From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5EDD3C282CB for ; Tue, 5 Feb 2019 13:59:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2BC8D207E0 for ; Tue, 5 Feb 2019 13:59:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727879AbfBEN72 (ORCPT ); Tue, 5 Feb 2019 08:59:28 -0500 Received: from imap1.codethink.co.uk ([176.9.8.82]:35340 "EHLO imap1.codethink.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726276AbfBEN72 (ORCPT ); Tue, 5 Feb 2019 08:59:28 -0500 Received: from [167.98.27.226] (helo=xylophone) by imap1.codethink.co.uk with esmtpsa (Exim 4.84_2 #1 (Debian)) id 1gr1Fz-0001JJ-GX; Tue, 05 Feb 2019 13:59:23 +0000 Message-ID: <1549375162.2925.5.camel@codethink.co.uk> Subject: Re: Security fixes for 4.4 - f2fs From: Ben Hutchings To: Jiri Slaby , Greg Kroah-Hartman , Sasha Levin Cc: stable , linux-f2fs-devel@lists.sourceforge.net Date: Tue, 05 Feb 2019 13:59:22 +0000 In-Reply-To: References: <1547753327.3229.115.camel@codethink.co.uk> Organization: Codethink Ltd. Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.22.6-1+deb9u1 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org On Tue, 2019-01-29 at 13:41 +0100, Jiri Slaby wrote: > On 17. 01. 19, 20:28, Ben Hutchings wrote: > > I've backported fixes for several security issues involving filesystem > > validation in f2fs.  All of these are already fixed in the later stable > > branches. > > > > I tested with the reproducers where available.  I also checked for > > regressions with xfstests and didn't find any (but many tests fail with > > or without these changes). > > Hi, > > I am thinking why in this patch: > > From ec2d979dc3888b6de795344157bb6fe73bbe8e44 Mon Sep 17 00:00:00 2001 > > From: Chao Yu > > Date: Wed, 22 Mar 2017 14:45:05 +0800 > > Subject: [PATCH 18/36] f2fs: fix race condition in between free nid > >  allocator/initializer > > > > commit 30a61ddf8117c26ac5b295e1233eaa9629a94ca3 upstream. > > > > you do: > > > +       err = 0; > >         list_add_tail(&i->list, &nm_i->free_nid_list); > >         nm_i->fcnt++; > > +err_out: > >         spin_unlock(&nm_i->free_nid_list_lock); > >         radix_tree_preload_end(); > > -       return 1; > > +err: > > +       if (err) > > +               kmem_cache_free(free_nid_slab, i); > > +       return !err; > > "!err"? Should it be "err < 0 ? err : 1" instead? This function previously returned -1 (low memory), 0 (error), or 1 (success). This fix should not and does not change that. (In the upstream code, this function returns true or false, and again the upstream fix did not change that.) Ben. -- Ben Hutchings, Software Developer   Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom