Syzkaller reports WARNING in nilfs_dat_prepare_end() in 5.10, 5.15 and 6.1
stable releases. The problem has been fixed in upstream:
https://syzkaller.appspot.com/bug?extid=5d5d25f90f195a3cfcb4
The problem can also be fixed in versions 5.10, 5.15 and 6.1 by the
following patch.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Link: https://syzkaller.appspot.com/bug?extid=325e6b0a1e7cf9035cc0
Link: https://syzkaller.appspot.com/bug?extid=bebf30d67ea2569f0fd3
Ryusuke Konishi (1):
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
fs/nilfs2/dat.c | 27 +++++++++++++++++----------
1 file changed, 17 insertions(+), 10 deletions(-)
--
2.34.1
From: Ryusuke Konishi <[email protected]>
commit 5124a0a549857c4b87173280e192eea24dea72ad upstream.
If DAT metadata file block access fails due to corruption of the DAT file
or abnormal virtual block numbers held by b-trees or inodes, a kernel
warning is generated.
This replaces the WARN_ONs by error output, so that a kernel, booted with
panic_on_warn, does not panic. This patch also replaces the detected
return code -ENOENT with another internal code -EINVAL to notify the bmap
layer of metadata corruption. When the bmap layer sees -EINVAL, it
handles the abnormal situation with nilfs_bmap_convert_error() and finally
returns code -EIO as it should.
Link: https://lkml.kernel.org/r/[email protected]
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Ryusuke Konishi <[email protected]>
Reported-by: <[email protected]>
Tested-by: Ryusuke Konishi <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Roman Smirnov <[email protected]>
---
fs/nilfs2/dat.c | 27 +++++++++++++++++----------
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c
index 9930fa901039..1e7f653c1df7 100644
--- a/fs/nilfs2/dat.c
+++ b/fs/nilfs2/dat.c
@@ -40,8 +40,21 @@ static inline struct nilfs_dat_info *NILFS_DAT_I(struct inode *dat)
static int nilfs_dat_prepare_entry(struct inode *dat,
struct nilfs_palloc_req *req, int create)
{
- return nilfs_palloc_get_entry_block(dat, req->pr_entry_nr,
- create, &req->pr_entry_bh);
+ int ret;
+
+ ret = nilfs_palloc_get_entry_block(dat, req->pr_entry_nr,
+ create, &req->pr_entry_bh);
+ if (unlikely(ret == -ENOENT)) {
+ nilfs_err(dat->i_sb,
+ "DAT doesn't have a block to manage vblocknr = %llu",
+ (unsigned long long)req->pr_entry_nr);
+ /*
+ * Return internal code -EINVAL to notify bmap layer of
+ * metadata corruption.
+ */
+ ret = -EINVAL;
+ }
+ return ret;
}
static void nilfs_dat_commit_entry(struct inode *dat,
@@ -123,11 +136,7 @@ static void nilfs_dat_commit_free(struct inode *dat,
int nilfs_dat_prepare_start(struct inode *dat, struct nilfs_palloc_req *req)
{
- int ret;
-
- ret = nilfs_dat_prepare_entry(dat, req, 0);
- WARN_ON(ret == -ENOENT);
- return ret;
+ return nilfs_dat_prepare_entry(dat, req, 0);
}
void nilfs_dat_commit_start(struct inode *dat, struct nilfs_palloc_req *req,
@@ -154,10 +163,8 @@ int nilfs_dat_prepare_end(struct inode *dat, struct nilfs_palloc_req *req)
int ret;
ret = nilfs_dat_prepare_entry(dat, req, 0);
- if (ret < 0) {
- WARN_ON(ret == -ENOENT);
+ if (ret < 0)
return ret;
- }
kaddr = kmap_atomic(req->pr_entry_bh->b_page);
entry = nilfs_palloc_block_get_entry(dat, req->pr_entry_nr,
--
2.34.1
On Thu, 8 Feb 2024 17:42:41 +0300, Roman Smirnov wrote:
> Syzkaller reports WARNING in nilfs_dat_prepare_end() in 5.10, 5.15 and 6.1
> stable releases. The problem has been fixed in upstream:
> https://syzkaller.appspot.com/bug?extid=5d5d25f90f195a3cfcb4
>
> The problem can also be fixed in versions 5.10, 5.15 and 6.1 by the
> following patch.
>
> Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
>
> Link: https://syzkaller.appspot.com/bug?extid=325e6b0a1e7cf9035cc0
> Link: https://syzkaller.appspot.com/bug?extid=bebf30d67ea2569f0fd3
>
> Ryusuke Konishi (1):
> nilfs2: replace WARN_ONs for invalid DAT metadata block requests
>
> fs/nilfs2/dat.c | 27 +++++++++++++++++----------
> 1 file changed, 17 insertions(+), 10 deletions(-)
Sorry to bother you, do you have any comments on the patch?
On Tue, Feb 20, 2024 at 5:44 PM Roman Smirnov wrote:
>
> On Thu, 8 Feb 2024 17:42:41 +0300, Roman Smirnov wrote:
> > Syzkaller reports WARNING in nilfs_dat_prepare_end() in 5.10, 5.15 and 6.1
> > stable releases. The problem has been fixed in upstream:
> > https://syzkaller.appspot.com/bug?extid=5d5d25f90f195a3cfcb4
> >
> > The problem can also be fixed in versions 5.10, 5.15 and 6.1 by the
> > following patch.
> >
> > Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
> >
> > Link: https://syzkaller.appspot.com/bug?extid=325e6b0a1e7cf9035cc0
> > Link: https://syzkaller.appspot.com/bug?extid=bebf30d67ea2569f0fd3
> >
> > Ryusuke Konishi (1):
> > nilfs2: replace WARN_ONs for invalid DAT metadata block requests
> >
> > fs/nilfs2/dat.c | 27 +++++++++++++++++----------
> > 1 file changed, 17 insertions(+), 10 deletions(-)
>
> Sorry to bother you, do you have any comments on the patch?
Hi Greg,
As a side note, this commit handles certain metadata corruptions
better if they are detected, rather than just killing WARN_ONs, and
prevents an internal error code (ENOENT) from propagating
inappropriately to userland.
So, in retrospect, I think it was worth backporting to stable trees.
I have checked the source code of each of the target stable trees, and
they are safe to apply.
Thanks,
Ryusuke Konishi