Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp6734101ybi; Wed, 31 Jul 2019 20:31:34 -0700 (PDT) X-Google-Smtp-Source: APXvYqzQHk1yoMJjYwKjOHSmV6IM/UtWKlozjPpG4JmivsgE1gupDI6NQI7wCgYmfvrzFei2UX7b X-Received: by 2002:a17:902:54f:: with SMTP id 73mr121461489plf.246.1564630294000; Wed, 31 Jul 2019 20:31:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564630293; cv=none; d=google.com; s=arc-20160816; b=SQyXzgWDCMVI8TOuzG1zK8891xroD54OFfo79R2T+pdbLPiXt65/feF1HbW7Qe7mcr uU9sX1IxKQxd7HtVCog2MDfytenbw2RtFCheEMws0c28xcTBSDlUUzDf/g09xpHmOujr pWKJMoNvX/CYOM1eUsF/V5C/nKcIuV+xPvwFIz9s22mA936mEziLdTljD+NlQ96OUUAW YYhClfR8/x6ACRnnVndcApEQ/02zbMORiaK+vwk/1rw4+q3beWmQjsjVckAml/wrTyJp tY3PQiDIn72aX0mpIVwPcvYmQCh0g+vkFmJy/qZgQw1EMIdIl5d7ntgCXde41EgVH5Oz HNRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=IdJtyNkFtNYkiy3dobYR9Rbx5pwecktIorlRihFFUys=; b=JUJRkI7k5LM29Z6G9/9Yq1qFfUYNLCtxD5X7cbBcHSES8ynYmNpUtMPaRnfADjxYGt ElymG9s9wtHc0RDS6mNinQ6Rnm2RcrzqgOmXBrLrcGqFZgCSsxGq/mI8rETgeP98/f+h lsjhf+C2DGeeYIndH/fQ4o1TqE05g4pNKyuON7/PC8PK1Y1zNcJBgG2FNjz4vOAZqJ0E n7aecLcwPeQhekPn5sfkc1ezWelwOGlsh5xW7vp7Qvb/Bm+mbhoZHa+AKR+RpiFp8+vn ftejLb7O6vBj+xhN4iO2CD/HnhfqPP1TtmRryRE+zDKEVvl3Fa81Mby6j5+TBf2/kxvm jMYQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 3si31198142plr.131.2019.07.31.20.30.39; Wed, 31 Jul 2019 20:31:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727948AbfHABTt (ORCPT + 99 others); Wed, 31 Jul 2019 21:19:49 -0400 Received: from szxga07-in.huawei.com ([45.249.212.35]:36666 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726185AbfHABTt (ORCPT ); Wed, 31 Jul 2019 21:19:49 -0400 Received: from DGGEMS413-HUB.china.huawei.com (unknown [172.30.72.59]) by Forcepoint Email with ESMTP id C43646972140852920FD; Thu, 1 Aug 2019 09:19:47 +0800 (CST) Received: from [10.134.22.195] (10.134.22.195) by smtp.huawei.com (10.3.19.213) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 1 Aug 2019 09:19:42 +0800 Subject: Re: [PATCH 4.19 077/113] f2fs: avoid out-of-range memory access To: Pavel Machek , CC: , Ocean Chen , "Jaegeuk Kim" , Sasha Levin References: <20190729190655.455345569@linuxfoundation.org> <20190729190714.022413119@linuxfoundation.org> <20190731191115.GB4630@amd> From: Chao Yu Message-ID: <15df49ee-0644-39a8-4c76-ed670f62fd62@huawei.com> Date: Thu, 1 Aug 2019 09:19:40 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20190731191115.GB4630@amd> Content-Type: text/plain; charset="windows-1252" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.134.22.195] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019/8/1 3:11, Pavel Machek wrote: > Hi! > >> [ Upstream commit 56f3ce675103e3fb9e631cfb4131fc768bc23e9a ] >> >> blkoff_off might over 512 due to fs corrupt or security >> vulnerability. That should be checked before being using. >> >> Use ENTRIES_IN_SUM to protect invalid value in cur_data_blkoff. >> >> Signed-off-by: Ocean Chen >> Reviewed-by: Chao Yu >> Signed-off-by: Jaegeuk Kim >> Signed-off-by: Sasha Levin >> --- >> fs/f2fs/segment.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c >> index 8fc3edb6760c..92f72bb5aff4 100644 >> --- a/fs/f2fs/segment.c >> +++ b/fs/f2fs/segment.c >> @@ -3261,6 +3261,11 @@ static int read_compacted_summaries(struct f2fs_sb_info *sbi) >> seg_i = CURSEG_I(sbi, i); >> segno = le32_to_cpu(ckpt->cur_data_segno[i]); >> blk_off = le16_to_cpu(ckpt->cur_data_blkoff[i]); >> + if (blk_off > ENTRIES_IN_SUM) { >> + f2fs_bug_on(sbi, 1); >> + f2fs_put_page(page, 1); >> + return -EFAULT; >> + } >> seg_i->next_segno = segno; > > We normally use -EUCLEAN to signal filesystem corruption. Plus, it is > good idea to report it to the syslog and mark filesystem as "needing > fsck" if filesystem can do that. Thanks for pointing out this, I missed that restriction during review, since at that time, my focus is on how that case happen... Look at this again, I think we also need to add unlikely() keyword hint to compiler to indicate this should never happen. Thanks, > > Thanks, > Pavel >