syzbot reported a bug in f2fs_vm_page_mkwrite() which checks for
f2fs_has_inline_data(inode).
The bug was caused by f2fs_convert_inline_inode() not returning an
error when called on a read-only filesystem, but returning with the
inline attribute as set.
This patch fixes the problem by ensuring that f2fs_convert_inline_inode()
returns -EROFS on readonly.
Fixes: ec2ddf499402 ("f2fs: don't allow any writes on readonly mount")
Reported-by: [email protected]
Closes: https://syzkaller.appspot.com/bug?extid=f195123a45ad487ca66c
Signed-off-by: Daejun Park <[email protected]>
---
fs/f2fs/inline.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c
index 7638d0d7b7ee..ae1d8f2d82c9 100644
--- a/fs/f2fs/inline.c
+++ b/fs/f2fs/inline.c
@@ -203,10 +203,12 @@ int f2fs_convert_inline_inode(struct inode *inode)
struct page *ipage, *page;
int err = 0;
- if (!f2fs_has_inline_data(inode) ||
- f2fs_hw_is_readonly(sbi) || f2fs_readonly(sbi->sb))
+ if (!f2fs_has_inline_data(inode))
return 0;
+ if (unlikely(f2fs_hw_is_readonly(sbi) || f2fs_readonly(sbi->sb)))
+ return -EROFS;
+
err = f2fs_dquot_initialize(inode);
if (err)
return err;
--
2.25.1
On 2024/6/12 10:20, Daejun Park wrote:
> syzbot reported a bug in f2fs_vm_page_mkwrite() which checks for
> f2fs_has_inline_data(inode).
> The bug was caused by f2fs_convert_inline_inode() not returning an
> error when called on a read-only filesystem, but returning with the
> inline attribute as set.
> This patch fixes the problem by ensuring that f2fs_convert_inline_inode()
> returns -EROFS on readonly.
>
> Fixes: ec2ddf499402 ("f2fs: don't allow any writes on readonly mount")
> Reported-by: [email protected]
> Closes: https://syzkaller.appspot.com/bug?extid=f195123a45ad487ca66c
> Signed-off-by: Daejun Park <[email protected]>
Hi Daejun,
I guess below patch has fixed this issue, so we need to tag the report
as duplicated?
https://lore.kernel.org/linux-f2fs-devel/[email protected]/T/#u
Thanks,
> ---
> fs/f2fs/inline.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c
> index 7638d0d7b7ee..ae1d8f2d82c9 100644
> --- a/fs/f2fs/inline.c
> +++ b/fs/f2fs/inline.c
> @@ -203,10 +203,12 @@ int f2fs_convert_inline_inode(struct inode *inode)
> struct page *ipage, *page;
> int err = 0;
>
> - if (!f2fs_has_inline_data(inode) ||
> - f2fs_hw_is_readonly(sbi) || f2fs_readonly(sbi->sb))
> + if (!f2fs_has_inline_data(inode))
> return 0;
>
> + if (unlikely(f2fs_hw_is_readonly(sbi) || f2fs_readonly(sbi->sb)))
> + return -EROFS;
> +
> err = f2fs_dquot_initialize(inode);
> if (err)
> return err;
> --
> 2.25.1
>
> On 2024/6/12 10:20, Daejun Park wrote:
> > syzbot reported a bug in f2fs_vm_page_mkwrite() which checks for
> > f2fs_has_inline_data(inode).
> > The bug was caused by f2fs_convert_inline_inode() not returning an
> > error when called on a read-only filesystem, but returning with the
> > inline attribute as set.
> > This patch fixes the problem by ensuring that f2fs_convert_inline_inode()
> > returns -EROFS on readonly.
> >
> > Fixes: ec2ddf499402 ("f2fs: don't allow any writes on readonly mount")
> > Reported-by: [email protected]
> > Closes: https://protect2.fireeye.com/v1/url?k=4fe36b34-10785251-4fe2e07b-000babff32e3-e4235a49bbe14a93&q=1&e=b7eda9c4-8db2-474e-801d-f3eb85d38066&u=https%3A%2F%2Fsyzkaller.appspot.com%2Fbug%3Fextid%3Df195123a45ad487ca66c
> > Signed-off-by: Daejun Park <[email protected]>
>
> Hi Daejun,
>
> I guess below patch has fixed this issue, so we need to tag the report
> as duplicated?
>
> https://lore.kernel.org/linux-f2fs-devel/[email protected]/T/#u
>
> Thanks,
Hi Chao,
I didn't check that patch, please simply ignore it, thank you :)
Thanks,
Daejun
> > ---
> > fs/f2fs/inline.c 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c
> > index 7638d0d7b7ee..ae1d8f2d82c9 100644
> > --- a/fs/f2fs/inline.c
> > +++ b/fs/f2fs/inline.c
> > @@ -203,10 +203,12 @@ int f2fs_convert_inline_inode(struct inode *inode)
> > struct page *ipage, *page;
> > int err = 0;
> >
> > - if (!f2fs_has_inline_data(inode)
> > - f2fs_hw_is_readonly(sbi) f2fs_readonly(sbi->sb))
> > + if (!f2fs_has_inline_data(inode))
> > return 0;
> >
> > + if (unlikely(f2fs_hw_is_readonly(sbi) f2fs_readonly(sbi->sb)))
> > + return -EROFS;
> > +
> > err = f2fs_dquot_initialize(inode);
> > if (err)
> > return err;
> > --
> > 2.25.1
> >