Bug 1104956 - xfs_copy will make a corrupted target when source sector is over 512
Summary: xfs_copy will make a corrupted target when source sector is over 512
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: xfsprogs
Version: 6.5
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Eric Sandeen
QA Contact: Eryu Guan
Depends On:
Blocks: 1105170
TreeView+ depends on / blocked
Reported: 2014-06-05 05:57 UTC by Junxiao Bi
Modified: 2014-10-14 07:49 UTC (History)
2 users (show)

Fixed In Version: xfsprogs-3.1.1-16.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1105170 (view as bug list)
Last Closed: 2014-10-14 07:49:58 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1564 0 normal SHIPPED_LIVE xfsprogs bug update 2014-10-14 01:27:44 UTC

Description Junxiao Bi 2014-06-05 05:57:43 UTC
Description of problem:
1. mkfs a xfs filesystem on some device to make its sector over 512 and put some file in it
  mkfs.xfs -f -s size=4096 $SCRATCH_DEV
2. xfs_copy $SCRATCH_DEV to $target
  xfs_copy $SCRATCH_DEV $target

$target is corrupted, and can't be mounted.

The following patch fix it.

From ffe9a9a81b58ac84158eb566b403212eb0646048 Mon Sep 17 00:00:00 2001
From: Junxiao Bi <junxiao.bi@oracle.com>
Date: Wed, 28 May 2014 11:15:54 +0800
Subject: [PATCH] xfsprogs: xfs_copy: fix data corruption of target

The unit of XFS_AGFL_DADDR(mp) is "basic block" whose size is "BBSIZE"
(512 bytes), so when "source_sectorsize" is not 512, it will cause the
target a corrupted filesystem.

Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
 copy/xfs_copy.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/copy/xfs_copy.c b/copy/xfs_copy.c
index 39bb9d7..6b3396d 100644
--- a/copy/xfs_copy.c
+++ b/copy/xfs_copy.c
@@ -687,7 +687,7 @@ main(int argc, char **argv)
 	if (source_blocksize > source_sectorsize)  {
 		/* get number of leftover sectors in last block of ag header */
-		tmp_residue = ((XFS_AGFL_DADDR(mp) + 1) * source_sectorsize)
+		tmp_residue = ((XFS_AGFL_DADDR(mp) + 1) * BBSIZE)
 					% source_blocksize;
 		first_residue = (tmp_residue == 0) ? 0 :
 			source_blocksize - tmp_residue;
@@ -700,10 +700,10 @@ main(int argc, char **argv)
-	first_agbno = (((XFS_AGFL_DADDR(mp) + 1) * source_sectorsize)
+	first_agbno = (((XFS_AGFL_DADDR(mp) + 1) * BBSIZE)
 				+ first_residue) / source_blocksize;
 	ASSERT(first_agbno != 0);
-	ASSERT( ((((XFS_AGFL_DADDR(mp) + 1) * source_sectorsize)
 				+ first_residue) % source_blocksize) == 0);
 	/* now open targets */

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Comment 2 Eryu Guan 2014-06-13 03:53:51 UTC
xfs_copy seems take forever (24 hours now, but can be killed) to finish when I test on RHEL6/5 (haven't looked into why)

The script is simple

fallocate -l 1g fs.img
loopdev=`losetup --show -f fs.img`
mkfs -t xfs -s size=4096 $loopdev
mount $loopdev /mnt/xfs
echo "hello world" >/mnt/xfs/testfile
umount /mnt/xfs
xfs_copy $loopdev xfs.img

Note to QE, I've disabled this subtest on RHEL6/5 in test case /kernel/filesystems/xfs/1104956-xfs_copy-corrupt, so it won't hang the whole xfs regression test, please verify this fix manually. And please don't forget to update the test case once this issue is fixed.

Comment 4 Eric Sandeen 2014-06-19 17:01:19 UTC
I hit the hang as well on xfsprogs-3.1.1-14.el6.x86_64; the latest package (xfsprogs-3.1.1-16.el6.x86_64) works fine with your testcase.


Comment 5 Eryu Guan 2014-06-29 12:30:36 UTC
Verified with /kernel/filesystems/xfs/1104956-xfs_copy-corrupt, test passed and there was no hang with xfsprogs-3.1.1-16.el6

Comment 6 errata-xmlrpc 2014-10-14 07:49:58 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.