From: Bagas Sanjaya <bagasdotme@gmail.com>
To: Chao Yu <chao@kernel.org>
Cc: jaegeuk@kernel.org, linux-f2fs-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org, stable@vger.kernel.org,
Ming Yan <yanming@tju.edu.cn>, Chao Yu <chao.yu@oppo.com>
Subject: Re: [PATCH v2] f2fs: fix to do sanity check for inline inode
Date: Sat, 14 May 2022 19:14:38 +0700 [thread overview]
Message-ID: <Yn+dLtxsy6LwVIBQ@debian.me> (raw)
In-Reply-To: <20220514080102.2246-1-chao@kernel.org>
On Sat, May 14, 2022 at 04:01:02PM +0800, Chao Yu wrote:
> As Yanming reported in bugzilla:
>
> https://bugzilla.kernel.org/show_bug.cgi?id=215895
>
> I have encountered a bug in F2FS file system in kernel v5.17.
>
> The kernel message is shown below:
>
> kernel BUG at fs/inode.c:611!
> Call Trace:
> evict+0x282/0x4e0
> __dentry_kill+0x2b2/0x4d0
> dput+0x2dd/0x720
> do_renameat2+0x596/0x970
> __x64_sys_rename+0x78/0x90
> do_syscall_64+0x3b/0x90
>
> The root cause is: fuzzed inode has both inline_data flag and encrypted
> flag, so after it was deleted by rename(), during f2fs_evict_inode(),
> it will cause inline data conversion due to flags confilction, then
> page cache will be polluted and trigger panic in clear_inode().
>
> This patch tries to fix the issue by do more sanity checks for inline
> data inode in sanity_check_inode().
>
> Cc: stable@vger.kernel.org
> Reported-by: Ming Yan <yanming@tju.edu.cn>
> Signed-off-by: Chao Yu <chao.yu@oppo.com>
Hi Chao,
I think the patch message can be reworked , like below:
Yanming reported a kernel bug in Bugzilla kernel, which can be reproduced.
The bug message is:
kernel BUG at fs/inode.c:611!
Call Trace:
evict+0x282/0x4e0
__dentry_kill+0x2b2/0x4d0
dput+0x2dd/0x720
do_renameat2+0x596/0x970
__x64_sys_rename+0x78/0x90
do_syscall_64+0x3b/0x90
The bug is due to fuzzed inode has both inline_data and encrypted flags.
During f2fs_evict_inode(), after the inode was deleted by rename(), it
will cause inline data conversion due to conflicting flags. The page
cache will be polluted and the panic will be triggered in clear_inode().
Try fixing the bug by doing more sanity checks for inline data inode in
sanity_check_inode().
Thanks.
--
An old man doll... just what I always wanted! - Clara
next prev parent reply other threads:[~2022-05-14 12:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-14 8:01 [PATCH v2] f2fs: fix to do sanity check for inline inode Chao Yu
2022-05-14 12:14 ` Bagas Sanjaya [this message]
2022-05-15 8:57 ` Chao Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yn+dLtxsy6LwVIBQ@debian.me \
--to=bagasdotme@gmail.com \
--cc=chao.yu@oppo.com \
--cc=chao@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=yanming@tju.edu.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox