Re: [f2fs-dev] [f2fs bug] infinite loop in f2fs_get_meta_page_nofail()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: jaegeuk@kernel.org
To: Chao Yu <yuchao0@huawei.com>
Cc: Eric Biggers <ebiggers@kernel.org>,
	syzbot+ee250ac8137be41d7b13@syzkaller.appspotmail.com,
	syzkaller-bugs@googlegroups.com, linux-kernel@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [f2fs-dev] [f2fs bug] infinite loop in f2fs_get_meta_page_nofail()
Date: Thu, 8 Oct 2020 18:50:15 -0700	[thread overview]
Message-ID: <20201009015015.GA1931838@google.com> (raw)
In-Reply-To: <c7baef0d-d459-114f-7146-627f0c4159ad@huawei.com>

On 10/09, Chao Yu wrote:
> On 2020/10/8 5:53, jaegeuk@kernel.org wrote:
> > On 10/07, Eric Biggers wrote:
> > > [moved linux-fsdevel to Bcc]
> > > 
> > > On Wed, Oct 07, 2020 at 02:18:19AM -0700, syzbot wrote:
> > > > Hello,
> > > > 
> > > > syzbot found the following issue on:
> > > > 
> > > > HEAD commit:    a804ab08 Add linux-next specific files for 20201006
> > > > git tree:       linux-next
> > > > console output: https://syzkaller.appspot.com/x/log.txt?x=17fe30bf900000
> > > > kernel config:  https://syzkaller.appspot.com/x/.config?x=26c1b4cc4a62ccb
> > > > dashboard link: https://syzkaller.appspot.com/bug?extid=ee250ac8137be41d7b13
> > > > compiler:       gcc (GCC) 10.1.0-syz 20200507
> > > > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1336413b900000
> > > > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12f7392b900000
> > > > 
> > > > The issue was bisected to:
> > > > 
> > > > commit eede846af512572b1f30b34f9889d7df64c017d4
> > > > Author: Jaegeuk Kim <jaegeuk@kernel.org>
> > > > Date:   Fri Oct 2 21:17:35 2020 +0000
> > > > 
> > > >      f2fs: f2fs_get_meta_page_nofail should not be failed
> > > > 
> > > 
> > > Jaegeuk, it looks like the loop you added in the above commit doesn't terminate
> > > if the requested page is beyond the end of the device.
> > 
> > Yes, that will go infinite loop. Otherwise, it will trigger a panic during
> > the device reboot. Let me think how to avoid that before trying to get the
> > wrong lba access.
> 
> Delivering f2fs_get_sum_page()'s return value needs a lot of codes change, I think
> we can just zeroing sum_page in error case, as we have already shutdown f2fs via
> calling f2fs_stop_checkpoint(), then f2fs_cp_error() will stop all updates to
> filesystem data including summary pages.

That sounds like one solution tho, I'm afraid of getting another panic by
wrong zero'ed summary page.

> 
> Thoughts?
> 
> Thanks,
> 
> > 
> > > 
> > > - Eric
> > 
> > 
> > _______________________________________________
> > Linux-f2fs-devel mailing list
> > Linux-f2fs-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
> > .
> > 


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

WARNING: multiple messages have this Message-ID (diff)

From: jaegeuk@kernel.org
To: Chao Yu <yuchao0@huawei.com>
Cc: Eric Biggers <ebiggers@kernel.org>,
	<syzbot+ee250ac8137be41d7b13@syzkaller.appspotmail.com>,
	<syzkaller-bugs@googlegroups.com>, <linux-kernel@vger.kernel.org>,
	<linux-f2fs-devel@lists.sourceforge.net>
Subject: Re: [f2fs-dev] [f2fs bug] infinite loop in f2fs_get_meta_page_nofail()
Date: Thu, 8 Oct 2020 18:50:15 -0700	[thread overview]
Message-ID: <20201009015015.GA1931838@google.com> (raw)
In-Reply-To: <c7baef0d-d459-114f-7146-627f0c4159ad@huawei.com>

On 10/09, Chao Yu wrote:
> On 2020/10/8 5:53, jaegeuk@kernel.org wrote:
> > On 10/07, Eric Biggers wrote:
> > > [moved linux-fsdevel to Bcc]
> > > 
> > > On Wed, Oct 07, 2020 at 02:18:19AM -0700, syzbot wrote:
> > > > Hello,
> > > > 
> > > > syzbot found the following issue on:
> > > > 
> > > > HEAD commit:    a804ab08 Add linux-next specific files for 20201006
> > > > git tree:       linux-next
> > > > console output: https://syzkaller.appspot.com/x/log.txt?x=17fe30bf900000
> > > > kernel config:  https://syzkaller.appspot.com/x/.config?x=26c1b4cc4a62ccb
> > > > dashboard link: https://syzkaller.appspot.com/bug?extid=ee250ac8137be41d7b13
> > > > compiler:       gcc (GCC) 10.1.0-syz 20200507
> > > > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1336413b900000
> > > > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12f7392b900000
> > > > 
> > > > The issue was bisected to:
> > > > 
> > > > commit eede846af512572b1f30b34f9889d7df64c017d4
> > > > Author: Jaegeuk Kim <jaegeuk@kernel.org>
> > > > Date:   Fri Oct 2 21:17:35 2020 +0000
> > > > 
> > > >      f2fs: f2fs_get_meta_page_nofail should not be failed
> > > > 
> > > 
> > > Jaegeuk, it looks like the loop you added in the above commit doesn't terminate
> > > if the requested page is beyond the end of the device.
> > 
> > Yes, that will go infinite loop. Otherwise, it will trigger a panic during
> > the device reboot. Let me think how to avoid that before trying to get the
> > wrong lba access.
> 
> Delivering f2fs_get_sum_page()'s return value needs a lot of codes change, I think
> we can just zeroing sum_page in error case, as we have already shutdown f2fs via
> calling f2fs_stop_checkpoint(), then f2fs_cp_error() will stop all updates to
> filesystem data including summary pages.

That sounds like one solution tho, I'm afraid of getting another panic by
wrong zero'ed summary page.

> 
> Thoughts?
> 
> Thanks,
> 
> > 
> > > 
> > > - Eric
> > 
> > 
> > _______________________________________________
> > Linux-f2fs-devel mailing list
> > Linux-f2fs-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
> > .
> >

next prev parent reply	other threads:[~2020-10-09  1:50 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-07  9:18 [f2fs-dev] INFO: task can't die in corrupted syzbot
2020-10-07  9:18 ` syzbot
2020-10-07 21:32 ` [f2fs-dev] [f2fs bug] infinite loop in f2fs_get_meta_page_nofail() Eric Biggers
2020-10-07 21:32   ` Eric Biggers
2020-10-07 21:53   ` [f2fs-dev] " jaegeuk
2020-10-07 21:53     ` jaegeuk
2020-10-09  1:42     ` [f2fs-dev] " Chao Yu
2020-10-09  1:42       ` Chao Yu
2020-10-09  1:50       ` jaegeuk [this message]
2020-10-09  1:50         ` jaegeuk
2020-10-09  2:37         ` Chao Yu
2020-10-09  2:37           ` Chao Yu
2020-10-09  4:32           ` jaegeuk
2020-10-09  4:32             ` jaegeuk
2020-10-09  7:05             ` Chao Yu
2020-10-09  7:05               ` Chao Yu
2020-10-09 14:56               ` jaegeuk
2020-10-09 14:56                 ` jaegeuk
2020-10-13  2:30                 ` Chao Yu
2020-10-13  2:30                   ` Chao Yu
2020-10-13  3:08                   ` jaegeuk
2020-10-13  3:08                     ` jaegeuk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201009015015.GA1931838@google.com \
    --to=jaegeuk@kernel.org \
    --cc=ebiggers@kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzbot+ee250ac8137be41d7b13@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=yuchao0@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.