amd64/89202: Kernel crash when accessing filesystem

Ivo Janssen ivo at distributed.net
Thu Nov 17 13:31:05 PST 2005 

I'm sure you've thought about this, but I can see the following
improvements to be made:

- make dirsize 64bit 
- add checks to the multiplication operation to make sure it doesn't
   overflow at runtime
- add logic tunefs and newfs so that user cannot set values
   that will lead to kernel panics
- add at the very least huge warnings to the newfs and tunefs
   manpages, or mention why their usefulness is limited.

This particular partition is used for a huge postgres database, which
typically use files holding the actual tables. We assumed tuning the
fs would gain us some improvements...

-Ivo


On Fri, 18 Nov 2005, Bruce Evans wrote:

> On Thu, 17 Nov 2005, Ivo Janssen wrote:
>
>> I recreated the filesystem without the huge -f (avg filesize) option,
>> which we had initially set to 1Gb:
>> # newfs -U -O2 -b 8192 -f 1024
>> # tunefs -e 20480  (10x the default)
>> 
>> With the defaults of avg filesize of 16384, we don't see a crash. I
>> then started playing with tunefs.
>> Increasing the avg filesize to -f 16777216 (16Mb), we don't see a crash.
>> Increasing the avg filesize to -f 33554432 (32Mb), we repro the crash.
>
> I have had the following comment about this bug (but haven't fixed it) for
> many years
>
> % Index: ffs_alloc.c
> % ===================================================================
> % RCS file: /home/ncvs/src/sys/ufs/ffs/ffs_alloc.c,v
> % retrieving revision 1.121
> % diff -u -2 -r1.121 ffs_alloc.c
> % --- ffs_alloc.c	16 Jun 2004 09:47:25 -0000	1.121
> % +++ ffs_alloc.c	28 Oct 2004 15:12:47 -0000
> % @@ -964,4 +991,11 @@
> %  		minbfree = 1;
> %  	cgsize = fs->fs_fsize * fs->fs_fpg;
> % +	/*
> % +	 * XXX the following multiplication can overflow, since newfs can
> % +	 * be abused to set fs_avgfilesize and fs_avgfpdir to preposterous
> % +	 * values.  For the particular preposterous values of (64M, 16),
> % +	 * the multiplication overflows to 0 and then dirsize = 0 sometimes
> % +	 * causes division by 0.
> % +	 */
> %  	dirsize = fs->fs_avgfilesize * fs->fs_avgfpdir;
> %  	curdirsize = avgndir ? (cgsize - avgbfree * fs->fs_bsize) / avgndir : 
> 0;
>
> This bug is easy to work around by not changing fs->fs_avgfilesize or
> fs->fs_avgfpdir.  Tuning them has limited useful effects.
>
> Bruce
>
>

Ivo

--
+---------------------------------------------------------------------
| IVO JANSSEN - ivo at ivo.nu - http://ivo.nu/
| finger ivo at finger.ivo.nu for PGP and more info
| Part of the world's largest computer: http://www.distributed.net/

More information about the freebsd-amd64 mailing list