Bug 987508
| Summary: | gfs2_edit: Fix bug and add functions from upstream | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Robert Peterson <rpeterso> |
| Component: | cluster | Assignee: | Robert Peterson <rpeterso> |
| Status: | CLOSED ERRATA | QA Contact: | Cluster QE <mspqa-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.5 | CC: | adas, anprice, bmarzins, ccaulfie, cluster-maint, jpayne, pevans, rpeterso, swhiteho |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | cluster-3.0.12.1-55.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-11-21 11:25:38 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Correction: It doesn't cause a segfault in gfs2_edit, it just reads and writes the quota_change fields at the wrong offsets, thus producing the wrong result. In this case 0 instead of 77. Here is a list of the upstream patches I'd like to ship with this bz: gfs2_edit: fix a segfault with file names > 255 bytes https://git.fedorahosted.org/cgit/gfs2-utils.git/commit/?id=387308852e075432b77cf04217d3a47c3f6e07ca gfs2_edit: display pointer offsets for directory dinodes https://git.fedorahosted.org/cgit/gfs2-utils.git/commit/?id=6f36886e36c1b0b3afe01bd6fe8cf49545eb6e43 gfs2_edit: Add new option to print all bitmaps for an rgrp https://git.fedorahosted.org/cgit/gfs2-utils.git/commit/?id=f588517053536f538793aeb159ce26140a41954a gfs2_edit: print formal inode numbers and hash value on dir display https://git.fedorahosted.org/cgit/gfs2-utils.git/commit/?id=d36cfaca3670770656abab245913b7addd274be9 libgfs2: Fix pointer arithmetic in gfs2_quota_change_* https://git.fedorahosted.org/cgit/gfs2-utils.git/commit/gfs2/libgfs2/ondisk.c?id=bda17315a280e3d8e6fc5136c331a55b1d4af43b Notes for QE: To recreate the above five problems: 1. Mount a new gfs2 file system, create a directory that has enough dirents to force it into directory leaf blocks a file that has a file name longer than 256 bytes, then do: gfs2_edit -p <directory leaf block> /dev/device If it segfaults, you've recreated #1. 2. To verify patch #2, use gfs2_edit's interactive mode and display the directory from step #1, then position your cursor the highlighted section of the dinode to offset 0xf0. Without the patch, you should see something like this: 000160f0 00000000 00010328 00000000 00010328 [.......(.......(] With the patch, you should see offsets like this: 000160f0 00000000 00010328 00000000 00010328 [.......(.......(] pointer 0x1 3. To verify patch #3, do a command similar to this: gfs2_edit -x -p rgbitmaps 2 /dev/intec/tiny Without the patch, you will see: I don't know what 'rgbitmaps' means. accompanied by a bunch of usage info. With the patch, all the rgrp bitmaps will be dumped in hex. 4. To verify patch #4, do a command similar to this: gfs2_edit -p per_node /dev/intec/tiny | grep inum_range0 Without the patch, you get something like this: 3. (3). 32860 (0x805c): File inum_range0 With the patch, you should get: 3/3 [e1fd87d0] 6/32860 (0x6/0x805c): File inum_range0 5. To verify patch #5, follow the steps given in this bz's problem description. I pushed the necessary patches to the RHEL6 branch of the cluster.git repository. One additional patch was required in order to cherry-pick, but it's unimportant. It was tested on system gfs-a16c-01.mpc.lab.eng.bos.redhat.com. Changing status to POST pending a RHEL6 cluster build. Verified in gfs2-utils-3.0.12.1-59.el6:
[root@dash-01 ~]# rpm -q gfs2-utils
gfs2-utils-3.0.12.1-49.el6.x86_64
(1)
[root@dash-01 ~]# gfs2_edit -p 3670643 /dev/sda1
Block #3670643 (0x380273) of 244027342 (0xe8b8fce) (disk inode)
Dinode:
mh_magic 0x01161970(hex)
mh_type 4 0x4
mh_format 400 0x190
no_formal_ino 1 0x1
no_addr 3670643 0x380273
di_mode 040755(decimal)
di_uid 0 0x0
di_gid 0 0x0
di_nlink 2 0x2
di_size 131072 0x20000
di_blocks 9948 0x26dc
di_atime 1382647154 0x52698572
di_mtime 1382647323 0x5269861b
di_ctime 1382647323 0x5269861b
di_major 0 0x0
di_minor 0 0x0
di_goal_meta 4162060 0x3f820c
di_goal_data 4162060 0x3f820c
di_flags 0x00000003(hex)
di_payload_format 0 0x0
di_height 1 0x1
di_depth 14 0xe
di_entries 92231 0x16847
di_eattr 3670644 0x380274
This directory contains 33 indirect blocks
Indirect blocks:
0 => 0x38345b / 3683419
0 => 0x3d8c56 / 4033622
Directory block: lf_depth:13, lf_entries:12,fmt:1200 next=0x0 (12 dirents).
1. (1). 3674793 (0x3812a9): File a_really_really_long_filename_to_make_very_quick_use_of_tiny_little_dentry_blocks_a_really_really_long_filename_to_make_very_quick_use_of_tiny_little_dentry_blocks_a_really_really_long_filename_to_make_very_quick_use_of_tiny_little_dentry_blocks_a_r.804
2. (2). 3709764 (0x389b44): File
*** buffer overflow detected ***: gfs2_edit terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x38469027f7]
/lib64/libc.so.6[0x38469006e0]
/lib64/libc.so.6[0x38468ffb39]
/lib64/libc.so.6(_IO_default_xsputn+0xc9)[0x3846874939]
/lib64/libc.so.6(_IO_vfprintf+0x41c0)[0x3846848490]
/lib64/libc.so.6(__vsprintf_chk+0x9d)[0x38468ffbdd]
gfs2_edit[0x4031b7]
gfs2_edit[0x405b72]
gfs2_edit[0x406705]
gfs2_edit[0x4066c7]
gfs2_edit[0x406cd5]
gfs2_edit[0x40f7cd]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x384681ed1d]
gfs2_edit[0x402289]
======= Memory map: ========
00400000-00422000 r-xp 00000000 fd:00 397824 /usr/sbin/gfs2_edit
00622000-00623000 rw-p 00022000 fd:00 397824 /usr/sbin/gfs2_edit
00623000-00634000 rw-p 00000000 00:00 0
00822000-00823000 rw-p 00022000 fd:00 397824 /usr/sbin/gfs2_edit
01319000-014b9000 rw-p 00000000 00:00 0 [heap]
3846400000-3846420000 r-xp 00000000 fd:00 2228251 /lib64/ld-2.12.so
384661f000-3846620000 r--p 0001f000 fd:00 2228251 /lib64/ld-2.12.so
3846620000-3846621000 rw-p 00020000 fd:00 2228251 /lib64/ld-2.12.so
3846621000-3846622000 rw-p 00000000 00:00 0
3846800000-384698b000 r-xp 00000000 fd:00 2228253 /lib64/libc-2.12.so
384698b000-3846b8a000 ---p 0018b000 fd:00 2228253 /lib64/libc-2.12.so
3846b8a000-3846b8e000 r--p 0018a000 fd:00 2228253 /lib64/libc-2.12.so
3846b8e000-3846b8f000 rw-p 0018e000 fd:00 2228253 /lib64/libc-2.12.so
3846b8f000-3846b94000 rw-p 00000000 00:00 0
3847800000-3847815000 r-xp 00000000 fd:00 2228290 /lib64/libz.so.1.2.3
3847815000-3847a14000 ---p 00015000 fd:00 2228290 /lib64/libz.so.1.2.3
3847a14000-3847a15000 r--p 00014000 fd:00 2228290 /lib64/libz.so.1.2.3
3847a15000-3847a16000 rw-p 00015000 fd:00 2228290 /lib64/libz.so.1.2.3
3849c00000-3849c1d000 r-xp 00000000 fd:00 2228226 /lib64/libtinfo.so.5.7
3849c1d000-3849e1d000 ---p 0001d000 fd:00 2228226 /lib64/libtinfo.so.5.7
3849e1d000-3849e21000 rw-p 0001d000 fd:00 2228226 /lib64/libtinfo.so.5.7
384a000000-384a016000 r-xp 00000000 fd:00 2228360 /lib64/libgcc_s-4.4.7-20120601.so.1
384a016000-384a215000 ---p 00016000 fd:00 2228360 /lib64/libgcc_s-4.4.7-20120601.so.1
384a215000-384a216000 rw-p 00015000 fd:00 2228360 /lib64/libgcc_s-4.4.7-20120601.so.1
3c16600000-3c16602000 r-xp 00000000 fd:00 2228229 /lib64/libdl-2.12.so
3c16602000-3c16802000 ---p 00002000 fd:00 2228229 /lib64/libdl-2.12.so
3c16802000-3c16803000 r--p 00002000 fd:00 2228229 /lib64/libdl-2.12.so
3c16803000-3c16804000 rw-p 00003000 fd:00 2228229 /lib64/libdl-2.12.so
3c16a00000-3c16a22000 r-xp 00000000 fd:00 2228240 /lib64/libncurses.so.5.7
3c16a22000-3c16c21000 ---p 00022000 fd:00 2228240 /lib64/libncurses.so.5.7
3c16c21000-3c16c22000 rw-p 00021000 fd:00 2228240 /lib64/libncurses.so.5.7
7f28d9ee0000-7f28dbb86000 rw-p 00000000 00:00 0
7f28dbb8d000-7f28dbb8f000 rw-p 00000000 00:00 0
7fffea345000-7fffea35a000 rw-p 00000000 00:00 0 [stack]
7fffea3ff000-7fffea400000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
2. (2). 3709764 (0x389b44): File Aborted (core dumped)
(2)
gfs2_edit - Global File System Editor (use with extreme caution)
Block #3670643 (0x380273) of 244027342 (0xe8b8fce) (disk inode)
(p.1 of 6--Meta )
0000000380273000 01161970 00000004 00000000 00000000 [...p............]
0000000380273010 00000190 00000000 00000000 00000001 [................]
0000000380273020 00000000 00380273 000041ed 00000000 [.....8.s..A.....]
0000000380273030 00000000 00000002 00000000 00020000 [................]
0000000380273040 00000000 000026dc 00000000 52698572 [......&.....Ri.r]
0000000380273050 00000000 5269861b 00000000 5269861b [....Ri......Ri..]
0000000380273060 00000000 00000000 00000000 003f820c [.............?..]
0000000380273070 00000000 003f820c 00000000 00000001 [.....?..........]
0000000380273080 00000003 00000000 00000001 00000000 [................]
0000000380273090 0000000e 00016847 00000000 00000000 [......hG........]
00000003802730a0 00000000 00000000 00000000 00380274 [.............8.t]
00000003802730b0 15938902 23861b75 23861b75 00000000 [....#..u#..u....]
00000003802730c0 00000000 00000000 00000000 00000000 [................]
00000003802730d0 00000000 00000000 00000000 00000000 [................]
00000003802730e0 00000000 00000000 00000000 0038345b [.............84[]
00000003802730f0 00000000 0038345c 00000000 00385791 [.....84\.....8W.] pointer 0x1
0000000380273100 00000000 0038cb22 00000000 0038cb23 [.....8.".....8.#]
(3)
[root@dash-01 ~]# gfs2_edit -x -p rgbitmaps 2 /dev/sda1
I don't know what 'rgbitmaps' means.
(4)
[root@dash-01 ~]# gfs2_edit -p per_node /dev/sda1 |grep inum_range0
3. (3). 32860 (0x805c): File inum_range0
(5)
[root@dash-01 ~]# gfs2_edit restoremeta quota_change.0x815e.meta /dev/sda1
File system size: 196617 (0x30009) blocks, aka 768.36MB
There are 244027342 blocks of 4096 bytes in the destination device.
244027342 inodes processed, 33122 blocks saved (100%) processed,
File quota_change.0x815e.meta restore successful.
[root@dash-01 ~]# gfs2_edit -p 0x815e field qc_change /dev/sda1
0
[root@dash-01 ~]# rpm -q gfs2-utils
gfs2-utils-3.0.12.1-59.el6.x86_64
(1)
[root@dash-01 ~]# gfs2_edit -p 3670643 /dev/sda1 |head -n 100
Block #3670643 (0x380273) of 244027342 (0xe8b8fce) (disk inode)
Dinode:
mh_magic 0x01161970(hex)
mh_type 4 0x4
mh_format 400 0x190
no_formal_ino 1 0x1
no_addr 3670643 0x380273
di_mode 040755(decimal)
di_uid 0 0x0
di_gid 0 0x0
di_nlink 2 0x2
di_size 131072 0x20000
di_blocks 9948 0x26dc
di_atime 1382647154 0x52698572
di_mtime 1382647323 0x5269861b
di_ctime 1382647323 0x5269861b
di_major 0 0x0
di_minor 0 0x0
di_goal_meta 4162060 0x3f820c
di_goal_data 4162060 0x3f820c
di_flags 0x00000003(hex)
di_payload_format 0 0x0
di_height 1 0x1
di_depth 14 0xe
di_entries 92231 0x16847
di_eattr 3670644 0x380274
This directory contains 33 indirect blocks
Indirect blocks:
0 => 0x38345b / 3683419
0 => 0x3d8c56 / 4033622
Directory block: lf_depth:13, lf_entries:12,fmt:1200 next=0x0 (12 dirents).
1/1 [00056736] 805/3674793 (0x325/0x3812a9): File a_really_really_long_filename_to_make_very_quick_use_of_tiny_little_dentry_blocks_a_really_really_long_filename_to_make_very_quick_use_of_tiny_little_dentry_blocks_a_really_really_long_filename_to_make_very_quick_use_of_tiny_little_dentry_blocks_a_r.804
2/2 [00035e94] 7005/3709764 (0x1b5d/0x389b44): File a_really_really_long_filename_to_make_very_quick_use_of_tiny_little_dentry_blocks_a_really_really_long_filename_to_make_very_quick_use_of_tiny_little_dentry_blocks_a_really_really_long_filename_to_make_very_quick_use_of_tiny_little_dentry_blocks_a_r.7004
(2)
gfs2_edit - Global File System Editor (use with extreme caution)
Block #3670643 (0x380273) of 244027342 (0xe8b8fce) (disk inode)
(p.1 of 6--Meta )
0000000380273000 01161970 00000004 00000000 00000000 [...p............]
0000000380273010 00000190 00000000 00000000 00000001 [................]
0000000380273020 00000000 00380273 000041ed 00000000 [.....8.s..A.....]
0000000380273030 00000000 00000002 00000000 00020000 [................]
0000000380273040 00000000 000026dc 00000000 52698572 [......&.....Ri.r]
0000000380273050 00000000 5269861b 00000000 5269861b [....Ri......Ri..]
0000000380273060 00000000 00000000 00000000 003f820c [.............?..]
0000000380273070 00000000 003f820c 00000000 00000001 [.....?..........]
0000000380273080 00000003 00000000 00000001 00000000 [................]
0000000380273090 0000000e 00016847 00000000 00000000 [......hG........]
00000003802730a0 00000000 00000000 00000000 00380274 [.............8.t]
00000003802730b0 15938902 23861b75 23861b75 00000000 [....#..u#..u....]
00000003802730c0 00000000 00000000 00000000 00000000 [................]
00000003802730d0 00000000 00000000 00000000 00000000 [................]
00000003802730e0 00000000 00000000 00000000 0038345b [.............84[]
00000003802730f0 00000000 0038345c 00000000 00385791 [.....84\.....8W.] pointer 0x1
(3)
[root@dash-01 ~]# gfs2_edit -x -p rgbitmaps 2 /dev/sda1 |head -n 50
Block #132126 (0x2041e) of 244027342 (0xe8b8fce) (rsrc grp hdr)
2041e000 01161970 00000002 00000000 00000000 [...p............]
2041e010 000000c8 00000000 00000000 0000fff0 [................]
(4)
[root@dash-01 ~]# gfs2_edit -p per_node /dev/sda1 |grep inum_range0
3/3 [e1fd87d0] 6/32860 (0x6/0x805c): File inum_range0
(5)
[root@dash-01 ~]# gfs2_edit restoremeta quota_change.0x815e.meta /dev/sda1
File system size: 196617 (0x30009) blocks, aka 768.36MB
There are 244027342 blocks of 4096 bytes in the destination device.
244027342 inodes processed, 33122 blocks saved (100%) processed,
File quota_change.0x815e.meta restore successful.
[root@dash-01 ~]# rpm -q gfs2-utils
gfs2-utils-3.0.12.1-59.el6.x86_64
[root@dash-01 ~]# gfs2_edit -p 0x815e field qc_change /dev/sda1
77
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1617.html |
Description of problem: The coverity tool recently spotted a bug in libgfs2/ondisk.c that would cause a segfault. The problem is a set of missing parenthesis in functions gfs2_quota_change_in and gfs2_quota_change_out. The missing parens are in the upstream git repository, but not in the RHEL6 cluster.git repo. Since we're porting patches to gfs2_edit, we should also add some of the new debugging features found in upstream, such as the ability to display pointer numbers on directory hash tables. Version-Release number of selected component (if applicable): RHEL6 How reproducible: Always Steps to Reproduce: 1. gfs2_edit restoremeta /home/bob/metadata/gfs2/quota_change.0x815e.meta /dev/mpathc/tiny 2. gfs2_edit -p 0x815e field qc_change /dev/mpathc/tiny Actual results: 0 Expected results: 77 Additional info: This quota_change record at block 0x815e was created manually with an upstream gfs2-utils with these commands: [root@hlab3 ~]# lvcreate -L1G -n tiny /dev/intec Logical volume "tiny" created [root@hlab3 ~]# mkfs.gfs2 -O -j1 -p lock_nolock /dev/intec/tiny Device: /dev/intec/tiny Blocksize: 4096 Device Size 1.00 GB (262144 blocks) Filesystem Size: 1.00 GB (262142 blocks) Journals: 1 Resource Groups: 4 Locking Protocol: "lock_nolock" Lock Table: "" UUID: 22daeb9f-81bd-a0f2-0d6f-31213ee91da2 [root@hlab3 ~]# gfs2_edit -p per_node /dev/intec/tiny |grep quota_change0 5. (5). 32862 (0x805e): File quota_change0 [root@hlab3 ~]# gfs2_edit -p 0x805e /dev/intec/tiny | grep 255 255 => 0x815e / 33118 (data offset 0xff000 / 1044480 / 1020.00K) [root@hlab3 ~]# gfs2_edit -p 0x815e /dev/intec/tiny Block #33118 (0x815e) of 262144 (0x40000) (quota change) Quota Change: qc_change 0 0x0 qc_flags 0x00000000(hex) qc_id 0 0x0 ------------------------------------------------------ [root@hlab3 ~]# gfs2_edit -p 0x815e field qc_change 77 /dev/intec/tiny 77 [root@hlab3 ~]# gfs2_edit -p 0x815e field qc_change /dev/intec/tiny 77 [root@hlab3 ~]# gfs2_edit savemeta /dev/intec/tiny /home/bob/metadata/gfs2/quota_change.0x815e.meta There are 262144 blocks of 4096 bytes in the destination device. Reading resource groups...Done. File system size: 255.1021K 262141 inodes processed, 33122 blocks saved (100%) processed, Metadata saved to file /home/bob/metadata/gfs2/quota_change.0x815e.meta (gzipped, level 9).