Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp4790155ybe; Mon, 9 Sep 2019 14:50:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqxp5vaiBabIPXUgl4zFV53QEDBa8RyPr+ORLF6zdeIUSKSg51VpamhBJG+ALZGnpNDyN2IN X-Received: by 2002:a50:8dcb:: with SMTP id s11mr2606178edh.27.1568065802697; Mon, 09 Sep 2019 14:50:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568065802; cv=none; d=google.com; s=arc-20160816; b=t+vI3JOIMJgfHr2nM1o7CO4RMQuz3g83tap4iqnkCHIsv9z4RstHqIyAM3Ca8yVJPE zbNNK5ri69Wyez3BmbZM76kbW8LqfFi8Z9r2iWlZ7IkJdPQZZHS5y9VoP8x3nSLUlolt tqKYuLw9mzHlAwy2Ewa95elTsoxSlOpDUv+JpMzq2rRq99TjOxh1DYyFXT3ddJZpdqVB 5gfVSnHpYXl0jxETczgPXQfJbNOB3ILjl/EIKKPGHFA/w4WnlxsMh7NMS/gT/7ShblnA tL+DhZO8oKBtnxUQ2Ra3VYSqN8xHwlh9sfciN6fpxy4IklDa5Lp2w7IEes/Pj0XUyQUt q8Hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=PH79dTHp6aA/SSnxCOVsbK4lUreii9OgXT1x/h3R2MU=; b=tmvJl7eIN1pvo0HNq91G45bEoVMuILfu7oP2eZYp9L9JZ0mgbfj+NheGgOow4l5TYb zaARbrtjyIgIuNqQf7gjhOtACVIaPka6UizAW4grWx8HfWqhtp9NmPrDdebgibwz9oPf 2p25Pik7rOsuQwatfrxF3j9zgBM3tJTm4nQpAWQZAhGu84T2/2HiI0BLo/pSv4rHArHC emED5UaTWlNH+S20cG0bT0wuxF3lJlja4nBMb8ZkvGuS1svIYXtLosC/SaFI/yyfZiYK A37+LNM+IxBQva6YpbmgrGpGl48vhRsfv+WXI6O9OIaBYY0ON1H39Pwnm5eACFR09acL MgeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wSKMB14H; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x3si8377654ejb.95.2019.09.09.14.49.38; Mon, 09 Sep 2019 14:50:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wSKMB14H; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388245AbfIIHob (ORCPT + 99 others); Mon, 9 Sep 2019 03:44:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:60334 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726026AbfIIHoa (ORCPT ); Mon, 9 Sep 2019 03:44:30 -0400 Received: from localhost (unknown [148.69.85.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B5F1E20828; Mon, 9 Sep 2019 07:44:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1568015070; bh=tV24GOjNAYTiVFG97hQg62EZuXRnUTpyN7sGlS4Bo40=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=wSKMB14HHy94yHAHJeWwQlxtq8Ja+zunbUz7s+CftQGOi42wdvZbRb682Q1hvFBym 5jTYNBRHWG0ve3MFS92nykxMNmwwGA0ABKofpcAqyXyDCIcjjOx+7xPvJuK6t5vf9B vkHHwhh6Y/GWlW/l3ffOWSQSFgY1y6p7AAdRpA+w= Date: Mon, 9 Sep 2019 08:44:25 +0100 From: Jaegeuk Kim To: Chao Yu Cc: Chao Yu , linux-f2fs-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org Subject: Re: [PATCH] f2fs: fix to avoid accessing uninitialized field of inode page in is_alive() Message-ID: <20190909074425.GB21625@jaegeuk-macbookpro.roam.corp.google.com> References: <20190906105426.109151-1-yuchao0@huawei.com> <20190906234808.GC71848@jaegeuk-macbookpro.roam.corp.google.com> <080e8dee-4726-8294-622a-cac26e781083@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <080e8dee-4726-8294-622a-cac26e781083@kernel.org> User-Agent: Mutt/1.8.2 (2017-04-18) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 09/07, Chao Yu wrote: > On 2019-9-7 7:48, Jaegeuk Kim wrote: > > On 09/06, Chao Yu wrote: > >> If inode is newly created, inode page may not synchronize with inode cache, > >> so fields like .i_inline or .i_extra_isize could be wrong, in below call > >> path, we may access such wrong fields, result in failing to migrate valid > >> target block. > > > > If data is valid, how can we get new inode page? Let me rephrase the question. If inode is newly created, is this data block really valid to move in GC? > > is_alive() > { > ... > node_page = f2fs_get_node_page(sbi, nid); <--- inode page Aren't we seeing the below version warnings? if (sum->version != dni->version) { f2fs_warn(sbi, "%s: valid data with mismatched node version.", __func__); set_sbi_flag(sbi, SBI_NEED_FSCK); } > > source_blkaddr = datablock_addr(NULL, node_page, ofs_in_node); So, we're getting this? Does this incur infinite loop in GC? if (!test_and_set_bit(segno, SIT_I(sbi)->invalid_segmap)) { f2fs_err(sbi, "mismatched blkaddr %u (source_blkaddr %u) in seg %u\n", f2fs_bug_on(sbi, 1); } > ... > } > > datablock_addr() > { > ... > base = offset_in_addr(&raw_node->i); <--- the base could be wrong here due to > accessing uninitialized .i_inline of raw_node->i. > ... > } > > Thanks, > > > > >> > >> - gc_data_segment > >> - is_alive > >> - datablock_addr > >> - offset_in_addr > >> > >> Fixes: 7a2af766af15 ("f2fs: enhance on-disk inode structure scalability") > >> Signed-off-by: Chao Yu > >> --- > >> fs/f2fs/dir.c | 3 +++ > >> 1 file changed, 3 insertions(+) > >> > >> diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c > >> index 765f13354d3f..b1840852967e 100644 > >> --- a/fs/f2fs/dir.c > >> +++ b/fs/f2fs/dir.c > >> @@ -479,6 +479,9 @@ struct page *f2fs_init_inode_metadata(struct inode *inode, struct inode *dir, > >> if (IS_ERR(page)) > >> return page; > >> > >> + /* synchronize inode page's data from inode cache */ > >> + f2fs_update_inode(inode, page); > >> + > >> if (S_ISDIR(inode->i_mode)) { > >> /* in order to handle error case */ > >> get_page(page); > >> -- > >> 2.18.0.rc1