Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
From:   Yangtao Li <frank.li@vivo.com>
To:     jaegeuk@kernel.org, chao@kernel.org
Cc:     linux-f2fs-devel@lists.sourceforge.net,
        linux-kernel@vger.kernel.org, Yangtao Li <frank.li@vivo.com>,
        kernel test robot <lkp@intel.com>,
        Dan Carpenter <error27@gmail.com>
Subject: [PATCH v3 1/2] f2fs: fix to avoid potential memory corruption in __update_iostat_latency()
Date:   Sat, 21 Jan 2023 00:16:55 +0800
Message-Id: <20230120161656.70308-1-frank.li@vivo.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?mJT2oE7+ENvW68Ki7r6LEBUFcTmIBnoqGYO+bHgMikq2NXvZjZ4YS85UdsCa?=
 =?us-ascii?Q?pKleo3CBPxbWd2dM71kifd3eX0muQoLnT8fAWg/a7VjdbRH0BZimnMIAer74?=
 =?us-ascii?Q?mU/Sm/eQfBgewmEHS5MOB75m0xZj8vr3A4CuCyoMw8jvFytmmA8eGz24fbq2?=
 =?us-ascii?Q?dB+bJgqZhgLSyMu9fgVlRqx5toUkaPaMyvZ7N7lVqtqT/9g3kfSE+t0G8T/+?=
 =?us-ascii?Q?STA5Pqjg3HnI0HQY8+VfSehRjvlYeo0CCu2r4pfi4xUx2rbhVL9ra0i6Y8M8?=
 =?us-ascii?Q?7QDY3tLL7GHlrGQidzOTdpANp+oTkazpBtvBFw9TWgIxxntdI/5l3ObGFLhx?=
 =?us-ascii?Q?4CzI+dmUiGHocX+4caz5+5BfgPNNMWZNSYBNjaQARJif9o+pnqWgn8njUme1?=
 =?us-ascii?Q?6T6H37Uo5AiRviYXYZYKBbQ+zzk/8jxQ2NQ8pLXlBkXM6lJ2nlQZUSRfiNrs?=
 =?us-ascii?Q?vP7w2Eq4LYD8v3TYj+E42fnqebzo1yGtnmHIKDQC0DC03G8v1UNQjqkKkaSL?=
 =?us-ascii?Q?SfifbjZ5ICH3K9F4fEjkTml08FFK7pu7isU5/9GWDU5Z7/kbpc6BX+2TxNzN?=
 =?us-ascii?Q?tkSkcdE2p6WjLw01xWSeLvyfYCVsJ8HyDaez7pE7seB3o8R8r8Vwm9zp3bgc?=
 =?us-ascii?Q?oc3sEVA3Mau4JjHcz1+zHkYG/rmW7f3Vqu9/B0Axs9uErI4SB0lRRYERVgJs?=
 =?us-ascii?Q?KzSh5OTZ6wgq/cu31AbvPmjIwE05rhqScXJOAWnUyG6JaT1/nTOe0UYe3Xzr?=
 =?us-ascii?Q?vLkdoyPEGLTiYV6x59IAArXz7SnZak1GVW7Ho22qYjRkSxJjd020MS5pgL6u?=
 =?us-ascii?Q?qCUnIGfXsAWbcwWNKGCZ0yuFfx4+J4NxEwIyzSIdPsvybGyjx2bOphXPUiAa?=
 =?us-ascii?Q?6viacEfSUiQYDG8bG1haALUhwvNO3d9oH8BkD9yTeA5iUGjvzk6i3Tgh9YaU?=
 =?us-ascii?Q?GzxYlYsLHiwGtuJIgTRbkwikwVmw8Kb+6ko8kqGy7ElspjFzhx3vqjPL4LTI?=
 =?us-ascii?Q?RhK0jAatwnM8LxDyjo3GBnyEjpIa2MGeAACTH2rnJOsG3pHL/O4UvDsgyc4W?=
 =?us-ascii?Q?1menBJfOdXe7mgDJkT8uXQh6hHp8CG6YyESGERSG20E/c/EVdm/NJm/75olc?=
 =?us-ascii?Q?TKVFAf2X6B6juLR0I2YKZ3LuEpkxE4RLTf8x/1jpnyS4uYyjDuFkx9jbroW+?=
 =?us-ascii?Q?ZGrkrTPseAsf9hKkykGVFsi7BG56fov/BvGxRykgc4naDH6LKUKLxq9MgHj1?=
 =?us-ascii?Q?/n2TOBnES892X7sdIDoKj+dnKwkugnu6XdQmald+2UyJyl8sxe+WFzUxUnyp?=
 =?us-ascii?Q?fV8+8xiO5Y3Ro5B8+uaDjkYgdorbCOzxKXfFaGilKtPjEovvaRtJCmUdwRGC?=
 =?us-ascii?Q?HlV2Lso52DD7EWampQAkwLvEmHcS0y4SJU76p+kJpJp9E48OU7Q6hyIqZcqX?=
 =?us-ascii?Q?xbT8e9oc8obklvse+5cOSm1HZaCTbgi7duh0ZCQBCDiRYsBDUtx2hbihzYfQ?=
 =?us-ascii?Q?B4VXZ5Br7wuJk3rJvtp5UHBRf4JsFsWFbY+SHyujzmjKeBF5cQuINaN9e3fY?=
 =?us-ascii?Q?fqalXUOk5mUdvFn84abb533GEPtnzG2bZIkflBj9?=
X-OriginatorOrg: vivo.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 607ef2a7-b2db-4734-7847-08dafb01c623
X-MS-Exchange-CrossTenant-AuthSource: SEZPR06MB5269.apcprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jan 2023 16:17:06.5504
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 923e42dc-48d5-4cbe-b582-1a797a6412ed
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: UJLCCWrPkiFlpDUO0N3+9TAPX1O9KBzmKBEVm8QQgj3TFHFANwNjUpqXRFfqqt6Re3hAFAVIqy9ktURRWsVWFw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR06MB6233
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Add iotype sanity check to avoid potential memory corruption.
This is to fix the compile error below:

fs/f2fs/iostat.c:231 __update_iostat_latency() error: buffer overflow
'io_lat->peak_lat[type]' 3 <= 3

vim +228 fs/f2fs/iostat.c

  211  static inline void __update_iostat_latency(struct bio_iostat_ctx
	*iostat_ctx,
  212					enum iostat_lat_type type)
  213  {
  214		unsigned long ts_diff;
  215		unsigned int page_type = iostat_ctx->type;
  216		struct f2fs_sb_info *sbi = iostat_ctx->sbi;
  217		struct iostat_lat_info *io_lat = sbi->iostat_io_lat;
  218		unsigned long flags;
  219
  220		if (!sbi->iostat_enable)
  221			return;
  222
  223		ts_diff = jiffies - iostat_ctx->submit_ts;
  224		if (page_type >= META_FLUSH)
                                 ^^^^^^^^^^

  225			page_type = META;
  226
  227		spin_lock_irqsave(&sbi->iostat_lat_lock, flags);
 @228		io_lat->sum_lat[type][page_type] += ts_diff;
                                      ^^^^^^^^^
Mixup between META_FLUSH and NR_PAGE_TYPE leads to memory corruption.

Fixes: a4b6817625e7 ("f2fs: introduce periodic iostat io latency traces")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <error27@gmail.com>
Suggested-by: Chao Yu <chao@kernel.org>
Suggested-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Yangtao Li <frank.li@vivo.com>
---
v3:
-convert to warn
 fs/f2fs/iostat.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/f2fs/iostat.c b/fs/f2fs/iostat.c
index ed8176939aa5..96637756eae8 100644
--- a/fs/f2fs/iostat.c
+++ b/fs/f2fs/iostat.c
@@ -223,8 +223,12 @@ static inline void __update_iostat_latency(struct bio_iostat_ctx *iostat_ctx,
 		return;
 
 	ts_diff = jiffies - iostat_ctx->submit_ts;
-	if (iotype >= META_FLUSH)
+	if (iotype == META_FLUSH) {
 		iotype = META;
+	} else if (iotype >= NR_PAGE_TYPE) {
+		f2fs_warn(sbi, "%s: %d over NR_PAGE_TYPE", __func__, iotype);
+		return;
+	}
 
 	if (rw == 0) {
 		idx = READ_IO;
-- 
2.25.1