2020-09-21 12:55:40

by Chao Yu

[permalink] [raw]
Subject: [PATCH 1/2] f2fs: do sanity check on zoned block device path

sbi->devs would be initialized only if image enables multiple device
feature or blkzoned feature, if blkzoned feature flag was set by fuzz
in non-blkzoned device, we will suffer below panic:

get_zone_idx fs/f2fs/segment.c:4892 [inline]
f2fs_usable_zone_blks_in_seg fs/f2fs/segment.c:4943 [inline]
f2fs_usable_blks_in_seg+0x39b/0xa00 fs/f2fs/segment.c:4999
Call Trace:
check_block_count+0x69/0x4e0 fs/f2fs/segment.h:704
build_sit_entries fs/f2fs/segment.c:4403 [inline]
f2fs_build_segment_manager+0x51da/0xa370 fs/f2fs/segment.c:5100
f2fs_fill_super+0x3880/0x6ff0 fs/f2fs/super.c:3684
mount_bdev+0x32e/0x3f0 fs/super.c:1417
legacy_get_tree+0x105/0x220 fs/fs_context.c:592
vfs_get_tree+0x89/0x2f0 fs/super.c:1547
do_new_mount fs/namespace.c:2896 [inline]
path_mount+0x12ae/0x1e70 fs/namespace.c:3216
do_mount fs/namespace.c:3229 [inline]
__do_sys_mount fs/namespace.c:3437 [inline]
__se_sys_mount fs/namespace.c:3414 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3414
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46

Add sanity check to inconsistency on factors: blkzoned flag, device
path and device character to avoid above panic.

Signed-off-by: Chao Yu <[email protected]>
---
fs/f2fs/super.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 427ce4cbd124..e0423b091b30 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -2852,6 +2852,12 @@ static int sanity_check_raw_super(struct f2fs_sb_info *sbi,
segment_count, dev_seg_count);
return -EFSCORRUPTED;
}
+ } else {
+ if (__F2FS_HAS_FEATURE(raw_super, F2FS_FEATURE_BLKZONED) &&
+ !bdev_is_zoned(sbi->sb->s_bdev)) {
+ f2fs_info(sbi, "Zoned block device path is missing");
+ return -EFSCORRUPTED;
+ }
}

if (secs_per_zone > total_sections || !secs_per_zone) {
--
2.26.2