lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <tencent_44C3065D498F6EC66EC90CB967EA46FC5206@qq.com>
Date: Sun, 28 Jul 2024 16:17:31 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+a14d8ac9af3a2a4fd0c8@...kaller.appspotmail.com
Cc: linux-kernel@...r.kernel.org,
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [btrfs?] kernel BUG in btrfs_folio_end_all_writers

in cow_file_range, only ret == 0 means succuess

#syz test: upstream b1bc554e009e

diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index d62c96f00ff8..d08138fc3dc7 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -762,7 +762,8 @@ static noinline int cow_file_range_inline(struct btrfs_inode *inode, u64 offset,
 		return ret;
 	}
 
-	extent_clear_unlock_delalloc(inode, offset, end, NULL, &cached,
+	if (ret == 0)
+		extent_clear_unlock_delalloc(inode, offset, end, NULL, &cached,
 				     clear_flags,
 				     PAGE_UNLOCK | PAGE_START_WRITEBACK |
 				     PAGE_END_WRITEBACK);
@@ -1043,8 +1044,15 @@ static void compress_file_range(struct btrfs_work *work)
 		ret = cow_file_range_inline(inode, start, end, total_compressed,
 					    compress_type, folios[0], false);
 	if (ret <= 0) {
-		if (ret < 0)
+		if (ret < 0) {
+			unsigned long clear_flags = EXTENT_DELALLOC | EXTENT_DELALLOC_NEW |
+					 EXTENT_DEFRAG | EXTENT_DO_ACCOUNTING | EXTENT_LOCKED;
 			mapping_set_error(mapping, -EIO);
+			extent_clear_unlock_delalloc(inode, start, end, NULL, NULL,
+				     clear_flags,
+				     PAGE_UNLOCK | PAGE_START_WRITEBACK |
+				     PAGE_END_WRITEBACK);
+		}
 		goto free_pages;
 	}
 
@@ -1361,7 +1369,7 @@ static noinline int cow_file_range(struct btrfs_inode *inode,
 		/* lets try to make an inline extent */
 		ret = cow_file_range_inline(inode, start, end, 0,
 					    BTRFS_COMPRESS_NONE, NULL, false);
-		if (ret <= 0) {
+		if (ret == 0) {
 			/*
 			 * We succeeded, return 1 so the caller knows we're done
 			 * with this page and already handled the IO.
@@ -1369,10 +1377,10 @@ static noinline int cow_file_range(struct btrfs_inode *inode,
 			 * If there was an error then cow_file_range_inline() has
 			 * already done the cleanup.
 			 */
-			if (ret == 0)
-				ret = 1;
+			ret = 1;
 			goto done;
-		}
+		} else if (ret < 0)
+			goto out_unlock;
 	}
 
 	alloc_hint = get_extent_allocation_hint(inode, start, num_bytes);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ