[PATCH fs/bfs 2/2] bfs: add buffer_uptodate check before mark_buffer_dirty call

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: kovalev@altlinux.org
To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	aivazian.tigran@gmail.com, stable@vger.kernel.org
Cc: lvc-patches@linuxtesting.org, dutyrok@altlinux.org,
	kovalev@altlinux.org,
	syzbot+d98fd19acd08b36ff422@syzkaller.appspotmail.com
Subject: [PATCH fs/bfs 2/2] bfs: add buffer_uptodate check before mark_buffer_dirty call
Date: Wed, 10 Jul 2024 22:11:18 +0300	[thread overview]
Message-ID: <20240710191118.40431-3-kovalev@altlinux.org> (raw)
In-Reply-To: <20240710191118.40431-1-kovalev@altlinux.org>

From: Vasiliy Kovalev <kovalev@altlinux.org>

Add a check in bfs_move_block to ensure the new buffer is up-to-date
(buffer_uptodate) before calling mark_buffer_dirty.

Found by Syzkaller:

WARNING: CPU: 1 PID: 1046 at fs/buffer.c:1183 mark_buffer_dirty+0x394/0x3f0
CPU: 1 PID: 1046 Comm: mark_buffer_dir Not tainted 6.10.0-un-def-alt0.rc7.kasan
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014
RIP: 0010:mark_buffer_dirty+0x394/0x3f0
Call Trace:
<TASK>
? show_regs+0x8d/0xa0
? __warn+0xe6/0x380
? mark_buffer_dirty+0x394/0x3f0
? report_bug+0x348/0x480
? handle_bug+0x60/0xc0
? exc_invalid_op+0x13/0x50
? asm_exc_invalid_op+0x16/0x20
? mark_buffer_dirty+0x394/0x3f0
? mark_buffer_dirty+0x394/0x3f0
bfs_get_block+0x3ec/0xe80 [bfs]
? __pfx_bfs_get_block+0x10/0x10 [bfs]
__block_write_begin_int+0x4ae/0x16a0
? __pfx_bfs_get_block+0x10/0x10 [bfs]
? __pfx___block_write_begin_int+0x10/0x10
block_write_begin+0xb5/0x410
? __pfx_bfs_get_block+0x10/0x10 [bfs]
bfs_write_begin+0x32/0xe0 [bfs]
generic_perform_write+0x265/0x610
? __pfx_generic_perform_write+0x10/0x10
? generic_write_checks+0x323/0x4a0
? __pfx_generic_file_write_iter+0x10/0x10
__generic_file_write_iter+0x16a/0x1b0
generic_file_write_iter+0xf0/0x360
? __pfx_generic_file_write_iter+0x10/0x10
vfs_write+0x670/0x1120
? __pfx_vfs_write+0x10/0x10
ksys_write+0x127/0x260
? __pfx_ksys_write+0x10/0x10
do_syscall_64+0x9f/0x190
? do_syscall_64+0xab/0x190
? syscall_exit_to_user_mode+0xbb/0x1d0
? do_syscall_64+0xab/0x190
? lock_release+0x241/0x730
? __ct_user_enter+0xb3/0xc0
? __pfx_lock_release+0x10/0x10
? get_vtime_delta+0x116/0x270
? ct_kernel_exit.isra.0+0xbb/0xe0
? __ct_user_enter+0x74/0xc0
? syscall_exit_to_user_mode+0xbb/0x1d0
? do_syscall_64+0xab/0x190
? do_syscall_64+0xab/0x190
? ct_kernel_exit.isra.0+0xbb/0xe0
? clear_bhb_loop+0x45/0xa0
? clear_bhb_loop+0x45/0xa0
? clear_bhb_loop+0x45/0xa0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f5bb79a4d2

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: syzbot+d98fd19acd08b36ff422@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=d98fd19acd08b36ff422
Cc: stable@vger.kernel.org
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
---
 fs/bfs/file.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fs/bfs/file.c b/fs/bfs/file.c
index cb41ca2a2854e4..da91af8f41e097 100644
--- a/fs/bfs/file.c
+++ b/fs/bfs/file.c
@@ -45,8 +45,13 @@ static int bfs_move_block(unsigned long from, unsigned long to,
 		err = -EIO;
 		goto out_err_new;
 	}
+	if (!buffer_uptodate(new)) {
+		err = -EIO;
+		goto out_err;
+	}
 	memcpy(new->b_data, bh->b_data, bh->b_size);
 	mark_buffer_dirty(new);
+out_err:
 	brelse(new);
 out_err_new:
 	bforget(bh);
-- 
2.33.8

     prev parent reply	other threads:[~2024-07-10 19:11 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-10 19:11 [PATCH fs/bfs 0/2] bfs: fix null-ptr-deref and possible warning in bfs_move_block() func kovalev
2024-07-10 19:11 ` [PATCH fs/bfs 1/2] bfs: fix null-ptr-deref in bfs_move_block kovalev
2024-07-10 20:09   ` Markus Elfring
2024-07-10 21:57     ` Василий Ковалев
2024-07-11  6:00       ` [fs/bfs " Markus Elfring
2024-07-11 16:40   ` [PATCH fs/bfs " kernel test robot
2024-07-10 19:11 ` kovalev [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:cb41ca2a2854e dfblob:da91af8f41e09 )
 OR (
bs:"[PATCH fs/bfs 2/2] bfs: add buffer_uptodate check before mark_buffer_dirty call" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240710191118.40431-3-kovalev@altlinux.org \
    --to=kovalev@altlinux.org \
    --cc=aivazian.tigran@gmail.com \
    --cc=dutyrok@altlinux.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lvc-patches@linuxtesting.org \
    --cc=stable@vger.kernel.org \
    --cc=syzbot+d98fd19acd08b36ff422@syzkaller.appspotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox