Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7566C61DA4 for ; Fri, 27 Jan 2023 13:23:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234698AbjA0NX0 (ORCPT ); Fri, 27 Jan 2023 08:23:26 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41158 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234149AbjA0NXW (ORCPT ); Fri, 27 Jan 2023 08:23:22 -0500 Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D017D80148; Fri, 27 Jan 2023 05:23:20 -0800 (PST) Received: by mail-pl1-x633.google.com with SMTP id x5so1444694plr.2; Fri, 27 Jan 2023 05:23:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5j29kml6zIepJZzNZLhnsejuRvqVcZnRr54YcbRqQ4s=; b=NAD/8CLetbneQ3aGVzaDGDWFro/8aJ2Y/tSZS1ISbz5SE2Vikv/Ho49ojlXLmKtdt4 yBBvYT2ZX5Pd8ja+Rct0Bifa6avxL3n8l4/5QvNAMOf+xX97YR0r41ZkDNiNRkNzUyfH FhXGHiQtte0nX6akxLxU6+B5YPEn8RKHEGNEy5AEgoRBCcssc2g/MD5MRpy+KmHWX4Yq BvxYgn6w3GisTfZnmzPjJ22aLGJ4ra8gB4uHNGxsuPhxSQArlQTNt/4JGJdR8+EiMbST 8S+LSK+RUpgHtN2rDI9Wdew1YbpTyTO/MmA6hAqIfT/lQUchyv/vO42sj0RSx7WWIkVq BWmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5j29kml6zIepJZzNZLhnsejuRvqVcZnRr54YcbRqQ4s=; b=lYQkXEm+jPVs2aedQ7VZh9BCsRuK0p/jCejZJXXUfgh4LaEsI3vWVnyptgBWtP43MK rMGNZTL91uPqrHmo6MN/gmNHZ2aGC51KMv2JTHr2ZSNhHT8smv2qrxLIFIuQ+trVI1cI Ayr/FO7ElbGyzioSnMJGag40LrXQtbDOgVT06569bNGu+z0+e52ac6xAzL3ExsBxeiNn ZcedVBc/d6vpXS2JAOEyzKsYr7B9bZY5jvwT2o8Un7qH6IehLS2kjrdLnFFy1UC7UcnV 9tcULD2GYngdgPvbYy2CpGShfZOe8uLopsjZEdSzHwI3qLpU3r2njO/M8L+8cJB0FyIm cqQA== X-Gm-Message-State: AFqh2komGW7YL1M/rMDWDCaqGURoicjRovqXFpC4vhLgl7VGGLfnnH7p xY4LANFAQBsoKy6MxKzYp90= X-Google-Smtp-Source: AMrXdXuwtBcwHIiFOeCERQG29bFr3M05M6JE3cAavhFEjLgrLSiHkxus/YImOBt8A4NHElncU9aujw== X-Received: by 2002:a17:902:7089:b0:194:6414:12db with SMTP id z9-20020a170902708900b00194641412dbmr37789473plk.56.1674825799976; Fri, 27 Jan 2023 05:23:19 -0800 (PST) Received: from carrot.. (i223-217-149-217.s42.a014.ap.plala.or.jp. [223.217.149.217]) by smtp.gmail.com with ESMTPSA id jo8-20020a170903054800b001946a3f4d9csm2870264plb.38.2023.01.27.05.23.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 27 Jan 2023 05:23:19 -0800 (PST) From: Ryusuke Konishi To: Andrew Morton Cc: linux-nilfs , syzbot , syzkaller-bugs@googlegroups.com, LKML Subject: [PATCH] nilfs2: prevent WARNING in nilfs_dat_commit_end() Date: Fri, 27 Jan 2023 22:22:02 +0900 Message-Id: <20230127132202.6083-1-konishi.ryusuke@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <000000000000154d2c05e9ec7df6@google.com> References: <000000000000154d2c05e9ec7df6@google.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If nilfs2 reads a corrupted disk image and its DAT metadata file contains invalid lifetime data for a virtual block number, a kernel warning can be generated by the WARN_ON check in nilfs_dat_commit_end() and can panic if the kernel is booted with panic_on_warn. This patch avoids the issue with a sanity check that treats it as an error. Since error return is not allowed in the execution phase of nilfs_dat_commit_end(), this inserts that sanity check in nilfs_dat_prepare_end(), which prepares for nilfs_dat_commit_end(). As the error code, -EINVAL is returned to notify bmap layer of the metadata corruption. When the bmap layer sees this code, it handles the abnormal situation and replaces the return code with -EIO as it should. Link: https://lkml.kernel.org/r/000000000000154d2c05e9ec7df6@google.com Signed-off-by: Ryusuke Konishi Reported-by: syzbot+cbff7a52b6f99059e67f@syzkaller.appspotmail.com Tested-by: Ryusuke Konishi --- Andrew, please add this patch to the queue. This fixes another WARN_ON hit in fs/nilfs2/dat.c for a corrupted disk image pattern. Thanks, Ryusuke Konishi fs/nilfs2/dat.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c index 1e7f653c1df7..9cf6ba58f585 100644 --- a/fs/nilfs2/dat.c +++ b/fs/nilfs2/dat.c @@ -158,6 +158,7 @@ void nilfs_dat_commit_start(struct inode *dat, struct nilfs_palloc_req *req, int nilfs_dat_prepare_end(struct inode *dat, struct nilfs_palloc_req *req) { struct nilfs_dat_entry *entry; + __u64 start; sector_t blocknr; void *kaddr; int ret; @@ -169,6 +170,7 @@ int nilfs_dat_prepare_end(struct inode *dat, struct nilfs_palloc_req *req) kaddr = kmap_atomic(req->pr_entry_bh->b_page); entry = nilfs_palloc_block_get_entry(dat, req->pr_entry_nr, req->pr_entry_bh, kaddr); + start = le64_to_cpu(entry->de_start); blocknr = le64_to_cpu(entry->de_blocknr); kunmap_atomic(kaddr); @@ -179,6 +181,15 @@ int nilfs_dat_prepare_end(struct inode *dat, struct nilfs_palloc_req *req) return ret; } } + if (unlikely(start > nilfs_mdt_cno(dat))) { + nilfs_err(dat->i_sb, + "vblocknr = %llu has abnormal lifetime: start cno (= %llu) > current cno (= %llu)", + (unsigned long long)req->pr_entry_nr, + (unsigned long long)start, + (unsigned long long)nilfs_mdt_cno(dat)); + nilfs_dat_abort_entry(dat, req); + return -EINVAL; + } return 0; } -- 2.34.1