Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 228461 - ext3 block bitmap leakage
Summary: ext3 block bitmap leakage
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Eric Sandeen
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-02-13 08:03 UTC by Vasily Averin
Modified: 2008-01-09 17:30 UTC (History)
2 users (show)

Fixed In Version: RHBA-2007-0791
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-11-15 16:20:05 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0791 normal SHIPPED_LIVE Updated kernel packages available for Red Hat Enterprise Linux 4 Update 6 2007-11-14 18:25:55 UTC

Description Vasily Averin 2007-02-13 08:03:33 UTC
Andrey Savochkin from SWsoft Virtuozzo/OpenVZ Linux Team has found the cause of
 block bitmap leakage on ext3 filesystem.

[vvs@dhcp17-60 ~]$ uname -a
Linux dhcp17-60.qa.sw.ru 2.6.9-42.0.8.EL #1 Tue Jan 23 12:34:49 EST 2007 x86_64
x86_64 x86_64 GNU/Linux
[vvs@dhcp17-60 ~]$ id
uid=500(vvs) gid=500(vvs) groups=500(vvs) context=user_u:system_r:unconfined_t

VVS comment: root permissions are required for the filesystem creation and
mount, issue can be triggered by any user, please see below.

[vvs@dhcp17-60 ~]$ su
Password:
[root@dhcp17-60 vvs]# dd if=/dev/zero of=/tmp/disk bs=1k count=10k
10240+0 records in
10240+0 records out
[root@dhcp17-60 vvs]# /sbin/mkfs.ext3 -Fq /tmp/disk
[root@dhcp17-60 vvs]# mount -o loop /tmp/disk /tmp/disk_mnt/
mount: mount point /tmp/disk_mnt/ does not exist
[root@dhcp17-60 vvs]# mkdir /tmp/disk_mnt
[root@dhcp17-60 vvs]# mount -o loop /tmp/disk /tmp/disk_mnt/
[root@dhcp17-60 vvs]# chmod 777 /tmp/disk_mnt/
[root@dhcp17-60 vvs]# exit
[vvs@dhcp17-60 ~]$ dd if=/dev/zero of=/tmp/disk_mnt/asdf.small bs=1 count=1
1+0 records in
1+0 records out
[vvs@dhcp17-60 ~]$ dd if=/dev/zero of=/tmp/disk_mnt/asdf.large bs=1k count=100k
dd: writing `/tmp/disk_mnt/asdf.large': No space left on device
8242+0 records in
8241+0 records out
[vvs@dhcp17-60 ~]$ sync
[vvs@dhcp17-60 ~]$ rm -rf /tmp/disk_mnt/asdf.small
[vvs@dhcp17-60 ~]$ sync
[vvs@dhcp17-60 ~]$ dd if=/dev/zero of=/tmp/disk_mnt/asdf.new seek=1000k bs=1k
count=1
dd: writing `/tmp/disk_mnt/asdf.new': No space left on device
1+0 records in
0+0 records out

VVS comment: filesystem is corrupted now, however Filesystem state is still clean.

[vvs@dhcp17-60 ~]$ su
Password:
[root@dhcp17-60 vvs]# umount /tmp/disk_mnt/
[root@dhcp17-60 vvs]# /sbin/dumpe2fs -fh /tmp/disk
dumpe2fs 1.35 (28-Feb-2004)
Filesystem volume name:   <none>
Last mounted on:          <not available>
Filesystem UUID:          0fec1da5-edea-4fe8-a7e3-20ccd0f36e61
Filesystem magic number:  0xEF53
Filesystem revision #:    1 (dynamic)
Filesystem features:      has_journal ext_attr resize_inode filetype sparse_super
Default mount options:    (none)
Filesystem state:         clean
Errors behavior:          Continue
Filesystem OS type:       Linux
Inode count:              2560
Block count:              10240
Reserved block count:     512
Free blocks:              512
Free inodes:              2547
First block:              1
Block size:               1024
Fragment size:            1024
Reserved GDT blocks:      39
Blocks per group:         8192
Fragments per group:      8192
Inodes per group:         1280
Inode blocks per group:   160
Filesystem created:       Tue Feb 13 10:19:22 2007
Last mount time:          Tue Feb 13 10:20:08 2007
Last write time:          Tue Feb 13 10:22:17 2007
Mount count:              1
Maximum mount count:      35
Last checked:             Tue Feb 13 10:19:22 2007
Check interval:           15552000 (6 months)
Next check after:         Sun Aug 12 11:19:22 2007
Reserved blocks uid:      0 (user root)
Reserved blocks gid:      0 (group root)
First inode:              11
Inode size:               128
Journal inode:            8
Default directory hash:   tea
Directory Hash Seed:      f3eaff28-85b0-440a-81a8-35e6e914583e
Journal backup:           inode blocks

[root@dhcp17-60 vvs]# /sbin/fsck -f -n /tmp/disk
fsck 1.35 (28-Feb-2004)
e2fsck 1.35 (28-Feb-2004)
Pass 1: Checking inodes, blocks, and sizes
Inode 12, i_blocks is 4, should be 2.  Fix? no

Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
Block bitmap differences:  -8396
Fix? no


/tmp/disk: ********** WARNING: Filesystem still has errors **********

/tmp/disk: 13/2560 files (7.7% non-contiguous), 9728/10240 blocks

Comment 1 Vasily Averin 2007-02-13 08:07:53 UTC
Fixed by the following patch
http://lkml.org/lkml/2006/6/30/54

Comment 2 Eric Sandeen 2007-02-13 17:49:25 UTC
Whoops... yep, looks like a good one for RHEL4, thanks guys.

Comment 3 Eric Sandeen 2007-02-19 22:07:58 UTC
FWIW looks like this one never made it into the 2.6.16 -stable series (and is
not applicable to 2.6.17 and later...)

Comment 5 RHEL Product and Program Management 2007-05-14 19:41:35 UTC
This request was evaluated by Red Hat Kernel Team for inclusion in a Red
Hat Enterprise Linux maintenance release, and has moved to bugzilla 
status POST.

Comment 6 Jason Baron 2007-06-27 14:44:26 UTC
committed in stream U6 build 55.13. A test kernel with this patch is available
from http://people.redhat.com/~jbaron/rhel4/


Comment 9 errata-xmlrpc 2007-11-15 16:20:05 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0791.html



Note You need to log in before you can comment on or make changes to this bug.