Date: Mon, 15 Feb 2021 03:39:01 +0000 From: bugzilla-noreply@freebsd.org To: fs@FreeBSD.org Subject: [Bug 253158] Panic: snapacct_ufs2: bad block - Non-suJ mksnap_ffs(8) crash Message-ID: <bug-253158-3630-2OA6BLet6r@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-253158-3630@https.bugs.freebsd.org/bugzilla/> References: <bug-253158-3630@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253158 --- Comment #37 from Konstantin Belousov <kib@FreeBSD.org> --- (In reply to Cy Schubert from comment #36) Ok, I can (partially) understand it. Below are two patches. I believe that either one of them should fix the problem. Can you check please? [Both are needed for correctness] commit 83a450af9edfd1b5ca705e8101870109225fdc7d Author: Konstantin Belousov <kib@FreeBSD.org> Date: Mon Feb 15 05:36:02 2021 +0200 UFS snapshots: properly set the vm object size. PR: 253158 diff --git a/sys/ufs/ffs/ffs_snapshot.c b/sys/ufs/ffs/ffs_snapshot.c index 8f0adde6f5e4..6da84fb46bb0 100644 --- a/sys/ufs/ffs/ffs_snapshot.c +++ b/sys/ufs/ffs/ffs_snapshot.c @@ -59,6 +59,9 @@ __FBSDID("$FreeBSD$"); #include <sys/rwlock.h> #include <sys/vnode.h> +#include <vm/vm.h> +#include <vm/vm_extern.h> + #include <geom/geom.h> #include <ufs/ufs/extattr.h> @@ -328,6 +331,7 @@ ffs_snapshot(mp, snapfile) goto out; bawrite(bp); ip->i_size =3D lblktosize(fs, (off_t)(numblks + 1)); + vnode_pager_setsize(vp, ip->i_size); DIP_SET(ip, i_size, ip->i_size); UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE); /* commit 7b34e5b278f9f2af69f5d39f7999507a17238293 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Mon Feb 15 05:34:06 2021 +0200 pgcache read: protect against reads past end of the vm object size If uio_offset is past end of the object size, calculated resid is negat= ive. Delegate handling this case to the locked read, as any other non-trivial situation. PR: 253158 diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index 46b333b2261f..b13eb442e436 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -967,6 +967,8 @@ vn_read_from_obj(struct vnode *vp, struct uio *uio) #else vsz =3D atomic_load_64(&obj->un_pager.vnp.vnp_size); #endif + if (uio->uio_offset >=3D vsz) + goto out; if (uio->uio_offset + resid > vsz) resid =3D vsz - uio->uio_offset; --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253158-3630-2OA6BLet6r>