[BTRFS-PROGS,BUG] Incorrect detection of a removed device [was Re: “Bug”-report: inconsistency kernel <-> tools]

Commit Message

Goffredo Baroncelli Aug. 31, 2012, 9:37 p.m. UTC

Hi all, Yan,

On 08/31/2012 09:08 PM, Goffredo Baroncelli wrote:
> However making a test I found both the behaviours: sometime the removed
> disk disappears from the output of "btrfs fi show" and sometime not...
>
> May be that there is a bug somewhere...


I became crazy looking at this bug. I found that a debian package raises 
the bug, but when I compiled the source by hand the bug disappeared... 
Finally I discovered that this bug depends by an uninitialized variable; 
this lead to the unpredictable behaviour.

The problem is that when a device is removed, the function 
btrfs_read_dev_super() should ignore it. In fact the kernel clear the 
magic number in the *first* superblock. However the function 
btrfs_read_dev_super() checks also the backup superblocks and when it 
found a valid one, the function returns success.

Lukely (?) this function fails very often because the fsid of the backup 
superblock are checked against an uninitialized buffer. However when 
this check has success this device is considered suitable even tough it 
was removed.

The BUG is in the function btrfs_read_dev_super():


int btrfs_read_dev_super(int fd, struct btrfs_super_block *sb, u64 
sb_bytenr)
{
         u8 fsid[BTRFS_FSID_SIZE];
[...]

line 933:

         for (i = 0; i < BTRFS_SUPER_MIRROR_MAX; i++) {
                 bytenr = btrfs_sb_offset(i);
                 ret = pread64(fd, &buf, sizeof(buf), bytenr);
                 if (ret < sizeof(buf))
                         break;

                 if (btrfs_super_bytenr(&buf) != bytenr ||
                     strncmp((char *)(&buf.magic), BTRFS_MAGIC,
                             sizeof(buf.magic)))
                         continue;

                 if (i == 0)
                         memcpy(fsid, buf.fsid, sizeof(fsid));
                 else if (memcmp(fsid, buf.fsid, sizeof(fsid)))
                         continue;

                 if (btrfs_super_generation(&buf) > transid) {
                         memcpy(sb, &buf, sizeof(*sb));
                         transid = btrfs_super_generation(&buf);
                 }
         }


When a device is removed, the *first* superblock magic field is zeroed 
so the first check "strncmp((char *)(&buf.magic), BTRFS_MAGIC,..." fails 
, "i" is increased, and the "continue" statement is execute.
Then the check "memcmp(fsid...." became unreliable in the next iteration 
because the fsid variable is not initialized.

To me the test is unclear: what is the purpose to continue when the 
superblocks (the original one and its backup) refer to different fsid: 
there is something wrong which require an user decision...
May be that Yan added this check (see commit 
50860d6e31c28cf4789ef099729dfbce2108620a ) to converting from different 
format ? Yan do you remember something about this code ?

The enclosed patch corrects the initialization of the fsid variable; 
morover if the fsid are different between the superblocks (the original 
one and its backup) the function fails because the device cannot be 
trusted. Finally it is handled the special case when the magic fields is 
zeroed in the *first* superblock. In this case the device is skipped.

BR
G.Baroncelli

Patch

diff --git a/disk-io.c b/disk-io.c
index b21a87f..82fc3b8 100644
--- a/disk-io.c
+++ b/disk-io.c
@@ -910,6 +910,7 @@  struct btrfs_root *open_ctree_fd(int fp, const char *path, u64 sb_bytenr,
 int btrfs_read_dev_super(int fd, struct btrfs_super_block *sb, u64 sb_bytenr)
 {
 	u8 fsid[BTRFS_FSID_SIZE];
+	int fsid_is_initialized = 0;
 	struct btrfs_super_block buf;
 	int i;
 	int ret;
@@ -936,15 +937,26 @@  int btrfs_read_dev_super(int fd, struct btrfs_super_block *sb, u64 sb_bytenr)
 		if (ret < sizeof(buf))
 			break;
 
-		if (btrfs_super_bytenr(&buf) != bytenr ||
-		    strncmp((char *)(&buf.magic), BTRFS_MAGIC,
+		if (btrfs_super_bytenr(&buf) != bytenr )
+			continue;
+		/* if magic is NULL, the device was removed */
+		if (buf.magic == 0 && i==0)
+			return -1;
+		if (strncmp((char *)(&buf.magic), BTRFS_MAGIC,
 			    sizeof(buf.magic)))
 			continue;
 
-		if (i == 0)
+		if (!fsid_is_initialized){
 			memcpy(fsid, buf.fsid, sizeof(fsid));
-		else if (memcmp(fsid, buf.fsid, sizeof(fsid)))
-			continue;
+			fsid_is_initialized = 1;
+		} else if (memcmp(fsid, buf.fsid, sizeof(fsid))) {
+			/* 
+			 * the superblocks (the original one and
+			 * its backups) contain data of different
+			 * filesystems -> the disk cannot be trusted
+			 */
+			return -1;
+		}
 
 		if (btrfs_super_generation(&buf) > transid) {
 			memcpy(sb, &buf, sizeof(*sb));