Fix integer overflow of ZTOI(zp)->i_generation #8858

tcaputi · 2019-06-05T21:11:39Z

The ZFS on-disk format stores each inode's generation ID as a 64
bit number on disk and in-core. However, the Linux kernel's inode
is only a 32 bit number. In most places, the code handles this
correctly, but the cast is missing in zfs_rezget(). For many pools,
this isn't an issue since the generation ID is computed as the
current txg when the inode is created and many pools don't have
more than 2^32 txgs.

For the pools that have more txgs, this issue causes any inode with
a high enough generation number to report IO errors after a call to
"zfs rollback" while holding the file or directory open. This patch
simply adds the missing cast.

Signed-off-by: Tom Caputi tcaputi@datto.com

Types of changes

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Performance enhancement (non-breaking change which improves efficiency)
Code cleanup (non-breaking change which makes code smaller or more readable)
Breaking change (fix or feature that would cause existing functionality to change)
Documentation (a change to man pages or other documentation)

Checklist:

My code follows the ZFS on Linux code style requirements.
I have updated the documentation accordingly.
I have read the contributing document.
I have added tests to cover my changes.
All new and existing tests passed.
All commit messages are properly formatted and contain Signed-off-by.

The ZFS on-disk format stores each inode's generation ID as a 64 bit number on disk and in-core. However, the Linux kernel's inode is only a 32 bit number. In most places, the code handles this correctly, but the cast is missing in zfs_rezget(). For many pools, this isn't an issue since the generation ID is computed as the current txg when the inode is created and many pools don't have more than 2^32 txgs. For the pools that have more txgs, this issue causes any inode with a high enough generation number to report IO errors after a call to "zfs rollback" while holding the file or directory open. This patch simply adds the missing cast. Signed-off-by: Tom Caputi <tcaputi@datto.com>

tcaputi · 2019-06-05T21:12:23Z

This patch is a bit tricky to test because it requires a pool with txg > 2^32. Perhaps we can figure out a way to test this in the future.

codecov · 2019-06-06T05:53:42Z

Codecov Report

Merging #8858 into master will decrease coverage by 0.11%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #8858      +/-   ##
==========================================
- Coverage    78.8%   78.68%   -0.12%     
==========================================
  Files         382      382              
  Lines      117771   117771              
==========================================
- Hits        92806    92671     -135     
- Misses      24965    25100     +135

Flag	Coverage Δ
#kernel	`79.36% <100%> (+0.02%)`	⬆️
#user	`67.21% <ø> (-0.21%)`	⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2ecc202...6740362. Read the comment docs.

alek-p

LGTM

The ZFS on-disk format stores each inode's generation ID as a 64 bit number on disk and in-core. However, the Linux kernel's inode is only a 32 bit number. In most places, the code handles this correctly, but the cast is missing in zfs_rezget(). For many pools, this isn't an issue since the generation ID is computed as the current txg when the inode is created and many pools don't have more than 2^32 txgs. For the pools that have more txgs, this issue causes any inode with a high enough generation number to report IO errors after a call to "zfs rollback" while holding the file or directory open. This patch simply adds the missing cast. Reviewed-by: Alek Pinchuk <apinchuk@datto.com> Reviewed-by: George Melikov <mail@gmelikov.ru> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tom Caputi <tcaputi@datto.com> Closes #8858

Provide zfstest coverage for these two issues which were a panic accessing extended attributes and a problem comparing 64 bit and 32 bit generation numbers. Signed-off-by: Paul Zuchowski <pzuchowski@datto.com>

Provide zfstest coverage for these two issues which were a panic accessing extended attributes and a problem comparing 64 bit and 32 bit generation numbers. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Paul Zuchowski <pzuchowski@datto.com> Issue #5866 Issue #8858 Closes #8978

This reverts commit 693c1fc. This change resulted in a kmem leak being observed in existing code which needs to be indentified and addressed. Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>

This reverts commit 693c1fc. This change resulted in a kmem leak being observed in existing code which needs to be identified and addressed. Reviewed-by: Paul Zuchowski <pzuchowski@datto.com> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Issue #8978 Closes #9090

Provide zfstest coverage for these two issues which were a panic accessing extended attributes and a problem comparing 64 bit and 32 bit generation numbers. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Paul Zuchowski <pzuchowski@datto.com> Issue openzfs#5866 Issue openzfs#8858 Closes openzfs#8978

This reverts commit 693c1fc. This change resulted in a kmem leak being observed in existing code which needs to be identified and addressed. Reviewed-by: Paul Zuchowski <pzuchowski@datto.com> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Issue openzfs#8978 Closes openzfs#9090

Provide zfstest coverage for these two issues which were a panic accessing extended attributes and a problem comparing 64 bit and 32 bit generation numbers. Signed-off-by: Paul Zuchowski <pzuchowski@datto.com>

Provide zfstest coverage for these two issues which were a panic accessing extended attributes and a problem comparing 64 bit and 32 bit generation numbers. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Paul Zuchowski <pzuchowski@datto.com> Issue openzfs#5866 Issue openzfs#8858 Closes openzfs#8978

This reverts commit 693c1fc. This change resulted in a kmem leak being observed in existing code which needs to be identified and addressed. Reviewed-by: Paul Zuchowski <pzuchowski@datto.com> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Issue openzfs#8978 Closes openzfs#9090

Provide zfstest coverage for these two issues which were a panic accessing extended attributes and a problem comparing 64 bit and 32 bit generation numbers. Signed-off-by: Paul Zuchowski <pzuchowski@datto.com>

behlendorf approved these changes Jun 5, 2019

View reviewed changes

behlendorf added the Status: Code Review Needed Ready for review and testing label Jun 5, 2019

gmelikov approved these changes Jun 6, 2019

View reviewed changes

alek-p approved these changes Jun 6, 2019

View reviewed changes

behlendorf added Status: Accepted Ready to integrate (reviewed, tested) and removed Status: Code Review Needed Ready for review and testing labels Jun 6, 2019

behlendorf merged commit 3ce85b5 into openzfs:master Jun 6, 2019

PaulZ-98 mentioned this pull request Jul 1, 2019

Develop tests for issues #5866 and #8858 #8978

Merged

12 tasks

PaulZ-98 mentioned this pull request Mar 30, 2020

Develop tests for issues #5866 and #8858 #10164

Open

12 tasks

problame mentioned this pull request Sep 25, 2020

zfs_vnops: make zfs_get_data OS-independent #10979

Merged

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix integer overflow of ZTOI(zp)->i_generation #8858

Fix integer overflow of ZTOI(zp)->i_generation #8858

tcaputi commented Jun 5, 2019

tcaputi commented Jun 5, 2019

codecov bot commented Jun 6, 2019

alek-p left a comment

Fix integer overflow of ZTOI(zp)->i_generation #8858

Fix integer overflow of ZTOI(zp)->i_generation #8858

Conversation

tcaputi commented Jun 5, 2019

Types of changes

Checklist:

tcaputi commented Jun 5, 2019

codecov bot commented Jun 6, 2019

Codecov Report

alek-p left a comment

Choose a reason for hiding this comment