bin/58723: resize_ffs should refuse to resize a filesystem with a journal

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/58723: resize_ffs should refuse to resize a filesystem with a journal
From: cmeerw%cmeerw.org@localhost
Date: Sun, 6 Oct 2024 18:40:00 +0000 (UTC)

>Number:         58723
>Category:       bin
>Synopsis:       resize_ffs should refuse to resize a filesystem with a journal
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 06 18:40:00 +0000 2024
>Originator:     Christof Meerwald
>Release:        10.99.12 (Wed Oct  2 21:21:26 UTC 2024)
>Organization:
>Environment:
NetBSD hostcram.cmeerw.net 10.99.12 NetBSD 10.99.12 (GENERIC) #0: Wed Oct  2 21:21:26 UTC 2024  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64

>Description:
resize_ffs can't handle a journal, but doesn't warn or refuse to resize a filesystem with a journal.

For an in-filesystem journal this is probably less severe as it likely just means that the journal for the resulting filesystem is too small.

But for an end-of-partition journal it means that, after resizing, the journal overlaps the filesystem, resulting in silent data corruption (the kernel doesn't notice when mounting the filesystem either).

Also see https://mail-index.netbsd.org/netbsd-users/2024/09/29/msg031766.html
>How-To-Repeat:
Here is an example that creates a filesystem with an end-of-partition journal that gets resized by resize_ffs.

dd if=/dev/zero bs=1m count=1 seek=99 of=fs.img
newfs -O 2 -b 16384 -f 2048 -F fs.img
dd if=/dev/zero bs=1m count=1 seek=100 of=fs.img
vndconfig vnd0 ./fs.img
mount -o rw,log /dev/vnd0 /mnt
umount /mnt
dumpfs -s /dev/vnd0
vndconfig -u vnd0
dd if=/dev/zero bs=1m count=1 seek=200 of=fs.img
fsck_ffs -F fs.img
resize_ffs -y fs.img
vndconfig vnd0 ./fs.img
mount -o rw,log /dev/vnd0 /mnt
dd if=/dev/zero bs=1m of=/mnt/all_zero count=160
umount /mnt
mount -o rw,log /dev/vnd0 /mnt
od -t x1 /mnt/all_zero

Note that "od" will show non-zero output as the filesystem journal now overlaps the filesystem.
>Fix:
resize_ffs should check for a journal location in the superblock and refuse to continue if there is a journal set up. Ideally, the kernel should also notice when an end-of-partition journal points into the filesystem.

/etc/rc.d/resize_root should be adjusted accordingly

Prev by Date: PR/58718 CVS commit: src/bin/df
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: PR/58718 CVS commit: src/bin/df
Next by Thread: Re: bin/58718 (df: "total files" and "free files" values swapped in df -G output)
Indexes:

Home | Main Index | Thread Index | Old Index