Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3280849ybb; Sun, 22 Mar 2020 20:23:50 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsi15R5UIx34cD6SCT9Jd3QVwYRiCSSW6ARdg8MsDZDFPRTjgbzQUpjkocUOwkSgCD9enUQ X-Received: by 2002:a9d:ed5:: with SMTP id 79mr15312692otj.249.1584933830253; Sun, 22 Mar 2020 20:23:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584933830; cv=none; d=google.com; s=arc-20160816; b=z/+HBpfor1FeJqeS1Y3SceTQ566DcGxmadzlh+N6w7Ckh5WvukzeB6kjA8ICbUjM57 Ck+Wv9g9evI3RfsEh3mezMiT0wpcCmuq+stdsFA2PMLfzgZbhkgmh32FUJqj1DP6g/5R vFbHqpsSXDzti6XotkcuWXDl6yMQz28LUW0p/VV2BhnKeS4NVZLBTLESUAbz2JRGdGRi zo53lWB1bmB9CXGtQuVWHJh+YPm8KihyZeyhANBIx/4URBibiJWCiUu405Y9I92q696m jj1GJiSYzfoK+LJ3thCkp/wqCNpK2nmC5KBMsK+kVoMRgo0x0tsqF0j8fQx2EcbTgVn1 yY+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=KgKgfVDIaLdHok6e03vavGFfQrzRhyf0kPcQZrhNjq0=; b=aulcGITZnA96xK0vjvCCMly5L7bn78IPJjSzWBo3JVoQPMuByUkOKdVZkSTKBGQ8Tx zD4VJIdET3odwjVa0maHImiL+IWUk1vM7K52sSmb0v6AyRwkLhlP1IfVwHz+O6ieubem uNHBqwx7F01Iuskn5/9hi4nCzeZiJ1/WVM60arKOXQ8Nw9oEGKDHsyGpFtX+e/7PN8uA I1gkDBpPyuAD4KPxsL8P067Fo7v3GWivmhoqVKCaUEWJCET54wyogtq8jcJ0Ky0mJqn6 1mZ+CFV1e9ATPUTQKk4zZy1vqUDiR8jgZBLtECcsOqfMEPId+c7At1ss/WYJqLFzVGOU Ad6A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y206si1785671oig.253.2020.03.22.20.23.37; Sun, 22 Mar 2020 20:23:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727096AbgCWDWU (ORCPT + 99 others); Sun, 22 Mar 2020 23:22:20 -0400 Received: from szxga07-in.huawei.com ([45.249.212.35]:54580 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726979AbgCWDWU (ORCPT ); Sun, 22 Mar 2020 23:22:20 -0400 Received: from DGGEMS412-HUB.china.huawei.com (unknown [172.30.72.58]) by Forcepoint Email with ESMTP id 4129B9EA7CDED3C0FD5D; Mon, 23 Mar 2020 11:22:07 +0800 (CST) Received: from [10.134.22.195] (10.134.22.195) by smtp.huawei.com (10.3.19.212) with Microsoft SMTP Server (TLS) id 14.3.487.0; Mon, 23 Mar 2020 11:22:02 +0800 Subject: Re: [PATCH v4] f2fs: fix potential .flags overflow on 32bit architecture To: Joe Perches , CC: , , References: <20200323024109.60967-1-yuchao0@huawei.com> <8d435607bd79f518bd9420d68894ddda521bac5a.camel@perches.com> From: Chao Yu Message-ID: Date: Mon, 23 Mar 2020 11:22:01 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <8d435607bd79f518bd9420d68894ddda521bac5a.camel@perches.com> Content-Type: text/plain; charset="windows-1252" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.134.22.195] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020/3/23 10:57, Joe Perches wrote: > On Mon, 2020-03-23 at 10:41 +0800, Chao Yu wrote: >> f2fs_inode_info.flags is unsigned long variable, it has 32 bits >> in 32bit architecture, since we introduced FI_MMAP_FILE flag >> when we support data compression, we may access memory cross >> the border of .flags field, corrupting .i_sem field, result in >> below deadlock. > [] >> diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h > [] >> @@ -682,6 +682,47 @@ enum { > [] >> +/* used for f2fs_inode_info->flags */ >> +enum { > [] >> + FI_MAX, /* max flag, never be used */ >> +}; >> + >> +/* f2fs_inode_info.flags array size */ >> +#define FI_ARRAY_SIZE (BITS_TO_LONGS(FI_MAX)) > > Perhaps FI_ARRAY_SIZE isn't necessary. > >> + >> struct f2fs_inode_info { >> struct inode vfs_inode; /* serve a vfs inode */ >> unsigned long i_flags; /* keep an inode flags for ioctl */ >> @@ -694,7 +735,7 @@ struct f2fs_inode_info { >> umode_t i_acl_mode; /* keep file acl mode temporarily */ >> >> /* Use below internally in f2fs*/ >> - unsigned long flags; /* use to pass per-file flags */ >> + unsigned long flags[FI_ARRAY_SIZE]; /* use to pass per-file flags */ > > and BITS_TO_LONGS should be used here. > >> diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c > [] >> @@ -362,7 +363,8 @@ static int do_read_inode(struct inode *inode) >> fi->i_flags = le32_to_cpu(ri->i_flags); >> if (S_ISREG(inode->i_mode)) >> fi->i_flags &= ~F2FS_PROJINHERIT_FL; >> - fi->flags = 0; >> + for (i = 0; i < FI_ARRAY_SIZE; i++) >> + fi->flags[i] = 0; > > And this could become > > bitmap_zero(fi->flags, BITS_TO_LONG(FI_MAX)); > > Is FI_ARRAY_SIZE used anywhere else? Updated in v5, thanks. Thanks, > > . >