From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Chao Yu <yuchao0@huawei.com>,
Jaegeuk Kim <jaegeuk@kernel.org>
Subject: [PATCH 4.17 64/67] f2fs: avoid bug_on on corrupted inode
Date: Mon, 16 Jul 2018 09:35:33 +0200 [thread overview]
Message-ID: <20180716073454.070271157@linuxfoundation.org> (raw)
In-Reply-To: <20180716073443.294323458@linuxfoundation.org>
4.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit 5d64600d4f337dc2bb89cd59da99f452f5e4f3c3 upstream.
syzbot has tested the proposed patch but the reproducer still triggered crash:
kernel BUG at fs/f2fs/inode.c:LINE!
F2FS-fs (loop1): invalid crc value
F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop5): invalid crc value
------------[ cut here ]------------
kernel BUG at fs/f2fs/inode.c:238!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 4886 Comm: syz-executor1 Not tainted 4.17.0-rc1+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:do_read_inode fs/f2fs/inode.c:238 [inline]
RIP: 0010:f2fs_iget+0x3307/0x3ca0 fs/f2fs/inode.c:313
RSP: 0018:ffff8801c44a70e8 EFLAGS: 00010293
RAX: ffff8801ce208040 RBX: ffff8801b3621080 RCX: ffffffff82eace18
F2FS-fs (loop2): Magic Mismatch, valid(0xf2f52010) - read(0x0)
RDX: 0000000000000000 RSI: ffffffff82eaf047 RDI: 0000000000000007
RBP: ffff8801c44a7410 R08: ffff8801ce208040 R09: ffffed0039ee4176
R10: ffffed0039ee4176 R11: ffff8801cf720bb7 R12: ffff8801c0efa000
R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
FS: 00007f753aa9d700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
------------[ cut here ]------------
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel BUG at fs/f2fs/inode.c:238!
CR2: 0000000001b03018 CR3: 00000001c8b74000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
f2fs_fill_super+0x4377/0x7bf0 fs/f2fs/super.c:2842
mount_bdev+0x30c/0x3e0 fs/super.c:1165
f2fs_mount+0x34/0x40 fs/f2fs/super.c:3020
mount_fs+0xae/0x328 fs/super.c:1268
vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
vfs_kern_mount fs/namespace.c:1027 [inline]
do_new_mount fs/namespace.c:2517 [inline]
do_mount+0x564/0x3070 fs/namespace.c:2847
ksys_mount+0x12d/0x140 fs/namespace.c:3063
__do_sys_mount fs/namespace.c:3077 [inline]
__se_sys_mount fs/namespace.c:3074 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3074
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457daa
RSP: 002b:00007f753aa9cba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457daa
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f753aa9cbf0
RBP: 0000000000000064 R08: 0000000020016a00 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 0000000000000064 R14: 00000000006fcb80 R15: 0000000000000000
RIP: do_read_inode fs/f2fs/inode.c:238 [inline] RSP: ffff8801c44a70e8
RIP: f2fs_iget+0x3307/0x3ca0 fs/f2fs/inode.c:313 RSP: ffff8801c44a70e8
invalid opcode: 0000 [#2] SMP KASAN
---[ end trace 1cbcbec2156680bc ]---
Reported-and-tested-by: syzbot+41a1b341571f0952badb@syzkaller.appspotmail.com
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/inode.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -185,6 +185,21 @@ void f2fs_inode_chksum_set(struct f2fs_s
ri->i_inode_checksum = cpu_to_le32(f2fs_inode_chksum(sbi, page));
}
+static bool sanity_check_inode(struct inode *inode)
+{
+ struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
+
+ if (f2fs_sb_has_flexible_inline_xattr(sbi->sb)
+ && !f2fs_has_extra_attr(inode)) {
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ f2fs_msg(sbi->sb, KERN_WARNING,
+ "%s: corrupted inode ino=%lx, run fsck to fix.",
+ __func__, inode->i_ino);
+ return false;
+ }
+ return true;
+}
+
static int do_read_inode(struct inode *inode)
{
struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
@@ -235,7 +250,6 @@ static int do_read_inode(struct inode *i
le16_to_cpu(ri->i_extra_isize) : 0;
if (f2fs_sb_has_flexible_inline_xattr(sbi->sb)) {
- f2fs_bug_on(sbi, !f2fs_has_extra_attr(inode));
fi->i_inline_xattr_size = le16_to_cpu(ri->i_inline_xattr_size);
} else if (f2fs_has_inline_xattr(inode) ||
f2fs_has_inline_dentry(inode)) {
@@ -313,6 +327,10 @@ struct inode *f2fs_iget(struct super_blo
ret = do_read_inode(inode);
if (ret)
goto bad_inode;
+ if (!sanity_check_inode(inode)) {
+ ret = -EINVAL;
+ goto bad_inode;
+ }
make_now:
if (ino == F2FS_NODE_INO(sbi)) {
inode->i_mapping->a_ops = &f2fs_node_aops;
next prev parent reply other threads:[~2018-07-16 7:39 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-16 7:34 [PATCH 4.17 00/67] 4.17.7-stable review Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 01/67] bpf: reject passing modified ctx to helper functions Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 02/67] MIPS: Call dump_stack() from show_regs() Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 03/67] MIPS: Use async IPIs for arch_trigger_cpumask_backtrace() Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 04/67] MIPS: Fix ioremap() RAM check Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 05/67] drm/etnaviv: Check for platform_device_register_simple() failure Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 06/67] drm/etnaviv: Fix driver unregistering Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 07/67] drm/etnaviv: bring back progress check in job timeout handler Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 09/67] mmc: sdhci-esdhc-imx: allow 1.8V modes without 100/200MHz pinctrl states Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 10/67] mmc: dw_mmc: fix card threshold control configuration Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 11/67] mmc: renesas_sdhi_internal_dmac: Cannot clear the RX_IN_USE in abort Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 12/67] ibmasm: dont write out of bounds in read handler Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 13/67] staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data() Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 14/67] staging: r8822be: Fix RTL8822be cant find any wireless AP Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 15/67] ata: Fix ZBC_OUT command block check Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 16/67] ata: Fix ZBC_OUT all bit handling Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 17/67] mei: discard messages from not connected client during power down Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 18/67] mtd: spi-nor: cadence-quadspi: Fix direct mode write timeouts Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 19/67] tracing/kprobe: Release kprobe print_fmt properly Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 20/67] vmw_balloon: fix inflation with batching Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 21/67] ahci: Add Intel Ice Lake LP PCI ID Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 22/67] ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 23/67] thunderbolt: Notify userspace when boot_acl is changed Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 24/67] USB: serial: ch341: fix type promotion bug in ch341_control_in() Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 25/67] USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 26/67] USB: serial: keyspan_pda: fix modem-status error handling Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 27/67] USB: yurex: fix out-of-bounds uaccess in read handler Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 28/67] USB: serial: mos7840: fix status-register error handling Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 29/67] usb: quirks: add delay quirks for Corsair Strafe Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.17 30/67] xhci: xhci-mem: off by one in xhci_stream_id_to_ring() Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 31/67] Fix up non-directory creation in SGID directories Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 32/67] mm: zero unavailable pages before memmap init Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 33/67] ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 34/67] ALSA: hda - Handle pm failure during hotplug Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 35/67] mm: do not drop unused pages when userfaultd is running Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 36/67] fs/proc/task_mmu.c: fix Locked field in /proc/pid/smaps* Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 37/67] x86/purgatory: add missing FORCE to Makefile target Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 38/67] fs, elf: make sure to page align bss in load_elf_library Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 39/67] mm: do not bug_on on incorrect length in __mm_populate() Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 40/67] tracing: Reorder display of TGID to be after PID Greg Kroah-Hartman
2018-07-16 7:35 ` Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 41/67] kbuild: delete INSTALL_FW_PATH from kbuild documentation Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 42/67] acpi, nfit: Fix scrub idle detection Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 43/67] arm64: neon: Fix function may_use_simd() return error status Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 44/67] tools build: fix # escaping in .cmd files for future Make Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 45/67] IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 46/67] i2c: tegra: Fix NACK error handling Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 47/67] i2c: recovery: if possible send STOP with recovery pulses Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 48/67] iw_cxgb4: correctly enforce the max reg_mr depth Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 49/67] xen: remove global bit from __default_kernel_pte_mask for pv guests Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 50/67] xen: setup pv irq ops vector earlier Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 51/67] bsg: fix bogus EINVAL on non-data commands Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 52/67] crypto: x86/salsa20 - remove x86 salsa20 implementations Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 53/67] uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 54/67] netfilter: nf_queue: augment nfqa_cfg_policy Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 55/67] crypto: dont optimize keccakf() Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 56/67] netfilter: x_tables: initialise match/target check parameter struct Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 57/67] loop: add recursion validation to LOOP_CHANGE_FD Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 58/67] xfs: fix inobt magic number check Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 59/67] PM / hibernate: Fix oops at snapshot_write() Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 60/67] RDMA/ucm: Mark UCM interface as BROKEN Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 61/67] loop: remember whether sysfs_create_group() was done Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 63/67] f2fs: give message and set need_fsck given broken node id Greg Kroah-Hartman
2018-07-16 7:35 ` Greg Kroah-Hartman [this message]
2018-07-16 7:35 ` [PATCH 4.17 65/67] f2fs: sanity check on sit entry Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 66/67] f2fs: sanity check for total valid node blocks Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.17 67/67] ARM: dts: armada-38x: use the new thermal binding Greg Kroah-Hartman
2018-07-16 16:33 ` [PATCH 4.17 00/67] 4.17.7-stable review Guenter Roeck
2018-07-16 16:40 ` Nathan Chancellor
2018-07-16 16:48 ` Guenter Roeck
2018-07-16 16:44 ` Greg Kroah-Hartman
[not found] ` <20180716073453.739013579@linuxfoundation.org>
2018-07-16 17:09 ` [PATCH 4.17 62/67] kvm: vmx: Nested VM-entry prereqs for event inj Marc Orr
2018-07-16 17:58 ` [LTP] [PATCH 4.17 00/67] 4.17.7-stable review Naresh Kamboju
2018-07-16 17:58 ` Naresh Kamboju
2018-07-16 21:31 ` [LTP] " Jan Stancek
2018-07-16 21:31 ` Jan Stancek
2018-07-17 1:23 ` Dave Chinner
2018-07-17 1:23 ` Dave Chinner
2018-07-17 9:41 ` Greg Kroah-Hartman
2018-07-17 9:41 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180716073454.070271157@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jaegeuk@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=yuchao0@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.