lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 18 Dec 2020 15:23:21 +0800
From:   kernel test robot <lkp@...el.com>
To:     Randy Dunlap <rdunlap@...radead.org>, linux-kernel@...r.kernel.org
Cc:     kbuild-all@...ts.01.org, Randy Dunlap <rdunlap@...radead.org>,
        syzbot+36315852ece4132ec193@...kaller.appspotmail.com,
        Dave Kleikamp <shaggy@...nel.org>,
        jfs-discussion@...ts.sourceforge.net
Subject: Re: [PATCH] JFS: more checks for invalid superblock

Hi Randy,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on shaggy/jfs-next]
[also build test WARNING on linux/master linus/master v5.10 next-20201217]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Randy-Dunlap/JFS-more-checks-for-invalid-superblock/20201218-132143
base:   https://github.com/kleikamp/linux-shaggy jfs-next
config: i386-randconfig-s002-20201217 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
reproduce:
        # apt-get install sparse
        # sparse version: v0.6.3-184-g1b896707-dirty
        # https://github.com/0day-ci/linux/commit/11cb0575aca69504da8b7984fc7f3e439b1a2331
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Randy-Dunlap/JFS-more-checks-for-invalid-superblock/20201218-132143
        git checkout 11cb0575aca69504da8b7984fc7f3e439b1a2331
        # save the attached .config to linux build tree
        make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=i386 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>


"sparse warnings: (new ones prefixed by >>)"
>> fs/jfs/jfs_mount.c:373:17: sparse: sparse: restricted __le32 degrades to integer

vim +373 fs/jfs/jfs_mount.c

   324	
   325		jfs_info("superblock: flag:0x%08x state:0x%08x size:0x%Lx",
   326			 le32_to_cpu(j_sb->s_flag), le32_to_cpu(j_sb->s_state),
   327			 (unsigned long long) le64_to_cpu(j_sb->s_size));
   328	
   329		/* validate the descriptors for Secondary AIM and AIT */
   330		if ((j_sb->s_flag & cpu_to_le32(JFS_BAD_SAIT)) !=
   331		    cpu_to_le32(JFS_BAD_SAIT)) {
   332			expected_AIM_bytesize = 2 * PSIZE;
   333			AIM_bytesize = lengthPXD(&(j_sb->s_aim2)) * bsize;
   334			expected_AIT_bytesize = 4 * PSIZE;
   335			AIT_bytesize = lengthPXD(&(j_sb->s_ait2)) * bsize;
   336			AIM_byte_addr = addressPXD(&(j_sb->s_aim2)) * bsize;
   337			AIT_byte_addr = addressPXD(&(j_sb->s_ait2)) * bsize;
   338			byte_addr_diff0 = AIT_byte_addr - AIM_byte_addr;
   339			fsckwsp_addr = addressPXD(&(j_sb->s_fsckpxd)) * bsize;
   340			byte_addr_diff1 = fsckwsp_addr - AIT_byte_addr;
   341			if ((AIM_bytesize != expected_AIM_bytesize) ||
   342			    (AIT_bytesize != expected_AIT_bytesize) ||
   343			    (byte_addr_diff0 != AIM_bytesize) ||
   344			    (byte_addr_diff1 <= AIT_bytesize))
   345				j_sb->s_flag |= cpu_to_le32(JFS_BAD_SAIT);
   346		}
   347	
   348		if ((j_sb->s_flag & cpu_to_le32(JFS_GROUPCOMMIT)) !=
   349		    cpu_to_le32(JFS_GROUPCOMMIT))
   350			j_sb->s_flag |= cpu_to_le32(JFS_GROUPCOMMIT);
   351	
   352		/* validate fs state */
   353		if (j_sb->s_state != cpu_to_le32(FM_CLEAN) &&
   354		    !sb_rdonly(sb)) {
   355			jfs_err("jfs_mount: Mount Failure: File System Dirty.");
   356			rc = -EINVAL;
   357			goto out;
   358		}
   359	
   360		sbi->state = le32_to_cpu(j_sb->s_state);
   361		sbi->mntflag = le32_to_cpu(j_sb->s_flag);
   362	
   363		/*
   364		 * JFS always does I/O by 4K pages.  Don't tell the buffer cache
   365		 * that we use anything else (leave s_blocksize alone).
   366		 */
   367		sbi->bsize = bsize;
   368		sbi->l2bsize = le16_to_cpu(j_sb->s_l2bsize);
   369	
   370		/* check some fields for possible corruption */
   371		if (sbi->l2bsize != ilog2((u32)bsize) ||
   372		    j_sb->pad != 0 ||
 > 373		    j_sb->s_state > FM_STATE_MAX) {
   374			rc = -EINVAL;
   375			jfs_err("jfs_mount: Mount Failure: superblock is corrupt!");
   376			goto out;
   377		}
   378	
   379		/*
   380		 * For now, ignore s_pbsize, l2bfactor.  All I/O going through buffer
   381		 * cache.
   382		 */
   383		sbi->nbperpage = PSIZE >> sbi->l2bsize;
   384		sbi->l2nbperpage = L2PSIZE - sbi->l2bsize;
   385		sbi->l2niperblk = sbi->l2bsize - L2DISIZE;
   386		if (sbi->mntflag & JFS_INLINELOG)
   387			sbi->logpxd = j_sb->s_logpxd;
   388		else {
   389			sbi->logdev = new_decode_dev(le32_to_cpu(j_sb->s_logdev));
   390			uuid_copy(&sbi->uuid, &j_sb->s_uuid);
   391			uuid_copy(&sbi->loguuid, &j_sb->s_loguuid);
   392		}
   393		sbi->fsckpxd = j_sb->s_fsckpxd;
   394		sbi->ait2 = j_sb->s_ait2;
   395	
   396	      out:
   397		brelse(bh);
   398		return rc;
   399	}
   400	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (37675 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ