lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c61c83c8-a2b7-f414-3991-32f3ac059f2a@kernel.org>
Date:   Sun, 5 Aug 2018 22:49:31 +0800
From:   Chao Yu <chao@...nel.org>
To:     jaegeuk@...nel.org
Cc:     linux-kernel@...r.kernel.org,
        linux-f2fs-devel@...ts.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH] f2fs: fix to do sanity check with block
 address in main area v2

Hi Jaegeuk,

Missing this patch in your tree?

Thanks,

On 2018/7/10 23:01, Chao Yu wrote:
> From: Chao Yu <yuchao0@...wei.com>
> 
> This patch adds f2fs_is_valid_blkaddr() in below functions to do sanity
> check with block address to avoid pentential panic:
> - f2fs_grab_read_bio()
> - __written_first_block()
> 
> https://bugzilla.kernel.org/show_bug.cgi?id=200465
> 
> - Reproduce
> 
> - POC (poc.c)
>     #define _GNU_SOURCE
>     #include <sys/types.h>
>     #include <sys/mount.h>
>     #include <sys/mman.h>
>     #include <sys/stat.h>
>     #include <sys/xattr.h>
> 
>     #include <dirent.h>
>     #include <errno.h>
>     #include <error.h>
>     #include <fcntl.h>
>     #include <stdio.h>
>     #include <stdlib.h>
>     #include <string.h>
>     #include <unistd.h>
> 
>     #include <linux/falloc.h>
>     #include <linux/loop.h>
> 
>     static void activity(char *mpoint) {
> 
>       char *xattr;
>       int err;
> 
>       err = asprintf(&xattr, "%s/foo/bar/xattr", mpoint);
> 
>       char buf2[113];
>       memset(buf2, 0, sizeof(buf2));
>       listxattr(xattr, buf2, sizeof(buf2));
> 
>     }
> 
>     int main(int argc, char *argv[]) {
>       activity(argv[1]);
>       return 0;
>     }
> 
> - kernel message
> [  844.718738] F2FS-fs (loop0): Mounted with checkpoint version = 2
> [  846.430929] F2FS-fs (loop0): access invalid blkaddr:1024
> [  846.431058] WARNING: CPU: 1 PID: 1249 at fs/f2fs/checkpoint.c:154 f2fs_is_valid_blkaddr+0x10f/0x160
> [  846.431059] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd input_leds joydev soundcore serio_raw i2c_piix4 mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear qxl ttm crct10dif_pclmul crc32_pclmul drm_kms_helper ghash_clmulni_intel syscopyarea sysfillrect sysimgblt fb_sys_fops pcbc drm 8139too aesni_intel 8139cp floppy psmouse mii aes_x86_64 crypto_simd pata_acpi cryptd glue_helper
> [  846.431310] CPU: 1 PID: 1249 Comm: a.out Not tainted 4.18.0-rc3+ #1
> [  846.431312] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
> [  846.431315] RIP: 0010:f2fs_is_valid_blkaddr+0x10f/0x160
> [  846.431316] Code: 00 eb ed 31 c0 83 fa 05 75 ae 48 83 ec 08 48 8b 3f 89 f1 48 c7 c2 fc 0b 0f 8b 48 c7 c6 8b d7 09 8b 88 44 24 07 e8 61 8b ff ff <0f> 0b 0f b6 44 24 07 48 83 c4 08 eb 81 4c 8b 47 10 8b 8f 38 04 00
> [  846.431347] RSP: 0018:ffff961c414a7bc0 EFLAGS: 00010282
> [  846.431349] RAX: 0000000000000000 RBX: ffffc5f787b8ea80 RCX: 0000000000000000
> [  846.431350] RDX: 0000000000000000 RSI: ffff89dfffd165d8 RDI: ffff89dfffd165d8
> [  846.431351] RBP: ffff961c414a7c20 R08: 0000000000000001 R09: 0000000000000248
> [  846.431353] R10: 0000000000000000 R11: 0000000000000248 R12: 0000000000000007
> [  846.431369] R13: ffff89dff5492800 R14: ffff89dfae3aa000 R15: ffff89dff4ff88d0
> [  846.431372] FS:  00007f882e2fb700(0000) GS:ffff89dfffd00000(0000) knlGS:0000000000000000
> [  846.431373] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  846.431374] CR2: 0000000001a88008 CR3: 00000001eb572000 CR4: 00000000000006e0
> [  846.431384] Call Trace:
> [  846.431426]  f2fs_iget+0x6f4/0xe70
> [  846.431430]  ? f2fs_find_entry+0x71/0x90
> [  846.431432]  f2fs_lookup+0x1aa/0x390
> [  846.431452]  __lookup_slow+0x97/0x150
> [  846.431459]  lookup_slow+0x35/0x50
> [  846.431462]  walk_component+0x1c6/0x470
> [  846.431479]  ? memcg_kmem_charge_memcg+0x70/0x90
> [  846.431488]  ? page_add_file_rmap+0x13/0x200
> [  846.431491]  path_lookupat+0x76/0x230
> [  846.431501]  ? __alloc_pages_nodemask+0xfc/0x280
> [  846.431504]  filename_lookup+0xb8/0x1a0
> [  846.431534]  ? _cond_resched+0x16/0x40
> [  846.431541]  ? kmem_cache_alloc+0x160/0x1d0
> [  846.431549]  ? path_listxattr+0x41/0xa0
> [  846.431551]  path_listxattr+0x41/0xa0
> [  846.431570]  do_syscall_64+0x55/0x100
> [  846.431583]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [  846.431607] RIP: 0033:0x7f882de1c0d7
> [  846.431607] Code: f0 ff ff 73 01 c3 48 8b 0d be dd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 c2 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 dd 2b 00 f7 d8 64 89 01 48
> [  846.431639] RSP: 002b:00007ffe8e66c238 EFLAGS: 00000202 ORIG_RAX: 00000000000000c2
> [  846.431641] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f882de1c0d7
> [  846.431642] RDX: 0000000000000071 RSI: 00007ffe8e66c280 RDI: 0000000001a880c0
> [  846.431643] RBP: 00007ffe8e66c300 R08: 0000000001a88010 R09: 0000000000000000
> [  846.431645] R10: 00000000000001ab R11: 0000000000000202 R12: 0000000000400550
> [  846.431646] R13: 00007ffe8e66c400 R14: 0000000000000000 R15: 0000000000000000
> [  846.431648] ---[ end trace abca54df39d14f5c ]---
> [  846.431651] F2FS-fs (loop0): invalid blkaddr: 1024, type: 5, run fsck to fix.
> [  846.431762] WARNING: CPU: 1 PID: 1249 at fs/f2fs/f2fs.h:2697 f2fs_iget+0xd17/0xe70
> [  846.431763] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd input_leds joydev soundcore serio_raw i2c_piix4 mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear qxl ttm crct10dif_pclmul crc32_pclmul drm_kms_helper ghash_clmulni_intel syscopyarea sysfillrect sysimgblt fb_sys_fops pcbc drm 8139too aesni_intel 8139cp floppy psmouse mii aes_x86_64 crypto_simd pata_acpi cryptd glue_helper
> [  846.431797] CPU: 1 PID: 1249 Comm: a.out Tainted: G        W         4.18.0-rc3+ #1
> [  846.431798] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
> [  846.431800] RIP: 0010:f2fs_iget+0xd17/0xe70
> [  846.431801] Code: ff ff 48 63 d8 e9 e1 f6 ff ff 48 8b 45 c8 41 b8 05 00 00 00 48 c7 c2 d8 e8 0e 8b 48 c7 c6 1d b0 0a 8b 48 8b 38 e8 f9 b4 00 00 <0f> 0b 48 8b 45 c8 f0 80 48 48 04 e9 d8 f9 ff ff 0f 0b 48 8b 43 18
> [  846.431832] RSP: 0018:ffff961c414a7bd0 EFLAGS: 00010282
> [  846.431834] RAX: 0000000000000000 RBX: ffffc5f787b8ea80 RCX: 0000000000000006
> [  846.431835] RDX: 0000000000000000 RSI: 0000000000000096 RDI: ffff89dfffd165d0
> [  846.431836] RBP: ffff961c414a7c20 R08: 0000000000000000 R09: 0000000000000273
> [  846.431837] R10: 0000000000000000 R11: ffff89dfad50ca60 R12: 0000000000000007
> [  846.431838] R13: ffff89dff5492800 R14: ffff89dfae3aa000 R15: ffff89dff4ff88d0
> [  846.431840] FS:  00007f882e2fb700(0000) GS:ffff89dfffd00000(0000) knlGS:0000000000000000
> [  846.431841] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  846.431842] CR2: 0000000001a88008 CR3: 00000001eb572000 CR4: 00000000000006e0
> [  846.431846] Call Trace:
> [  846.431850]  ? f2fs_find_entry+0x71/0x90
> [  846.431853]  f2fs_lookup+0x1aa/0x390
> [  846.431856]  __lookup_slow+0x97/0x150
> [  846.431858]  lookup_slow+0x35/0x50
> [  846.431874]  walk_component+0x1c6/0x470
> [  846.431878]  ? memcg_kmem_charge_memcg+0x70/0x90
> [  846.431880]  ? page_add_file_rmap+0x13/0x200
> [  846.431882]  path_lookupat+0x76/0x230
> [  846.431884]  ? __alloc_pages_nodemask+0xfc/0x280
> [  846.431886]  filename_lookup+0xb8/0x1a0
> [  846.431890]  ? _cond_resched+0x16/0x40
> [  846.431891]  ? kmem_cache_alloc+0x160/0x1d0
> [  846.431894]  ? path_listxattr+0x41/0xa0
> [  846.431896]  path_listxattr+0x41/0xa0
> [  846.431898]  do_syscall_64+0x55/0x100
> [  846.431901]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [  846.431902] RIP: 0033:0x7f882de1c0d7
> [  846.431903] Code: f0 ff ff 73 01 c3 48 8b 0d be dd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 c2 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 dd 2b 00 f7 d8 64 89 01 48
> [  846.431934] RSP: 002b:00007ffe8e66c238 EFLAGS: 00000202 ORIG_RAX: 00000000000000c2
> [  846.431936] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f882de1c0d7
> [  846.431937] RDX: 0000000000000071 RSI: 00007ffe8e66c280 RDI: 0000000001a880c0
> [  846.431939] RBP: 00007ffe8e66c300 R08: 0000000001a88010 R09: 0000000000000000
> [  846.431940] R10: 00000000000001ab R11: 0000000000000202 R12: 0000000000400550
> [  846.431941] R13: 00007ffe8e66c400 R14: 0000000000000000 R15: 0000000000000000
> [  846.431943] ---[ end trace abca54df39d14f5d ]---
> [  846.432033] F2FS-fs (loop0): access invalid blkaddr:1024
> [  846.432051] WARNING: CPU: 1 PID: 1249 at fs/f2fs/checkpoint.c:154 f2fs_is_valid_blkaddr+0x10f/0x160
> [  846.432051] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd input_leds joydev soundcore serio_raw i2c_piix4 mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear qxl ttm crct10dif_pclmul crc32_pclmul drm_kms_helper ghash_clmulni_intel syscopyarea sysfillrect sysimgblt fb_sys_fops pcbc drm 8139too aesni_intel 8139cp floppy psmouse mii aes_x86_64 crypto_simd pata_acpi cryptd glue_helper
> [  846.432085] CPU: 1 PID: 1249 Comm: a.out Tainted: G        W         4.18.0-rc3+ #1
> [  846.432086] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
> [  846.432089] RIP: 0010:f2fs_is_valid_blkaddr+0x10f/0x160
> [  846.432089] Code: 00 eb ed 31 c0 83 fa 05 75 ae 48 83 ec 08 48 8b 3f 89 f1 48 c7 c2 fc 0b 0f 8b 48 c7 c6 8b d7 09 8b 88 44 24 07 e8 61 8b ff ff <0f> 0b 0f b6 44 24 07 48 83 c4 08 eb 81 4c 8b 47 10 8b 8f 38 04 00
> [  846.432120] RSP: 0018:ffff961c414a7900 EFLAGS: 00010286
> [  846.432122] RAX: 0000000000000000 RBX: 0000000000000400 RCX: 0000000000000006
> [  846.432123] RDX: 0000000000000000 RSI: 0000000000000096 RDI: ffff89dfffd165d0
> [  846.432124] RBP: ffff89dff5492800 R08: 0000000000000001 R09: 000000000000029d
> [  846.432125] R10: ffff961c414a7820 R11: 000000000000029d R12: 0000000000000400
> [  846.432126] R13: 0000000000000000 R14: ffff89dff4ff88d0 R15: 0000000000000000
> [  846.432128] FS:  00007f882e2fb700(0000) GS:ffff89dfffd00000(0000) knlGS:0000000000000000
> [  846.432130] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  846.432131] CR2: 0000000001a88008 CR3: 00000001eb572000 CR4: 00000000000006e0
> [  846.432135] Call Trace:
> [  846.432151]  f2fs_wait_on_block_writeback+0x20/0x110
> [  846.432158]  f2fs_grab_read_bio+0xbc/0xe0
> [  846.432161]  f2fs_submit_page_read+0x21/0x280
> [  846.432163]  f2fs_get_read_data_page+0xb7/0x3c0
> [  846.432165]  f2fs_get_lock_data_page+0x29/0x1e0
> [  846.432167]  f2fs_get_new_data_page+0x148/0x550
> [  846.432170]  f2fs_add_regular_entry+0x1d2/0x550
> [  846.432178]  ? __switch_to+0x12f/0x460
> [  846.432181]  f2fs_add_dentry+0x6a/0xd0
> [  846.432184]  f2fs_do_add_link+0xe9/0x140
> [  846.432186]  __recover_dot_dentries+0x260/0x280
> [  846.432189]  f2fs_lookup+0x343/0x390
> [  846.432193]  __lookup_slow+0x97/0x150
> [  846.432195]  lookup_slow+0x35/0x50
> [  846.432208]  walk_component+0x1c6/0x470
> [  846.432212]  ? memcg_kmem_charge_memcg+0x70/0x90
> [  846.432215]  ? page_add_file_rmap+0x13/0x200
> [  846.432217]  path_lookupat+0x76/0x230
> [  846.432219]  ? __alloc_pages_nodemask+0xfc/0x280
> [  846.432221]  filename_lookup+0xb8/0x1a0
> [  846.432224]  ? _cond_resched+0x16/0x40
> [  846.432226]  ? kmem_cache_alloc+0x160/0x1d0
> [  846.432228]  ? path_listxattr+0x41/0xa0
> [  846.432230]  path_listxattr+0x41/0xa0
> [  846.432233]  do_syscall_64+0x55/0x100
> [  846.432235]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [  846.432237] RIP: 0033:0x7f882de1c0d7
> [  846.432237] Code: f0 ff ff 73 01 c3 48 8b 0d be dd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 c2 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 dd 2b 00 f7 d8 64 89 01 48
> [  846.432269] RSP: 002b:00007ffe8e66c238 EFLAGS: 00000202 ORIG_RAX: 00000000000000c2
> [  846.432271] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f882de1c0d7
> [  846.432272] RDX: 0000000000000071 RSI: 00007ffe8e66c280 RDI: 0000000001a880c0
> [  846.432273] RBP: 00007ffe8e66c300 R08: 0000000001a88010 R09: 0000000000000000
> [  846.432274] R10: 00000000000001ab R11: 0000000000000202 R12: 0000000000400550
> [  846.432275] R13: 00007ffe8e66c400 R14: 0000000000000000 R15: 0000000000000000
> [  846.432277] ---[ end trace abca54df39d14f5e ]---
> [  846.432279] F2FS-fs (loop0): invalid blkaddr: 1024, type: 5, run fsck to fix.
> [  846.432376] WARNING: CPU: 1 PID: 1249 at fs/f2fs/f2fs.h:2697 f2fs_wait_on_block_writeback+0xb1/0x110
> [  846.432376] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd input_leds joydev soundcore serio_raw i2c_piix4 mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear qxl ttm crct10dif_pclmul crc32_pclmul drm_kms_helper ghash_clmulni_intel syscopyarea sysfillrect sysimgblt fb_sys_fops pcbc drm 8139too aesni_intel 8139cp floppy psmouse mii aes_x86_64 crypto_simd pata_acpi cryptd glue_helper
> [  846.432410] CPU: 1 PID: 1249 Comm: a.out Tainted: G        W         4.18.0-rc3+ #1
> [  846.432411] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
> [  846.432413] RIP: 0010:f2fs_wait_on_block_writeback+0xb1/0x110
> [  846.432414] Code: 66 90 f0 ff 4b 34 74 59 5b 5d c3 48 8b 7d 00 41 b8 05 00 00 00 89 d9 48 c7 c2 d8 e8 0e 8b 48 c7 c6 1d b0 0a 8b e8 df bc fd ff <0f> 0b f0 80 4d 48 04 e9 67 ff ff ff 48 8b 03 48 c1 e8 37 83 e0 07
> [  846.432445] RSP: 0018:ffff961c414a7910 EFLAGS: 00010286
> [  846.432447] RAX: 0000000000000000 RBX: 0000000000000400 RCX: 0000000000000006
> [  846.432448] RDX: 0000000000000000 RSI: 0000000000000092 RDI: ffff89dfffd165d0
> [  846.432449] RBP: ffff89dff5492800 R08: 0000000000000000 R09: 00000000000002d1
> [  846.432450] R10: ffff961c414a7820 R11: ffff89dfad50cf80 R12: 0000000000000400
> [  846.432451] R13: 0000000000000000 R14: ffff89dff4ff88d0 R15: 0000000000000000
> [  846.432453] FS:  00007f882e2fb700(0000) GS:ffff89dfffd00000(0000) knlGS:0000000000000000
> [  846.432454] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  846.432455] CR2: 0000000001a88008 CR3: 00000001eb572000 CR4: 00000000000006e0
> [  846.432459] Call Trace:
> [  846.432463]  f2fs_grab_read_bio+0xbc/0xe0
> [  846.432464]  f2fs_submit_page_read+0x21/0x280
> [  846.432466]  f2fs_get_read_data_page+0xb7/0x3c0
> [  846.432468]  f2fs_get_lock_data_page+0x29/0x1e0
> [  846.432470]  f2fs_get_new_data_page+0x148/0x550
> [  846.432473]  f2fs_add_regular_entry+0x1d2/0x550
> [  846.432475]  ? __switch_to+0x12f/0x460
> [  846.432477]  f2fs_add_dentry+0x6a/0xd0
> [  846.432480]  f2fs_do_add_link+0xe9/0x140
> [  846.432483]  __recover_dot_dentries+0x260/0x280
> [  846.432485]  f2fs_lookup+0x343/0x390
> [  846.432488]  __lookup_slow+0x97/0x150
> [  846.432490]  lookup_slow+0x35/0x50
> [  846.432505]  walk_component+0x1c6/0x470
> [  846.432509]  ? memcg_kmem_charge_memcg+0x70/0x90
> [  846.432511]  ? page_add_file_rmap+0x13/0x200
> [  846.432513]  path_lookupat+0x76/0x230
> [  846.432515]  ? __alloc_pages_nodemask+0xfc/0x280
> [  846.432517]  filename_lookup+0xb8/0x1a0
> [  846.432520]  ? _cond_resched+0x16/0x40
> [  846.432522]  ? kmem_cache_alloc+0x160/0x1d0
> [  846.432525]  ? path_listxattr+0x41/0xa0
> [  846.432526]  path_listxattr+0x41/0xa0
> [  846.432529]  do_syscall_64+0x55/0x100
> [  846.432531]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [  846.432533] RIP: 0033:0x7f882de1c0d7
> [  846.432533] Code: f0 ff ff 73 01 c3 48 8b 0d be dd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 c2 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 dd 2b 00 f7 d8 64 89 01 48
> [  846.432565] RSP: 002b:00007ffe8e66c238 EFLAGS: 00000202 ORIG_RAX: 00000000000000c2
> [  846.432567] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f882de1c0d7
> [  846.432568] RDX: 0000000000000071 RSI: 00007ffe8e66c280 RDI: 0000000001a880c0
> [  846.432569] RBP: 00007ffe8e66c300 R08: 0000000001a88010 R09: 0000000000000000
> [  846.432570] R10: 00000000000001ab R11: 0000000000000202 R12: 0000000000400550
> [  846.432571] R13: 00007ffe8e66c400 R14: 0000000000000000 R15: 0000000000000000
> [  846.432573] ---[ end trace abca54df39d14f5f ]---
> [  846.434280] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
> [  846.434424] PGD 80000001ebd3a067 P4D 80000001ebd3a067 PUD 1eb1ae067 PMD 0
> [  846.434551] Oops: 0000 [#1] SMP PTI
> [  846.434697] CPU: 0 PID: 44 Comm: kworker/u5:0 Tainted: G        W         4.18.0-rc3+ #1
> [  846.434805] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
> [  846.435000] Workqueue: fscrypt_read_queue decrypt_work
> [  846.435174] RIP: 0010:fscrypt_do_page_crypto+0x6e/0x2d0
> [  846.435351] Code: 00 65 48 8b 04 25 28 00 00 00 48 89 84 24 88 00 00 00 31 c0 e8 43 c2 e0 ff 49 8b 86 48 02 00 00 85 ed c7 44 24 70 00 00 00 00 <48> 8b 58 08 0f 84 14 02 00 00 48 8b 78 10 48 8b 0c 24 48 c7 84 24
> [  846.435696] RSP: 0018:ffff961c40f9bd60 EFLAGS: 00010206
> [  846.435870] RAX: 0000000000000000 RBX: ffffc5f787719b80 RCX: ffffc5f787719b80
> [  846.436051] RDX: ffffffff8b9f4b88 RSI: ffffffff8b0ae622 RDI: ffff961c40f9bdb8
> [  846.436261] RBP: 0000000000001000 R08: ffffc5f787719b80 R09: 0000000000001000
> [  846.436433] R10: 0000000000000018 R11: fefefefefefefeff R12: ffffc5f787719b80
> [  846.436562] R13: ffffc5f787719b80 R14: ffff89dff4ff88d0 R15: 0ffff89dfaddee60
> [  846.436658] FS:  0000000000000000(0000) GS:ffff89dfffc00000(0000) knlGS:0000000000000000
> [  846.436758] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  846.436898] CR2: 0000000000000008 CR3: 00000001eddd0000 CR4: 00000000000006f0
> [  846.437001] Call Trace:
> [  846.437181]  ? check_preempt_wakeup+0xf2/0x230
> [  846.437276]  ? check_preempt_curr+0x7c/0x90
> [  846.437370]  fscrypt_decrypt_page+0x48/0x4d
> [  846.437466]  __fscrypt_decrypt_bio+0x5b/0x90
> [  846.437542]  decrypt_work+0x12/0x20
> [  846.437651]  process_one_work+0x15e/0x3d0
> [  846.437740]  worker_thread+0x4c/0x440
> [  846.437848]  kthread+0xf8/0x130
> [  846.437938]  ? rescuer_thread+0x350/0x350
> [  846.438022]  ? kthread_associate_blkcg+0x90/0x90
> [  846.438117]  ret_from_fork+0x35/0x40
> [  846.438201] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd input_leds joydev soundcore serio_raw i2c_piix4 mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear qxl ttm crct10dif_pclmul crc32_pclmul drm_kms_helper ghash_clmulni_intel syscopyarea sysfillrect sysimgblt fb_sys_fops pcbc drm 8139too aesni_intel 8139cp floppy psmouse mii aes_x86_64 crypto_simd pata_acpi cryptd glue_helper
> [  846.438653] CR2: 0000000000000008
> [  846.438713] ---[ end trace abca54df39d14f60 ]---
> [  846.438796] RIP: 0010:fscrypt_do_page_crypto+0x6e/0x2d0
> [  846.438844] Code: 00 65 48 8b 04 25 28 00 00 00 48 89 84 24 88 00 00 00 31 c0 e8 43 c2 e0 ff 49 8b 86 48 02 00 00 85 ed c7 44 24 70 00 00 00 00 <48> 8b 58 08 0f 84 14 02 00 00 48 8b 78 10 48 8b 0c 24 48 c7 84 24
> [  846.439084] RSP: 0018:ffff961c40f9bd60 EFLAGS: 00010206
> [  846.439176] RAX: 0000000000000000 RBX: ffffc5f787719b80 RCX: ffffc5f787719b80
> [  846.440927] RDX: ffffffff8b9f4b88 RSI: ffffffff8b0ae622 RDI: ffff961c40f9bdb8
> [  846.442083] RBP: 0000000000001000 R08: ffffc5f787719b80 R09: 0000000000001000
> [  846.443284] R10: 0000000000000018 R11: fefefefefefefeff R12: ffffc5f787719b80
> [  846.444448] R13: ffffc5f787719b80 R14: ffff89dff4ff88d0 R15: 0ffff89dfaddee60
> [  846.445558] FS:  0000000000000000(0000) GS:ffff89dfffc00000(0000) knlGS:0000000000000000
> [  846.446687] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  846.447796] CR2: 0000000000000008 CR3: 00000001eddd0000 CR4: 00000000000006f0
> 
> - Location
> https://elixir.bootlin.com/linux/v4.18-rc4/source/fs/crypto/crypto.c#L149
> 	struct crypto_skcipher *tfm = ci->ci_ctfm;
> Here ci can be NULL
> 
> Note that this issue maybe require CONFIG_F2FS_FS_ENCRYPTION=y to reproduce.
> 
> Reported-by Wen Xu <wen.xu@...ech.edu>
> Signed-off-by: Chao Yu <yuchao0@...wei.com>
> ---
>  fs/f2fs/data.c  |  3 +++
>  fs/f2fs/inode.c | 18 +++++++++++++-----
>  2 files changed, 16 insertions(+), 5 deletions(-)
> 
> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
> index afe76d87575c..89e8fa7aeb20 100644
> --- a/fs/f2fs/data.c
> +++ b/fs/f2fs/data.c
> @@ -545,6 +545,9 @@ static struct bio *f2fs_grab_read_bio(struct inode *inode, block_t blkaddr,
>  	struct bio_post_read_ctx *ctx;
>  	unsigned int post_read_steps = 0;
>  
> +	if (!f2fs_is_valid_blkaddr(sbi, blkaddr, DATA_GENERIC))
> +		return ERR_PTR(-EFAULT);
> +
>  	bio = f2fs_bio_alloc(sbi, min_t(int, nr_pages, BIO_MAX_PAGES), false);
>  	if (!bio)
>  		return ERR_PTR(-ENOMEM);
> diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
> index 6e661445ddd6..50a9e279dfed 100644
> --- a/fs/f2fs/inode.c
> +++ b/fs/f2fs/inode.c
> @@ -68,14 +68,16 @@ static void __get_inode_rdev(struct inode *inode, struct f2fs_inode *ri)
>  	}
>  }
>  
> -static bool __written_first_block(struct f2fs_sb_info *sbi,
> +static int __written_first_block(struct f2fs_sb_info *sbi,
>  					struct f2fs_inode *ri)
>  {
>  	block_t addr = le32_to_cpu(ri->i_addr[offset_in_addr(ri)]);
>  
> -	if (is_valid_data_blkaddr(sbi, addr))
> -		return true;
> -	return false;
> +	if (!__is_valid_data_blkaddr(addr))
> +		return 1;
> +	if (!f2fs_is_valid_blkaddr(sbi, addr, DATA_GENERIC))
> +		return -EFAULT;
> +	return 0;
>  }
>  
>  static void __set_inode_rdev(struct inode *inode, struct f2fs_inode *ri)
> @@ -295,6 +297,7 @@ static int do_read_inode(struct inode *inode)
>  	struct page *node_page;
>  	struct f2fs_inode *ri;
>  	projid_t i_projid;
> +	int err;
>  
>  	/* Check if ino is within scope */
>  	if (f2fs_check_nid_range(sbi, inode->i_ino))
> @@ -368,7 +371,12 @@ static int do_read_inode(struct inode *inode)
>  	/* get rdev by using inline_info */
>  	__get_inode_rdev(inode, ri);
>  
> -	if (__written_first_block(sbi, ri))
> +	err = __written_first_block(sbi, ri);
> +	if (err < 0) {
> +		f2fs_put_page(node_page, 1);
> +		return err;
> +	}
> +	if (!err)
>  		set_inode_flag(inode, FI_FIRST_BLOCK_WRITTEN);
>  
>  	if (!f2fs_need_inode_block_update(sbi, inode->i_ino))
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ