From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
syzbot+848062ba19c8782ca5c8@syzkaller.appspotmail.com,
Chao Yu <chao@kernel.org>, Jaegeuk Kim <jaegeuk@kernel.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.10 09/22] f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC
Date: Thu, 15 Aug 2024 15:25:17 +0200 [thread overview]
Message-ID: <20240815131831.620849534@linuxfoundation.org> (raw)
In-Reply-To: <20240815131831.265729493@linuxfoundation.org>
6.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <chao@kernel.org>
[ Upstream commit fc01008c92f40015aeeced94750855a7111b6929 ]
syzbot reports a f2fs bug as below:
------------[ cut here ]------------
kernel BUG at fs/f2fs/inline.c:258!
CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0
RIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258
Call Trace:
f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834
f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline]
__f2fs_write_data_pages fs/f2fs/data.c:3288 [inline]
f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315
do_writepages+0x35b/0x870 mm/page-writeback.c:2612
__writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650
writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941
wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117
wb_do_writeback fs/fs-writeback.c:2264 [inline]
wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f2/0x390 kernel/kthread.c:388
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
The root cause is: inline_data inode can be fuzzed, so that there may
be valid blkaddr in its direct node, once f2fs triggers background GC
to migrate the block, it will hit f2fs_bug_on() during dirty page
writeback.
Let's add sanity check on F2FS_INLINE_DATA flag in inode during GC,
so that, it can forbid migrating inline_data inode's data block for
fixing.
Reported-by: syzbot+848062ba19c8782ca5c8@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-f2fs-devel/000000000000d103ce06174d7ec3@google.com
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/gc.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c
index b2951cd930d80..448c75e80b89e 100644
--- a/fs/f2fs/gc.c
+++ b/fs/f2fs/gc.c
@@ -1566,6 +1566,16 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum,
continue;
}
+ if (f2fs_has_inline_data(inode)) {
+ iput(inode);
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ f2fs_err_ratelimited(sbi,
+ "inode %lx has both inline_data flag and "
+ "data block, nid=%u, ofs_in_node=%u",
+ inode->i_ino, dni.nid, ofs_in_node);
+ continue;
+ }
+
err = f2fs_gc_pinned_control(inode, gc_type, segno);
if (err == -EAGAIN) {
iput(inode);
--
2.43.0
next prev parent reply other threads:[~2024-08-15 13:39 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-15 13:25 [PATCH 6.10 00/22] 6.10.6-rc1 review Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 01/22] exec: Fix ToCToU between perm check and set-uid/gid usage Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 02/22] drm/amd/display: Defer handling mst up request in resume Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 03/22] drm/amd/display: Separate setting and programming of cursor Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 04/22] drm/amd/display: Prevent IPX From Link Detect and Set Mode Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 05/22] LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 06/22] nvme/pci: Add APST quirk for Lenovo N60z laptop Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 07/22] ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 08/22] bpf, net: Use DEV_STAT_INC() Greg Kroah-Hartman
2024-08-15 13:25 ` Greg Kroah-Hartman [this message]
2024-08-15 13:25 ` [PATCH 6.10 10/22] f2fs: fix to cover read extent cache access with lock Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 11/22] fou: remove warn in gue_gro_receive on unsupported protocol Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 12/22] jfs: fix null ptr deref in dtInsertEntry Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 13/22] jfs: Fix shift-out-of-bounds in dbDiscardAG Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 14/22] fs/ntfs3: Do copy_to_user out of run_lock Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 15/22] ALSA: usb: Fix UBSAN warning in parse_audio_unit() Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 16/22] platform/x86/amd/pmf: Fix to Update HPD Data When ALS is Disabled Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 17/22] platform/x86: ideapad-laptop: introduce a generic notification chain Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 18/22] platform/x86: ideapad-laptop: move ymc_trigger_ec from lenovo-ymc Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 19/22] platform/x86: ideapad-laptop: add a mutex to synchronize VPC commands Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 20/22] binfmt_flat: Fix corruption when not offsetting data start Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 21/22] drm/amd/display: Solve mst monitors blank out problem after resume Greg Kroah-Hartman
2024-08-15 13:25 ` [PATCH 6.10 22/22] drm/amdgpu/display: Fix null pointer dereference in dc_stream_program_cursor_position Greg Kroah-Hartman
2024-08-15 14:41 ` [PATCH 6.10 00/22] 6.10.6-rc1 review Kevin Holm
2024-08-15 15:07 ` Guenter Roeck
2024-08-16 8:51 ` Greg Kroah-Hartman
2024-08-15 18:01 ` Justin Forbes
2024-08-15 18:34 ` Markus Reichelt
2024-08-15 20:26 ` Peter Schneider
2024-08-15 20:32 ` Pavel Machek
2024-08-15 22:13 ` Florian Fainelli
2024-08-16 8:45 ` Anders Roxell
2024-08-16 10:08 ` Christian Heusel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240815131831.620849534@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=chao@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+848062ba19c8782ca5c8@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.