Fix: in case of filesystem corruption, prevent lookup soft lockup#91
Fix: in case of filesystem corruption, prevent lookup soft lockup#91EricKim27 wants to merge 4 commits into
Conversation
|
As I stated in PR88, I believe we don't need this check. From an algorithmic perspective, The Therefore, if you encounter an issue with dblock->files[_fi].nr_blk = 0, you can ask this question and describe how you triggered it. |
|
@RoyWFHuang But this error I encountered caused a soft lockup due to __file_lookup looping indefinitely, and I think it is better to return -EUCLEAN rather than allowing it to loop indefinitely. It is not that I think nr_blk being 0 is what happens on normal operation, but if a corrupted metadata reaches this path, whether it be a bug in the future or a corrupted image, the current __file_lookup may loop forever, and my proposed check makes it a filesystem error that is visible on userspace. I do understand the concern about preserving invariants and keeping lookup without any unnecessary checks for impossible on a regular filesystem(which is why I added unlikely() to the context). I just wanted to explain why I considered the guarding mechanism to be necessary even after the root cause was remedied. |
2 participants
This is a new fix that continues from pull request #88
In this code, it ensures in case of nr_blk == 0, the system does not soft lockup, and return -EUCLEAN, because nr_blk == 0 means the filesystem is corrupted.
Summary by cubic
Prevent soft lockup during directory lookups by failing fast on corrupted entries. If
nr_blk == 0, return-EUCLEAN; includes minor style cleanups like removing unnecessary brackets.__file_lookupthat checks!dblock->files[_fi].nr_blkand returns-EUCLEAN, annotated withunlikely()to optimize the edge-case path.Written for commit 27bc38e. Summary will update on new commits.