Revision 082cd4ec240b8734a82a89ffb890216ac98fec68 authored by Ye Bin on 06 May 2021, 14:10:42 UTC, committed by Theodore Ts'o on 06 June 2021, 14:09:55 UTC
We got follow bug_on when run fsstress with injecting IO fault: [130747.323114] kernel BUG at fs/ext4/extents_status.c:762! [130747.323117] Internal error: Oops - BUG: 0 [#1] SMP ...... [130747.334329] Call trace: [130747.334553] ext4_es_cache_extent+0x150/0x168 [ext4] [130747.334975] ext4_cache_extents+0x64/0xe8 [ext4] [130747.335368] ext4_find_extent+0x300/0x330 [ext4] [130747.335759] ext4_ext_map_blocks+0x74/0x1178 [ext4] [130747.336179] ext4_map_blocks+0x2f4/0x5f0 [ext4] [130747.336567] ext4_mpage_readpages+0x4a8/0x7a8 [ext4] [130747.336995] ext4_readpage+0x54/0x100 [ext4] [130747.337359] generic_file_buffered_read+0x410/0xae8 [130747.337767] generic_file_read_iter+0x114/0x190 [130747.338152] ext4_file_read_iter+0x5c/0x140 [ext4] [130747.338556] __vfs_read+0x11c/0x188 [130747.338851] vfs_read+0x94/0x150 [130747.339110] ksys_read+0x74/0xf0 This patch's modification is according to Jan Kara's suggestion in: https://patchwork.ozlabs.org/project/linux-ext4/patch/20210428085158.3728201-1-yebin10@huawei.com/ "I see. Now I understand your patch. Honestly, seeing how fragile is trying to fix extent tree after split has failed in the middle, I would probably go even further and make sure we fix the tree properly in case of ENOSPC and EDQUOT (those are easily user triggerable). Anything else indicates a HW problem or fs corruption so I'd rather leave the extent tree as is and don't try to fix it (which also means we will not create overlapping extents)." Cc: stable@kernel.org Signed-off-by: Ye Bin <yebin10@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20210506141042.3298679-1-yebin10@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu>
1 parent b45f189
algif_rng.c
/*
* algif_rng: User-space interface for random number generators
*
* This file provides the user-space API for random number generators.
*
* Copyright (C) 2014, Stephan Mueller <smueller@chronox.de>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, and the entire permission notice in its entirety,
* including the disclaimer of warranties.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* ALTERNATIVELY, this product may be distributed under the terms of
* the GNU General Public License, in which case the provisions of the GPL2
* are required INSTEAD OF the above restrictions. (This clause is
* necessary due to a potential bad interaction between the GPL and
* the restrictions contained in a BSD-style copyright.)
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
* WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
#include <linux/capability.h>
#include <linux/module.h>
#include <crypto/rng.h>
#include <linux/random.h>
#include <crypto/if_alg.h>
#include <linux/net.h>
#include <net/sock.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
MODULE_DESCRIPTION("User-space interface for random number generators");
struct rng_ctx {
#define MAXSIZE 128
unsigned int len;
struct crypto_rng *drng;
u8 *addtl;
size_t addtl_len;
};
struct rng_parent_ctx {
struct crypto_rng *drng;
u8 *entropy;
};
static void rng_reset_addtl(struct rng_ctx *ctx)
{
kfree_sensitive(ctx->addtl);
ctx->addtl = NULL;
ctx->addtl_len = 0;
}
static int _rng_recvmsg(struct crypto_rng *drng, struct msghdr *msg, size_t len,
u8 *addtl, size_t addtl_len)
{
int err = 0;
int genlen = 0;
u8 result[MAXSIZE];
if (len == 0)
return 0;
if (len > MAXSIZE)
len = MAXSIZE;
/*
* although not strictly needed, this is a precaution against coding
* errors
*/
memset(result, 0, len);
/*
* The enforcement of a proper seeding of an RNG is done within an
* RNG implementation. Some RNGs (DRBG, krng) do not need specific
* seeding as they automatically seed. The X9.31 DRNG will return
* an error if it was not seeded properly.
*/
genlen = crypto_rng_generate(drng, addtl, addtl_len, result, len);
if (genlen < 0)
return genlen;
err = memcpy_to_msg(msg, result, len);
memzero_explicit(result, len);
return err ? err : len;
}
static int rng_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
int flags)
{
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
struct rng_ctx *ctx = ask->private;
return _rng_recvmsg(ctx->drng, msg, len, NULL, 0);
}
static int rng_test_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
int flags)
{
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
struct rng_ctx *ctx = ask->private;
int ret;
lock_sock(sock->sk);
ret = _rng_recvmsg(ctx->drng, msg, len, ctx->addtl, ctx->addtl_len);
rng_reset_addtl(ctx);
release_sock(sock->sk);
return ret;
}
static int rng_test_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
{
int err;
struct alg_sock *ask = alg_sk(sock->sk);
struct rng_ctx *ctx = ask->private;
lock_sock(sock->sk);
if (len > MAXSIZE) {
err = -EMSGSIZE;
goto unlock;
}
rng_reset_addtl(ctx);
ctx->addtl = kmalloc(len, GFP_KERNEL);
if (!ctx->addtl) {
err = -ENOMEM;
goto unlock;
}
err = memcpy_from_msg(ctx->addtl, msg, len);
if (err) {
rng_reset_addtl(ctx);
goto unlock;
}
ctx->addtl_len = len;
unlock:
release_sock(sock->sk);
return err ? err : len;
}
static struct proto_ops algif_rng_ops = {
.family = PF_ALG,
.connect = sock_no_connect,
.socketpair = sock_no_socketpair,
.getname = sock_no_getname,
.ioctl = sock_no_ioctl,
.listen = sock_no_listen,
.shutdown = sock_no_shutdown,
.mmap = sock_no_mmap,
.bind = sock_no_bind,
.accept = sock_no_accept,
.sendmsg = sock_no_sendmsg,
.sendpage = sock_no_sendpage,
.release = af_alg_release,
.recvmsg = rng_recvmsg,
};
static struct proto_ops __maybe_unused algif_rng_test_ops = {
.family = PF_ALG,
.connect = sock_no_connect,
.socketpair = sock_no_socketpair,
.getname = sock_no_getname,
.ioctl = sock_no_ioctl,
.listen = sock_no_listen,
.shutdown = sock_no_shutdown,
.mmap = sock_no_mmap,
.bind = sock_no_bind,
.accept = sock_no_accept,
.sendpage = sock_no_sendpage,
.release = af_alg_release,
.recvmsg = rng_test_recvmsg,
.sendmsg = rng_test_sendmsg,
};
static void *rng_bind(const char *name, u32 type, u32 mask)
{
struct rng_parent_ctx *pctx;
struct crypto_rng *rng;
pctx = kzalloc(sizeof(*pctx), GFP_KERNEL);
if (!pctx)
return ERR_PTR(-ENOMEM);
rng = crypto_alloc_rng(name, type, mask);
if (IS_ERR(rng)) {
kfree(pctx);
return ERR_CAST(rng);
}
pctx->drng = rng;
return pctx;
}
static void rng_release(void *private)
{
struct rng_parent_ctx *pctx = private;
if (unlikely(!pctx))
return;
crypto_free_rng(pctx->drng);
kfree_sensitive(pctx->entropy);
kfree_sensitive(pctx);
}
static void rng_sock_destruct(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
struct rng_ctx *ctx = ask->private;
rng_reset_addtl(ctx);
sock_kfree_s(sk, ctx, ctx->len);
af_alg_release_parent(sk);
}
static int rng_accept_parent(void *private, struct sock *sk)
{
struct rng_ctx *ctx;
struct rng_parent_ctx *pctx = private;
struct alg_sock *ask = alg_sk(sk);
unsigned int len = sizeof(*ctx);
ctx = sock_kmalloc(sk, len, GFP_KERNEL);
if (!ctx)
return -ENOMEM;
ctx->len = len;
ctx->addtl = NULL;
ctx->addtl_len = 0;
/*
* No seeding done at that point -- if multiple accepts are
* done on one RNG instance, each resulting FD points to the same
* state of the RNG.
*/
ctx->drng = pctx->drng;
ask->private = ctx;
sk->sk_destruct = rng_sock_destruct;
/*
* Non NULL pctx->entropy means that CAVP test has been initiated on
* this socket, replace proto_ops algif_rng_ops with algif_rng_test_ops.
*/
if (IS_ENABLED(CONFIG_CRYPTO_USER_API_RNG_CAVP) && pctx->entropy)
sk->sk_socket->ops = &algif_rng_test_ops;
return 0;
}
static int rng_setkey(void *private, const u8 *seed, unsigned int seedlen)
{
struct rng_parent_ctx *pctx = private;
/*
* Check whether seedlen is of sufficient size is done in RNG
* implementations.
*/
return crypto_rng_reset(pctx->drng, seed, seedlen);
}
static int __maybe_unused rng_setentropy(void *private, sockptr_t entropy,
unsigned int len)
{
struct rng_parent_ctx *pctx = private;
u8 *kentropy = NULL;
if (!capable(CAP_SYS_ADMIN))
return -EACCES;
if (pctx->entropy)
return -EINVAL;
if (len > MAXSIZE)
return -EMSGSIZE;
if (len) {
kentropy = memdup_sockptr(entropy, len);
if (IS_ERR(kentropy))
return PTR_ERR(kentropy);
}
crypto_rng_alg(pctx->drng)->set_ent(pctx->drng, kentropy, len);
/*
* Since rng doesn't perform any memory management for the entropy
* buffer, save kentropy pointer to pctx now to free it after use.
*/
pctx->entropy = kentropy;
return 0;
}
static const struct af_alg_type algif_type_rng = {
.bind = rng_bind,
.release = rng_release,
.accept = rng_accept_parent,
.setkey = rng_setkey,
#ifdef CONFIG_CRYPTO_USER_API_RNG_CAVP
.setentropy = rng_setentropy,
#endif
.ops = &algif_rng_ops,
.name = "rng",
.owner = THIS_MODULE
};
static int __init rng_init(void)
{
return af_alg_register_type(&algif_type_rng);
}
static void __exit rng_exit(void)
{
int err = af_alg_unregister_type(&algif_type_rng);
BUG_ON(err);
}
module_init(rng_init);
module_exit(rng_exit);
Computing file changes ...