Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3270704ybb; Sun, 22 Mar 2020 20:06:52 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvLj7oJQzKWUpyr+R74qbbCvUcXkwVSdyOpwPHXykMtgobphv8it4DzGnMFkihLhH6nMUhV X-Received: by 2002:aca:4b56:: with SMTP id y83mr16037813oia.142.1584932812568; Sun, 22 Mar 2020 20:06:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584932812; cv=none; d=google.com; s=arc-20160816; b=ky248kk4951X7rBVNXM0uguu/8eeD2FtLzQJb9V2eVULYX3n1JKWBIlKbXDWCGPEa3 M/QcN/qzrX6lUAKlOB5mtHTAjghDLqqP5EjfGL3tLk5ZTtAhnT7pKQLoBPwcFkgen2SM BLFP6LsFEJ3Js/peVwGs5qPV6QasXZsrCtS/8qWNUvsJ1MNHwjKS25KGIfnbCHOQVar0 J0EUnnZJhwEJprDJnqHfiWNEeotXMXli1ybvVmpVcO5qzwhA8vHGA7LLqEvqyvdUaoZs 77h/lYogGKJ6PwOyM2P4Deac7bRlyX6jSv1UWDo4Ahzry6GZfPBEnfBLMnet06oMCDlo mxLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:mail-followup-to:message-id:subject:cc:to :from:date:dkim-signature; bh=vas0MnWj4oybl6l+JxWfKFOBg4TAy61ny4KhPKdVuro=; b=bBIYf+JQRRDUupip8DaaWnCUdSvgC45rnqI22apIvCJogCnRDQEtj2UEWZXu/WpSu3 OY9vHCASahP8VaBcvIyB4NDz0MLCScHLvp98s03rBV28iI4DXT//gbrJ4QX9dLFBqySP hvyrXuYaS8tFtsZCyfhZDaxrCvs8ph12kL4Dj/BjjpJBjl8ozBeXtKoCizBv/Y+7NbZn FG2jP/HRDDbCZ4/bCoZgA14Twqjh34yRp6MJITT87IJNwmXmYv5P/4bC3Z75nltNn3/X hU3wp0W/JcYvaM+W2a1okSGX7g/FzgmSsOLEHWzoCJlH2GE6UQp6ed41RhamD6MB+zQ8 6NAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@xff.cz header.s=mail header.b=jb0LErdb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=xff.cz Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 18si6872211oin.182.2020.03.22.20.06.40; Sun, 22 Mar 2020 20:06:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@xff.cz header.s=mail header.b=jb0LErdb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=xff.cz Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727059AbgCWDFw (ORCPT + 99 others); Sun, 22 Mar 2020 23:05:52 -0400 Received: from vps.xff.cz ([195.181.215.36]:38156 "EHLO vps.xff.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726916AbgCWDFv (ORCPT ); Sun, 22 Mar 2020 23:05:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xff.cz; s=mail; t=1584932750; bh=dWxO70ZTLWZJ/KAhe6blVdbhTNEFPju6heLfNQ0Z/9U=; h=Date:From:To:Cc:Subject:References:X-My-GPG-KeyId:From; b=jb0LErdb9VgV2rmrGqNGuWkkc6q8J/yibcY2EIVwy/McVutQzIq9iRJXhWRWsH1OS qjXwx0iPNQXjLu/JS1P0bwqR6nZl6tMLE4KHtqLuN5zV5XC0KyFD48G78KWOVUyRuH XFne/Mtcbekr6lhg0nZHmRWFForeLeoQurKCxNIk= Date: Mon, 23 Mar 2020 04:05:49 +0100 From: =?utf-8?Q?Ond=C5=99ej?= Jirman To: Chao Yu Cc: jaegeuk@kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org, chao@kernel.org Subject: Re: [PATCH v4] f2fs: fix potential .flags overflow on 32bit architecture Message-ID: <20200323030549.rwlexq76ng4nq7nt@core.my.home> Mail-Followup-To: =?utf-8?Q?Ond=C5=99ej?= Jirman , Chao Yu , jaegeuk@kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org, chao@kernel.org References: <20200323024109.60967-1-yuchao0@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200323024109.60967-1-yuchao0@huawei.com> X-My-GPG-KeyId: EBFBDDE11FB918D44D1F56C1F9F0A873BE9777ED Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, On Mon, Mar 23, 2020 at 10:41:09AM +0800, Chao Yu wrote: > f2fs_inode_info.flags is unsigned long variable, it has 32 bits > in 32bit architecture, since we introduced FI_MMAP_FILE flag > when we support data compression, we may access memory cross > the border of .flags field, corrupting .i_sem field, result in > below deadlock. > > To fix this issue, let's expand .flags as an array to grab enough > space to store new flags. > > Call Trace: > __schedule+0x8d0/0x13fc > ? mark_held_locks+0xac/0x100 > schedule+0xcc/0x260 > rwsem_down_write_slowpath+0x3ab/0x65d > down_write+0xc7/0xe0 > f2fs_drop_nlink+0x3d/0x600 [f2fs] > f2fs_delete_inline_entry+0x300/0x440 [f2fs] > f2fs_delete_entry+0x3a1/0x7f0 [f2fs] > f2fs_unlink+0x500/0x790 [f2fs] > vfs_unlink+0x211/0x490 > do_unlinkat+0x483/0x520 > sys_unlink+0x4a/0x70 > do_fast_syscall_32+0x12b/0x683 > entry_SYSENTER_32+0xaa/0x102 > > Fixes: 4c8ff7095bef ("f2fs: support data compression") > Signed-off-by: Chao Yu Tested-by: Ondrej Jirman This patch alone also fixes all the other lockups I reported recently, that were easier to trigger than this one. thanks, o.