From: Jaegeuk Kim <jaegeuk@kernel.org>
To: Chao Yu <chao@kernel.org>
Cc: linux-f2fs-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org, Chao Yu <chao.yu@oppo.com>
Subject: Re: [PATCH v2] f2fs: fix to disallow getting inner inode via f2fs_iget()
Date: Mon, 12 Sep 2022 08:39:38 -0700 [thread overview]
Message-ID: <Yx9SulcDlMfO/hiW@google.com> (raw)
In-Reply-To: <e5abac5f-433b-62d4-b2fa-974b5f978d61@kernel.org>
On 09/08, Chao Yu wrote:
> On 2022/9/8 10:19, Jaegeuk Kim wrote:
> > On 09/08, Chao Yu wrote:
> > > On 2022/9/8 10:02, Jaegeuk Kim wrote:
> > > > On 08/31, Chao Yu wrote:
> > > > > From: Chao Yu <chao.yu@oppo.com>
> > > > >
> > > > > Introduce f2fs_iget_inner() for f2fs_fill_super() to get inner inode:
> > > > > meta inode, node inode or compressed inode, and add f2fs_check_nid_range()
> > > > > in f2fs_iget() to avoid getting inner inode from external interfaces.
> > > >
> > > > So, we don't want to check the range of inner inode numbers? What'd be the
> > > > way to check it's okay?
> > >
> > > For node_ino, meta_ino, root_ino, we have checked them in sanity_check_raw_super()
> > > as below:
> > >
> > > /* check reserved ino info */
> > > if (le32_to_cpu(raw_super->node_ino) != 1 ||
> > > le32_to_cpu(raw_super->meta_ino) != 2 ||
> > > le32_to_cpu(raw_super->root_ino) != 3) {
> > > f2fs_info(sbi, "Invalid Fs Meta Ino: node(%u) meta(%u) root(%u)",
> > > le32_to_cpu(raw_super->node_ino),
> > > le32_to_cpu(raw_super->meta_ino),
> > > le32_to_cpu(raw_super->root_ino));
> > > return -EFSCORRUPTED;
> > > }
> > >
> > > compressed_ino should always be NM_I(sbi)->max_nid, it can be checked in
> > > f2fs_init_compress_inode()?
> >
> > Hmm, I'm not sure whether we really need this patch, since it'd look better
> > to handle all the iget with single f2fs_iget?
>
> Well, the main concern is previously f2fs_iget() won't check validation for inner
> inode due to it will skip do_read_inode() - f2fs_check_nid_range(), so that in a
> fuzzed image, caller may pass inner ino into f2fs_iget(), result in incorrect use
> of inner inode. So I add f2fs_check_nid_range() in prior to f2fs_iget_inner() in
> f2fs_iget() as below to detect and avoid this case.
FWIW, sanity_check_raw_super() checked the inode numbers.
>
> > > > > +struct inode *f2fs_iget(struct super_block *sb, unsigned long ino)
> > > > > +{
> > > > > + int ret;
> > > > > +
> > > > > + ret = f2fs_check_nid_range(F2FS_SB(sb), ino);
> > > > > + if (ret)
> > > > > + return ERR_PTR(ret);
> > > > > +
> > > > > + return f2fs_iget_inner(sb, ino);
next prev parent reply other threads:[~2022-09-12 15:39 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-30 22:53 [PATCH v2] f2fs: fix to disallow getting inner inode via f2fs_iget() Chao Yu
2022-09-08 1:58 ` Chao Yu
2022-09-08 2:02 ` Jaegeuk Kim
2022-09-08 2:11 ` Chao Yu
2022-09-08 2:19 ` Jaegeuk Kim
2022-09-08 4:04 ` Chao Yu
2022-09-12 15:39 ` Jaegeuk Kim [this message]
2022-09-13 1:26 ` Chao Yu
[not found] ` <YyAbBroLzLPaSyCF@google.com>
2022-09-13 6:44 ` Chao Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yx9SulcDlMfO/hiW@google.com \
--to=jaegeuk@kernel.org \
--cc=chao.yu@oppo.com \
--cc=chao@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox