lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <63255554-cc9c-44f4-9977-76d5d3a3f677@kernel.org>
Date: Fri, 17 May 2024 11:49:35 +0800
From: Chao Yu <chao@...nel.org>
To: 孙士杰 <sunshijie@...omi.com>,
 sunshijie <sunshijie@...omi.corp-partner.google.com>,
 "jaegeuk@...nel.org" <jaegeuk@...nel.org>,
 "linux-f2fs-devel@...ts.sourceforge.net"
 <linux-f2fs-devel@...ts.sourceforge.net>,
 "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: 答复: [External Mail][PATCH] f2fs: fix panic in f2fs_put_super

On 2024/5/16 18:15, 孙士杰 wrote:
> I didn't get it, if there is no cp_err, f2fs_write_checkpoint() in
> f2fs_put_super() will flush all dirty pages of node_inode, if there is
> cp_err, below flow will keep all dirty pages being truncated, and
> there is sanity check on all types of dirty pages.
> 
> ===》
> I understand what you mean, so is it better to modify in this way? Please help to check, thank you

Hi, let's figure out the root cause first?

Thanks,

> 
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> *发件人:* sunshijie <sunshijie@...omi.corp-partner.google.com>
> *发送时间:* 2024年5月16日 18:13:38
> *收件人:* jaegeuk@...nel.org; chao@...nel.org; linux-f2fs-devel@...ts.sourceforge.net; linux-kernel@...r.kernel.org
> *抄送:* 孙士杰
> *主题:* [External Mail][PATCH] f2fs: fix panic in f2fs_put_super
> [外部邮件] 此邮件来源于小米公司外部,请谨慎处理。若对邮件安全性存疑,请将邮件转发给misec@...omi.com进行反馈
> 
> When thread A calls kill_f2fs_super, Thread A first executes the code sbi->node_inode = NULL;
> Then thread A may submit a bio to the function iput(sbi->meta_inode);
> Then thread A enters the process D state,
> Now that the bio submitted by thread A is complete, it calls f2fs_write_end_io and may trigger null-ptr-deref in NODE_MAPPING.
> 
> Thread A                                          IRQ context
> - f2fs_put_super
>   - sbi->node_inode = NULL;
>   - iput(sbi->meta_inode);
>    - iput_final
>     - write_inode_now
>      - writeback_single_inode
>       - __writeback_single_inode
>        - filemap_fdatawait
>         - filemap_fdatawait_range
>          - __kcfi_typeid_free_transhuge_page
>           - __filemap_fdatawait_range
>            - wait_on_page_writeback
>             - folio_wait_writeback
>              - folio_wait_bit
>               - folio_wait_bit_common
>                - io_schedule
> 
>                                                    - __handle_irq_event_percpu
>                                                     - ufs_qcom_mcq_esi_handler
>                                                      - ufshcd_mcq_poll_cqe_nolock
>                                                       - ufshcd_compl_one_cqe
>                                                        - scsi_done
>                                                         - scsi_done_internal
>                                                          - blk_mq_complete_request
>                                                           - scsi_complete
>                                                            - scsi_finish_command
>                                                             - scsi_io_completion
>                                                              - scsi_end_request
>                                                               - blk_update_request
>                                                                - bio_endio
>                                                                 - f2fs_write_end_io
>                                                                  - NODE_MAPPING(sbi)
> 
> Signed-off-by: sunshijie <sunshijie@...omi.com>
> ---
>   fs/f2fs/super.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> index adffc9b80a9c..62d4f229f601 100644
> --- a/fs/f2fs/super.c
> +++ b/fs/f2fs/super.c
> @@ -1642,9 +1642,9 @@ static void f2fs_put_super(struct super_block *sb)
>          f2fs_destroy_compress_inode(sbi);
> 
>          iput(sbi->node_inode);
> -       sbi->node_inode = NULL;
> -
>          iput(sbi->meta_inode);
> +
> +       sbi->node_inode = NULL;
>          sbi->meta_inode = NULL;
> 
>          mutex_unlock(&sbi->umount_mutex);
> --
> 2.34.1
> 
> #/******本邮件及其附件含有小米公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件! This e-mail and its attachments contain confidential information from XIAOMI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!******/#

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ