[Bug 253158] Panic: snapacct_ufs2: bad block - Non-suJ mksnap_ffs(8) crash

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Feb 15 03:39:01 UTC 2021 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253158

--- Comment #37 from Konstantin Belousov <kib at FreeBSD.org> ---
(In reply to Cy Schubert from comment #36)
Ok, I can (partially) understand it.

Below are two patches.  I believe that either one of them should fix
the problem.  Can you check please? [Both are needed for correctness]

commit 83a450af9edfd1b5ca705e8101870109225fdc7d
Author: Konstantin Belousov <kib at FreeBSD.org>
Date:   Mon Feb 15 05:36:02 2021 +0200

    UFS snapshots: properly set the vm object size.

    PR:     253158

diff --git a/sys/ufs/ffs/ffs_snapshot.c b/sys/ufs/ffs/ffs_snapshot.c
index 8f0adde6f5e4..6da84fb46bb0 100644
--- a/sys/ufs/ffs/ffs_snapshot.c
+++ b/sys/ufs/ffs/ffs_snapshot.c
@@ -59,6 +59,9 @@ __FBSDID("$FreeBSD$");
 #include <sys/rwlock.h>
 #include <sys/vnode.h>

+#include <vm/vm.h>
+#include <vm/vm_extern.h>
+
 #include <geom/geom.h>

 #include <ufs/ufs/extattr.h>
@@ -328,6 +331,7 @@ ffs_snapshot(mp, snapfile)
                goto out;
        bawrite(bp);
        ip->i_size = lblktosize(fs, (off_t)(numblks + 1));
+       vnode_pager_setsize(vp, ip->i_size);
        DIP_SET(ip, i_size, ip->i_size);
        UFS_INODE_SET_FLAG(ip, IN_SIZEMOD | IN_CHANGE | IN_UPDATE);
        /*


commit 7b34e5b278f9f2af69f5d39f7999507a17238293
Author: Konstantin Belousov <kib at FreeBSD.org>
Date:   Mon Feb 15 05:34:06 2021 +0200

    pgcache read: protect against reads past end of the vm object size

    If uio_offset is past end of the object size, calculated resid is negative.
    Delegate handling this case to the locked read, as any other non-trivial
    situation.

    PR:     253158

diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index 46b333b2261f..b13eb442e436 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -967,6 +967,8 @@ vn_read_from_obj(struct vnode *vp, struct uio *uio)
 #else
        vsz = atomic_load_64(&obj->un_pager.vnp.vnp_size);
 #endif
+       if (uio->uio_offset >= vsz)
+               goto out;
        if (uio->uio_offset + resid > vsz)
                resid = vsz - uio->uio_offset;

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-fs mailing list