From: Chao Yu <chao@kernel.org>
To: jaegeuk@kernel.org
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
Ming Yan <yanming@tju.edu.cn>
Subject: [f2fs-dev] [PATCH] f2fs: fix to do sanity check for inline inode
Date: Thu, 28 Apr 2022 10:49:40 +0800 [thread overview]
Message-ID: <20220428024940.12102-1-chao@kernel.org> (raw)
As Yanming reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215895
I have encountered a bug in F2FS file system in kernel v5.17.
The kernel message is shown below:
kernel BUG at fs/inode.c:611!
Call Trace:
evict+0x282/0x4e0
__dentry_kill+0x2b2/0x4d0
dput+0x2dd/0x720
do_renameat2+0x596/0x970
__x64_sys_rename+0x78/0x90
do_syscall_64+0x3b/0x90
The root cause is: fuzzed inode has both inline_data flag and encrypted
flag, so after it was deleted by rename(), during f2fs_evict_inode(),
it will cause inline data conversion due to flags confilction, then
page cache will be polluted and trigger panic in clear_inode().
This patch tries to fix the issue by do more sanity checks for inline
data inode in sanity_check_inode().
Cc: stable@vger.kernel.org
Reported-by: Ming Yan <yanming@tju.edu.cn>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
---
fs/f2fs/f2fs.h | 7 +++++++
fs/f2fs/inode.c | 3 +--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 27aa93caec06..64c511b498cc 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -4173,6 +4173,13 @@ static inline void f2fs_set_encrypted_inode(struct inode *inode)
*/
static inline bool f2fs_post_read_required(struct inode *inode)
{
+ /*
+ * used by sanity_check_inode(), when disk layout fields has not
+ * been synchronized to inmem fields.
+ */
+ if (file_is_encrypt(inode) || file_is_verity(inode) ||
+ F2FS_I(inode)->i_flags & F2FS_COMPR_FL)
+ return true;
return f2fs_encrypted_file(inode) || fsverity_active(inode) ||
f2fs_compressed_file(inode);
}
diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
index 83639238a1fe..234b8ed02644 100644
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -276,8 +276,7 @@ static bool sanity_check_inode(struct inode *inode, struct page *node_page)
}
}
- if (f2fs_has_inline_data(inode) &&
- (!S_ISREG(inode->i_mode) && !S_ISLNK(inode->i_mode))) {
+ if (f2fs_has_inline_data(inode) && !f2fs_may_inline_data(inode)) {
set_sbi_flag(sbi, SBI_NEED_FSCK);
f2fs_warn(sbi, "%s: inode (ino=%lx, mode=%u) should not have inline_data, run fsck to fix",
__func__, inode->i_ino, inode->i_mode);
--
2.25.1
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
WARNING: multiple messages have this Message-ID (diff)
From: Chao Yu <chao@kernel.org>
To: jaegeuk@kernel.org
Cc: linux-f2fs-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org, Chao Yu <chao@kernel.org>,
stable@vger.kernel.org, Ming Yan <yanming@tju.edu.cn>,
Chao Yu <chao.yu@oppo.com>
Subject: [PATCH] f2fs: fix to do sanity check for inline inode
Date: Thu, 28 Apr 2022 10:49:40 +0800 [thread overview]
Message-ID: <20220428024940.12102-1-chao@kernel.org> (raw)
As Yanming reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215895
I have encountered a bug in F2FS file system in kernel v5.17.
The kernel message is shown below:
kernel BUG at fs/inode.c:611!
Call Trace:
evict+0x282/0x4e0
__dentry_kill+0x2b2/0x4d0
dput+0x2dd/0x720
do_renameat2+0x596/0x970
__x64_sys_rename+0x78/0x90
do_syscall_64+0x3b/0x90
The root cause is: fuzzed inode has both inline_data flag and encrypted
flag, so after it was deleted by rename(), during f2fs_evict_inode(),
it will cause inline data conversion due to flags confilction, then
page cache will be polluted and trigger panic in clear_inode().
This patch tries to fix the issue by do more sanity checks for inline
data inode in sanity_check_inode().
Cc: stable@vger.kernel.org
Reported-by: Ming Yan <yanming@tju.edu.cn>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
---
fs/f2fs/f2fs.h | 7 +++++++
fs/f2fs/inode.c | 3 +--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 27aa93caec06..64c511b498cc 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -4173,6 +4173,13 @@ static inline void f2fs_set_encrypted_inode(struct inode *inode)
*/
static inline bool f2fs_post_read_required(struct inode *inode)
{
+ /*
+ * used by sanity_check_inode(), when disk layout fields has not
+ * been synchronized to inmem fields.
+ */
+ if (file_is_encrypt(inode) || file_is_verity(inode) ||
+ F2FS_I(inode)->i_flags & F2FS_COMPR_FL)
+ return true;
return f2fs_encrypted_file(inode) || fsverity_active(inode) ||
f2fs_compressed_file(inode);
}
diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
index 83639238a1fe..234b8ed02644 100644
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -276,8 +276,7 @@ static bool sanity_check_inode(struct inode *inode, struct page *node_page)
}
}
- if (f2fs_has_inline_data(inode) &&
- (!S_ISREG(inode->i_mode) && !S_ISLNK(inode->i_mode))) {
+ if (f2fs_has_inline_data(inode) && !f2fs_may_inline_data(inode)) {
set_sbi_flag(sbi, SBI_NEED_FSCK);
f2fs_warn(sbi, "%s: inode (ino=%lx, mode=%u) should not have inline_data, run fsck to fix",
__func__, inode->i_ino, inode->i_mode);
--
2.25.1
next reply other threads:[~2022-04-28 2:50 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-28 2:49 Chao Yu [this message]
2022-04-28 2:49 ` [PATCH] f2fs: fix to do sanity check for inline inode Chao Yu
2022-05-04 21:28 ` [f2fs-dev] " Jaegeuk Kim
2022-05-04 21:28 ` Jaegeuk Kim
2022-05-05 2:49 ` [f2fs-dev] " Chao Yu
2022-05-05 2:49 ` Chao Yu
2022-05-05 3:31 ` [f2fs-dev] " Jaegeuk Kim
2022-05-05 3:31 ` Jaegeuk Kim
2022-05-05 14:33 ` [f2fs-dev] " Chao Yu
2022-05-05 14:33 ` Chao Yu
2022-05-08 13:52 ` [f2fs-dev] " Chao Yu
2022-05-08 13:52 ` Chao Yu
2022-05-09 16:57 ` Jaegeuk Kim
2022-05-09 16:57 ` Jaegeuk Kim
2022-05-13 21:35 ` Jaegeuk Kim
2022-05-13 21:35 ` Jaegeuk Kim
2022-05-13 21:07 ` Jaegeuk Kim
2022-05-13 21:07 ` Jaegeuk Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220428024940.12102-1-chao@kernel.org \
--to=chao@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=yanming@tju.edu.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.