Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp3381855ybh; Mon, 5 Aug 2019 17:43:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqxu9/scfVkF5sja2xZ2LCBRevlfx1mLafHvi8APkh3IMdRgqM6Hb/+n1LFUHIEm74D5UflQ X-Received: by 2002:a17:90a:220a:: with SMTP id c10mr407640pje.33.1565052194172; Mon, 05 Aug 2019 17:43:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565052194; cv=none; d=google.com; s=arc-20160816; b=gGtnKrft2tcKG4Zji/oLiPv2Zgo3n/sCePET9dSPPobp9TUZpvgYTgOXWURGarcmEn CWH2mjX290GQjH8aJkPm5C76lJIJnI1y/sPrh5dCQln8ASqdRn5VQfrmMJ18qcYfJ6gc gWeBEd1B7ZIopnG08G8kT/PMUv7k/z3WNLAEUuqq7XVpbzioYneirhMogeyegVUTJngx 89uU75Qfs3e2cNjyak9ftAOF+/vOnwCwDaJNTTuXOwIzCBed6cfXUL00B9ezmCxhEF45 JZzfx8ilqc9my4T76CZeqnrLLdgDW4E7Uk4gFq8SVYMtf261bwtZHSf+ujpP7xJk6wNQ Q7cA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=YpeWnnd5iHMun4SlXPBkN5OHsCwsnP3/i9mHocFrTtA=; b=uN+KZRAGkFULwwT4jQKfWr1sejYEjc2i1MEpwYCPeCxuggjAQaSPd+t1BXxtw84r5e a+8stE4oo4DCPbCe51U3YO/tH+Unk22F9Aomz4tSBVR7r3S145Bx/AEkQvoJiJV6S50s rxRNUeG+jjFOhOca6WkTbOVAdP6xG1fpcWOay4qLjvq6gmuln6tut1DqEYXlplq60E7X 9VnOVXVNJXKCS6p8HR/DKmufUaIaoy+V5Qk6pmmQ85jwonHlrDWqgrXlYkoHs0CssBmI NNe1WTrJLZoCWVNu4RcH2kAns75cexUh9OV1V6FfV73n6srMCauPnWowVK8MNXyJhD0y 69vQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=hZTdUh7m; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 97si42986835ple.161.2019.08.05.17.42.56; Mon, 05 Aug 2019 17:43:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=hZTdUh7m; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731083AbfHFAmR (ORCPT + 99 others); Mon, 5 Aug 2019 20:42:17 -0400 Received: from mail.kernel.org ([198.145.29.99]:56666 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728483AbfHFAmR (ORCPT ); Mon, 5 Aug 2019 20:42:17 -0400 Received: from localhost (unknown [104.132.0.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6F09D2147A; Tue, 6 Aug 2019 00:42:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565052136; bh=eZwQBDcR/MKYEfWG81eygG4AefN+C5bI0r2OySbuQH0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=hZTdUh7m+TxBSmTs1N9DcHxM8FaEQOdounaDItLqslNEzK+yF2IKj+bbhmz8mgVMJ /dN79jv0RBiOXWzAmzAamqFYi8tzCE66mk+DmHzlpQtB2jFWpFcM16V4/wIJgzwdLx v/S0twBm+UcvLi7A5PnuHNeL+2s37gvWfMf3XW58= Date: Mon, 5 Aug 2019 17:42:15 -0700 From: Jaegeuk Kim To: Chao Yu Cc: linux-f2fs-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org, chao@kernel.org Subject: Re: [PATCH] Revert "f2fs: avoid out-of-range memory access" Message-ID: <20190806004215.GC98101@jaegeuk-macbookpro.roam.corp.google.com> References: <20190802101548.96543-1-yuchao0@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190802101548.96543-1-yuchao0@huawei.com> User-Agent: Mutt/1.8.2 (2017-04-18) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 08/02, Chao Yu wrote: > As Pavel Machek reported: > > "We normally use -EUCLEAN to signal filesystem corruption. Plus, it is > good idea to report it to the syslog and mark filesystem as "needing > fsck" if filesystem can do that." > > Still we need improve the original patch with: > - use unlikely keyword > - add message print > - return EUCLEAN > > However, after rethink this patch, I don't think we should add such > condition check here as below reasons: > - We have already checked the field in f2fs_sanity_check_ckpt(), > - If there is fs corrupt or security vulnerability, there is nothing > to guarantee the field is integrated after the check, unless we do > the check before each of its use, however no filesystem does that. > - We only have similar check for bitmap, which was added due to there > is bitmap corruption happened on f2fs' runtime in product. > - There are so many key fields in SB/CP/NAT did have such check > after f2fs_sanity_check_{sb,cp,..}. > > So I propose to revert this unneeded check. IIRC, this came from security vulnerability report which can access out-of-boundary memory region. Could you write another patch to address the above issues? > > This reverts commit 56f3ce675103e3fb9e631cfb4131fc768bc23e9a. > > Signed-off-by: Chao Yu > --- > fs/f2fs/segment.c | 5 ----- > 1 file changed, 5 deletions(-) > > diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c > index 9693fa4c8971..2eff9c008ae0 100644 > --- a/fs/f2fs/segment.c > +++ b/fs/f2fs/segment.c > @@ -3492,11 +3492,6 @@ static int read_compacted_summaries(struct f2fs_sb_info *sbi) > seg_i = CURSEG_I(sbi, i); > segno = le32_to_cpu(ckpt->cur_data_segno[i]); > blk_off = le16_to_cpu(ckpt->cur_data_blkoff[i]); > - if (blk_off > ENTRIES_IN_SUM) { > - f2fs_bug_on(sbi, 1); > - f2fs_put_page(page, 1); > - return -EFAULT; > - } > seg_i->next_segno = segno; > reset_curseg(sbi, i, 0); > seg_i->alloc_type = ckpt->alloc_type[i]; > -- > 2.18.0.rc1