If a file has FI_COMPRESS_RELEASED, all writes for it should not be
allowed. However, as of now, in case of compress_mode=user, writes
triggered by IOCTLs like F2FS_IOC_DE/COMPRESS_FILE are allowed unexpectly,
which could crash that file.
To fix it, let's do not allow F2FS_IOC_DE/COMPRESS_IOCTL if a file already
has FI_COMPRESS_RELEASED flag.
This is the reproduction process:
1. $ chattr +c ./file
2. $ dd if=/dev/zero of=./file bs=4096 count=2000 oflag=append conv=notrunc
3. $ sync
4. $ do_compress ./file ; call F2FS_IOC_COMPRESS_FILE
5. $ get_compr_blocks ./file ; call F2FS_IOC_GET_COMPRESS_BLOCKS
6. $ do_compress ./file ; call F2FS_IOC_COMPRESS_FILE again
7. $ get_compr_blocks ./file ; call F2FS_IOC_GET_COMPRESS_BLOCKS again
You can find compr_blocks has a negative value.
Fixes: 5fdb322ff2c2b ("f2fs: add F2FS_IOC_DECOMPRESS_FILE and F2FS_IOC_COMPRESS_FILE")
Signed-off-by: Junbeom Yeom <[email protected]>
Signed-off-by: Sungjong Seo <[email protected]>
Signed-off-by: Youngjin Gil <[email protected]>
Signed-off-by: Jaewook Kim <[email protected]>
---
fs/f2fs/file.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 6b1b030830ca..a4713b7e12cb 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -3945,6 +3945,11 @@ static int f2fs_ioc_decompress_file(struct file *filp, unsigned long arg)
goto out;
}
+ if (is_inode_flag_set(inode, FI_COMPRESS_RELEASED)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
ret = filemap_write_and_wait_range(inode->i_mapping, 0, LLONG_MAX);
if (ret)
goto out;
@@ -4012,6 +4017,11 @@ static int f2fs_ioc_compress_file(struct file *filp, unsigned long arg)
goto out;
}
+ if (is_inode_flag_set(inode, FI_COMPRESS_RELEASED)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
ret = filemap_write_and_wait_range(inode->i_mapping, 0, LLONG_MAX);
if (ret)
goto out;
--
2.17.1
> If a file has FI_COMPRESS_RELEASED, all writes for it should not be
> allowed. However, as of now, in case of compress_mode=user, writes
> triggered by IOCTLs like F2FS_IOC_DE/COMPRESS_FILE are allowed unexpectly,
> which could crash that file.
> To fix it, let's do not allow F2FS_IOC_DE/COMPRESS_IOCTL if a file already
> has FI_COMPRESS_RELEASED flag.
>
> This is the reproduction process:
> 1. $ chattr +c ./file
> 2. $ dd if=/dev/zero of=./file bs=4096 count=2000 oflag=append
> conv=notrunc 3. $ sync
> 4. $ do_compress ./file ; call F2FS_IOC_COMPRESS_FILE
> 5. $ get_compr_blocks ./file ; call F2FS_IOC_GET_COMPRESS_BLOCKS
Oops! Do we need to call F2FS_IOC_RELEASE_COMPRESS_BLOCKS here?
Maybe, you need to revise reproduction process and to make v2 patch.
> 6. $ do_compress ./file ; call F2FS_IOC_COMPRESS_FILE again
> 7. $ get_compr_blocks ./file ; call F2FS_IOC_GET_COMPRESS_BLOCKS again
>
> You can find compr_blocks has a negative value.
>
> Fixes: 5fdb322ff2c2b ("f2fs: add F2FS_IOC_DECOMPRESS_FILE and
> F2FS_IOC_COMPRESS_FILE")
>
> Signed-off-by: Junbeom Yeom <[email protected]>
> Signed-off-by: Sungjong Seo <[email protected]>
> Signed-off-by: Youngjin Gil <[email protected]>
> Signed-off-by: Jaewook Kim <[email protected]>
> ---
> fs/f2fs/file.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index
> 6b1b030830ca..a4713b7e12cb 100644
> --- a/fs/f2fs/file.c
> +++ b/fs/f2fs/file.c
> @@ -3945,6 +3945,11 @@ static int f2fs_ioc_decompress_file(struct file
> *filp, unsigned long arg)
> goto out;
> }
>
> + if (is_inode_flag_set(inode, FI_COMPRESS_RELEASED)) {
> + ret = -EINVAL;
> + goto out;
> + }
> +
> ret = filemap_write_and_wait_range(inode->i_mapping, 0, LLONG_MAX);
> if (ret)
> goto out;
> @@ -4012,6 +4017,11 @@ static int f2fs_ioc_compress_file(struct file *filp,
> unsigned long arg)
> goto out;
> }
>
> + if (is_inode_flag_set(inode, FI_COMPRESS_RELEASED)) {
> + ret = -EINVAL;
> + goto out;
> + }
> +
> ret = filemap_write_and_wait_range(inode->i_mapping, 0, LLONG_MAX);
> if (ret)
> goto out;
> --
> 2.17.1
If a file has FI_COMPRESS_RELEASED, all writes for it should not be
allowed. However, as of now, in case of compress_mode=user, writes
triggered by IOCTLs like F2FS_IOC_DE/COMPRESS_FILE are allowed unexpectly,
which could crash that file.
To fix it, let's do not allow F2FS_IOC_DE/COMPRESS_IOCTL if a file already
has FI_COMPRESS_RELEASED flag.
This is the reproduction process:
1. $ touch ./file
2. $ chattr +c ./file
3. $ dd if=/dev/random of=./file bs=4096 count=30 conv=notrunc
4. $ dd if=/dev/zero of=./file bs=4096 count=34 seek=30 conv=notrunc
5. $ sync
6. $ do_compress ./file ; call F2FS_IOC_COMPRESS_FILE
7. $ get_compr_blocks ./file ; call F2FS_IOC_GET_COMPRESS_BLOCKS
8. $ release ./file ; call F2FS_IOC_RELEASE_COMPRESS_BLOCKS
9. $ do_compress ./file ; call F2FS_IOC_COMPRESS_FILE again
10. $ get_compr_blocks ./file ; call F2FS_IOC_GET_COMPRESS_BLOCKS again
This reproduction process is tested in 128kb cluster size.
You can find compr_blocks has a negative value.
Fixes: 5fdb322ff2c2b ("f2fs: add F2FS_IOC_DECOMPRESS_FILE and F2FS_IOC_COMPRESS_FILE")
Signed-off-by: Junbeom Yeom <[email protected]>
Signed-off-by: Sungjong Seo <[email protected]>
Signed-off-by: Youngjin Gil <[email protected]>
Signed-off-by: Jaewook Kim <[email protected]>
---
v2:
- Fix reproduction process and add test enviroment
fs/f2fs/file.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 6b1b030830ca..a4713b7e12cb 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -3945,6 +3945,11 @@ static int f2fs_ioc_decompress_file(struct file *filp, unsigned long arg)
goto out;
}
+ if (is_inode_flag_set(inode, FI_COMPRESS_RELEASED)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
ret = filemap_write_and_wait_range(inode->i_mapping, 0, LLONG_MAX);
if (ret)
goto out;
@@ -4012,6 +4017,11 @@ static int f2fs_ioc_compress_file(struct file *filp, unsigned long arg)
goto out;
}
+ if (is_inode_flag_set(inode, FI_COMPRESS_RELEASED)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
ret = filemap_write_and_wait_range(inode->i_mapping, 0, LLONG_MAX);
if (ret)
goto out;
--
2.17.1
On 2022/8/3 16:53, Jaewook Kim wrote:
> If a file has FI_COMPRESS_RELEASED, all writes for it should not be
> allowed. However, as of now, in case of compress_mode=user, writes
> triggered by IOCTLs like F2FS_IOC_DE/COMPRESS_FILE are allowed unexpectly,
> which could crash that file.
> To fix it, let's do not allow F2FS_IOC_DE/COMPRESS_IOCTL if a file already
> has FI_COMPRESS_RELEASED flag.
>
> This is the reproduction process:
> 1. $ touch ./file
> 2. $ chattr +c ./file
> 3. $ dd if=/dev/random of=./file bs=4096 count=30 conv=notrunc
> 4. $ dd if=/dev/zero of=./file bs=4096 count=34 seek=30 conv=notrunc
> 5. $ sync
> 6. $ do_compress ./file ; call F2FS_IOC_COMPRESS_FILE
> 7. $ get_compr_blocks ./file ; call F2FS_IOC_GET_COMPRESS_BLOCKS
> 8. $ release ./file ; call F2FS_IOC_RELEASE_COMPRESS_BLOCKS
> 9. $ do_compress ./file ; call F2FS_IOC_COMPRESS_FILE again
> 10. $ get_compr_blocks ./file ; call F2FS_IOC_GET_COMPRESS_BLOCKS again
>
> This reproduction process is tested in 128kb cluster size.
> You can find compr_blocks has a negative value.
>
> Fixes: 5fdb322ff2c2b ("f2fs: add F2FS_IOC_DECOMPRESS_FILE and F2FS_IOC_COMPRESS_FILE")
>
> Signed-off-by: Junbeom Yeom <[email protected]>
> Signed-off-by: Sungjong Seo <[email protected]>
> Signed-off-by: Youngjin Gil <[email protected]>
> Signed-off-by: Jaewook Kim <[email protected]>
Reviewed-by: Chao Yu <[email protected]>
Thanks,