lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20191203222833.GB3430290@kroah.com>
Date:   Tue, 3 Dec 2019 23:28:33 +0100
From:   Greg KH <greg@...ah.com>
To:     linux-kernel@...r.kernel.org
Cc:     zhengliang6@...wei.com, stable-commits@...r.kernel.org
Subject: Re: Patch "f2fs: fix to data block override node segment by mistake"
 has been added to the 4.14-stable tree

On Sun, Dec 01, 2019 at 10:19:12AM -0500, Sasha Levin wrote:
> This is a note to let you know that I've just added the patch titled
> 
>     f2fs: fix to data block override node segment by mistake
> 
> to the 4.14-stable tree which can be found at:
>     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> 
> The filename of the patch is:
>      f2fs-fix-to-data-block-override-node-segment-by-mist.patch
> and it can be found in the queue-4.14 subdirectory.
> 
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@...r.kernel.org> know about it.
> 
> 
> 
> commit 533b6950b413fd564fb6a3e1f64f53e959c9b999
> Author: zhengliang <zhengliang6@...wei.com>
> Date:   Mon Mar 4 09:32:25 2019 +0800
> 
>     f2fs: fix to data block override node segment by mistake
>     
>     [ Upstream commit a0770e13c8da83bdb64738c0209ab02dd3cfff8b ]
>     
>     v4: Rearrange the previous three versions.
>     
>     The following scenario could lead to data block override by mistake.
>     
>     TASK A            |  TASK kworker                                            |     TASK B                                            |       TASK C
>                       |                                                          |                                                       |
>     open              |                                                          |                                                       |
>     write             |                                                          |                                                       |
>     close             |                                                          |                                                       |
>                       |  f2fs_write_data_pages                                   |                                                       |
>                       |    f2fs_write_cache_pages                                |                                                       |
>                       |      f2fs_outplace_write_data                            |                                                       |
>                       |        f2fs_allocate_data_block (get block in seg S,     |                                                       |
>                       |                                  S is full, and only     |                                                       |
>                       |                                  have this valid data    |                                                       |
>                       |                                  block)                  |                                                       |
>                       |          allocate_segment                                |                                                       |
>                       |          locate_dirty_segment (mark S as PRE)            |                                                       |
>                       |        f2fs_submit_page_write (submit but is not         |                                                       |
>                       |                                written on dev)           |                                                       |
>     unlink            |                                                          |                                                       |
>      iput_final       |                                                          |                                                       |
>       f2fs_drop_inode |                                                          |                                                       |
>         f2fs_truncate |                                                          |                                                       |
>      (not evict)      |                                                          |                                                       |
>                       |                                                          | write_checkpoint                                      |
>                       |                                                          |  flush merged bio but not wait file data writeback    |
>                       |                                                          |  set_prefree_as_free (mark S as FREE)                 |
>                       |                                                          |                                                       | update NODE/DATA
>                       |                                                          |                                                       | allocate_segment (select S)
>                       |     writeback done                                       |                                                       |
>     
>     So we need to guarantee io complete before truncate inode in f2fs_drop_inode.
>     
>     Reviewed-by: Chao Yu <yuchao0@...wei.com>
>     Signed-off-by: Zheng Liang <zhengliang6@...wei.com>
>     Signed-off-by: Jaegeuk Kim <jaegeuk@...nel.org>
>     Signed-off-by: Sasha Levin <sashal@...nel.org>
> 
> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> index e4aabfc21bd43..9554338f9c35d 100644
> --- a/fs/f2fs/super.c
> +++ b/fs/f2fs/super.c
> @@ -668,6 +668,10 @@ static int f2fs_drop_inode(struct inode *inode)
>  			sb_start_intwrite(inode->i_sb);
>  			f2fs_i_size_write(inode, 0);
>  
> +			f2fs_submit_merged_write_cond(F2FS_I_SB(inode),
> +					inode, NULL, 0, DATA);
> +			truncate_inode_pages_final(inode->i_mapping);
> +
>  			if (F2FS_HAS_BLOCKS(inode))
>  				f2fs_truncate(inode);
>  

Also dropped from 4.14.y queue as this gives the same warning as on
4.19.y

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ