Re: [PATCH 4.14 4.19 5.4] nilfs2: fix missing error check for sb_set_blocksize call

[Greg Kroah-Hartman <gregkh@linuxfoundation.org>]

On Sun, Dec 10, 2023 at 04:26:48PM +0900, Ryusuke Konishi wrote:
> commit d61d0ab573649789bf9eb909c89a1a193b2e3d10 upstream.
> 
> When mounting a filesystem image with a block size larger than the page
> size, nilfs2 repeatedly outputs long error messages with stack traces to
> the kernel log, such as the following:
> 
>  getblk(): invalid block size 8192 requested
>  logical block size: 512
>  ...
>  Call Trace:
>   dump_stack_lvl+0x92/0xd4
>   dump_stack+0xd/0x10
>   bdev_getblk+0x33a/0x354
>   __breadahead+0x11/0x80
>   nilfs_search_super_root+0xe2/0x704 [nilfs2]
>   load_nilfs+0x72/0x504 [nilfs2]
>   nilfs_mount+0x30f/0x518 [nilfs2]
>   legacy_get_tree+0x1b/0x40
>   vfs_get_tree+0x18/0xc4
>   path_mount+0x786/0xa88
>   __ia32_sys_mount+0x147/0x1a8
>   __do_fast_syscall_32+0x56/0xc8
>   do_fast_syscall_32+0x29/0x58
>   do_SYSENTER_32+0x15/0x18
>   entry_SYSENTER_32+0x98/0xf1
>  ...
> 
> This overloads the system logger.  And to make matters worse, it sometimes
> crashes the kernel with a memory access violation.
> 
> This is because the return value of the sb_set_blocksize() call, which
> should be checked for errors, is not checked.
> 
> The latter issue is due to out-of-buffer memory being accessed based on a
> large block size that caused sb_set_blocksize() to fail for buffers read
> with the initial minimum block size that remained unupdated in the
> super_block structure.
> 
> Since nilfs2 mkfs tool does not accept block sizes larger than the system
> page size, this has been overlooked.  However, it is possible to create
> this situation by intentionally modifying the tool or by passing a
> filesystem image created on a system with a large page size to a system
> with a smaller page size and mounting it.
> 
> Fix this issue by inserting the expected error handling for the call to
> sb_set_blocksize().
> 
> Link: https://lkml.kernel.org/r/20231129141547.4726-1-konishi.ryusuke@gmail.com
> Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
> Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> ---
> Please apply this patch to the stable trees indicated by the subject line
> prefix, instead of the patch I asked you to drop earlier.
> 
> In this patch, "nilfs_err()" is replaced with its equivalent since it
> doesn't yet exist in these kernels.  With this tweak, this patch is
> applicable from v4.8 to v5.8.  Also this patch has been tested against
> these three stable trees.

Now replaced with this version, thanks for catching this!

greg k-h