete_osb(struct ocfs2_super *osb)
kfree(osb->osb_orphan_wipes); kfree(osb->osb_orphan_wipes);
kfree(osb->slot_recovery_generations); kfree(osb->slot_recovery_generations);
/* FIXME
* This belongs in journal shutdown, but because we have to
* allocate osb->journal at the middle of ocfs2_initialize_super(),
* we free it here.
*/
kfree(osb->journal);
kfree(osb->local_alloc_copy); kfree(osb->local_alloc_copy);
kfree(osb->uuid_str); kfree(osb->uuid_str);
kfree(osb->vol_label); kfree(osb->vol_label);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment