Received: by 2002:a05:7412:8d1c:b0:fa:4c10:6cad with SMTP id bj28csp46756rdb; Tue, 16 Jan 2024 14:34:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IGVxXk5IPHo5liAh91IyvBaX6VADVWwhYB1399Sk9bC6qmgyN/2XmaNMyrcBvUYkEr3ZMZ2 X-Received: by 2002:a05:622a:1786:b0:429:f3f5:ac9b with SMTP id s6-20020a05622a178600b00429f3f5ac9bmr4771979qtk.54.1705444492202; Tue, 16 Jan 2024 14:34:52 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705444492; cv=pass; d=google.com; s=arc-20160816; b=IZ1vwXkQ2t9LuPHEAN102OzkIRw+U95HNzZc/mFTDw+5Y3egIRY2hMvsgQEwN3IT/6 FacXWt4XoOnRx78Hy+EZTKzIXaoefM9RIgqQwc05aq7U4f878pZr9Ifgn3ZGTO59ulKE xAsxasMNLWkGANBRIObr82vETIadzIo5xxM+PaJF8SbYetA0CqHrxaBBqVzRjr+mU9uP Fah6pKd1izEZp2QQn49bencSi2jVndT65bY5hxJCD/74POL0A99vpvvzQ08ttTNG9aSL fuvrKnAjmmXOusuLvhsoqXY4MPlInWI3i3HWZCFyy3Om9zUVaePk2eB6Wk9W1qVHOKA/ z2OA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=UM17XEtXwoJG5qURPoDZ6ip2BPJ/BbKfK3ArAY10wg4=; fh=SP9x42O07+HHsSTMiG6b0usn34njVxdJGuRHaXolcjQ=; b=aJDrS/fHSjaXHSQwjO2YHn8pHWdN3gMkUFduggBFq8GktXsZbm0SK5K8BT17AnvBR8 aCp94SW4xaw6eugSbZkJsyqOt2w2fXgUrU3uOrBIeVu9laKHONv0160vVNAWhuCrZeCB t4g+llGnsesw6bU0EI4a6qILI4qUMgZigK+UZycWzRZvFz2tTZNNsEo6tTWjoVO4jU5A E3SExWgbplorUNiLyam55XrudHJ+zZ9a0IubFHsrzBY+il1ZhVje6C5GR6L5A3UxSwjt R76bwr30fqIVCDTAcUJIs04vcO68yTSZ5nl1ZH0Q06yo+ewB58GKQB2PCXCGzFyh0t0p qCEg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=DfwV6uuc; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-28326-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-28326-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id w11-20020a05622a134b00b00429fcbeed33si3068010qtk.84.2024.01.16.14.34.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Jan 2024 14:34:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-28326-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=DfwV6uuc; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-28326-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-28326-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id EF33F1C28446 for ; Tue, 16 Jan 2024 22:34:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A01F040BFA; Tue, 16 Jan 2024 21:58:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="DfwV6uuc" Received: from mail-vk1-f173.google.com (mail-vk1-f173.google.com [209.85.221.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6973D208D3 for ; Tue, 16 Jan 2024 21:58:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.173 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705442313; cv=none; b=BluzdE4OO6/5WlzosgMG3Jjp9EuqHoxGzCSBbsxHRaeGZ//YH5ddVZK286cfaMTgJN4AGpMu5Wnog4n0CGBo4c/rm0fvMfSUnlzNQxJDJ/9t3cAAi8BNae5hsVX3lwyfoLRQ2BH/EoZg6vLF02Yv5R568naSrWRWXGkZcuKZrS0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705442313; c=relaxed/simple; bh=tYV2v2ZK76kq4jutmjqloA75EDuiOR6iltoW7jUGdDo=; h=Received:DKIM-Signature:X-Google-DKIM-Signature: X-Gm-Message-State:X-Google-Smtp-Source:X-Received:MIME-Version: References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc: Content-Type:Content-Transfer-Encoding; b=ld7/veOtbWKkoxmSS5hsoYzMxz/qYPw2BixZKHK9wUp4KxseRIS53sqi/J2Q+Nsh/g/sazvLeJORJ7R1683E3YUgv6IMSGKBH8vKAPProacmDXQWW/WcTkEQkkSKcQcW9jSfUPN/9Zh5IjAKK0ZpxILpmyz3c31Fhh9fj6b4YKQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=DfwV6uuc; arc=none smtp.client-ip=209.85.221.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-vk1-f173.google.com with SMTP id 71dfb90a1353d-4b978e5e240so818335e0c.0 for ; Tue, 16 Jan 2024 13:58:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705442310; x=1706047110; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=UM17XEtXwoJG5qURPoDZ6ip2BPJ/BbKfK3ArAY10wg4=; b=DfwV6uucs2xc76XBFPz9tvvv7DUMG0f3atP5RNcUIpTM42IB5yU9HHpcKhMzEJzTSK Eg0PFJWVx6kzmx0Qb0nmmS4jf+2tAi9r8jZiwQEmPF3/11cUMfJ+FBaTTJKys2ugVgsn NDm7UvXH4gMtqlnGbVpWLuSEKVvEzAzrObZMHFx7+rGRZRDt2POf9Hgp27ij/j6hLhUb QICHtrw0wELNakBC7ulwOnQOdB/CiRkyUwbVeRTQtBOgpXfYFKmUee9m+qpxqj1sf+8Q DLUt7YMSpSm2EYokrQVLAjC9uc7MAof5VTWcbUdardZGI6q/jdYZp3DT+HFHVpxr07H6 sadA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705442310; x=1706047110; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UM17XEtXwoJG5qURPoDZ6ip2BPJ/BbKfK3ArAY10wg4=; b=YOPVbISCAdTUpcZNchTwCzAoUgVgp8MJag1JA+hJzFv6sfZ0OsUz7jHUFK5AHPGjW8 K9w3btbF521mFZTL4RUhVwuH1M9NXnBZNqdAlXsUXnolriU/eVvG86ptfmqKEt5tnIP2 NLb0bkx5ma8UEuRBdnEem8SLyXZGN90OwbkCPRyrJQbJgPDWybrEiTMUtC6vNeCsl6bM i+SWAvqPKyX35xK+fzfKKdThFp403XhdZedsVXgUnTZ+iMuvMek4guXOvXLK7+UmPi5q q6Zg2j99Am2YO6oM7ZyTjf8AfF0t4sCZopmpalBebyjsjNpOuZXv1RB+JzepfJ6Pbqpc wz3w== X-Gm-Message-State: AOJu0YyKqIUEYSUyyIBgt/7efdAziqh3Te7nbbmzYIBTToXJNZzGOV4b gBcx4ppmOamgZ6d66901/y2nUeH8WPAqHjgfvSk= X-Received: by 2002:ac5:c5d7:0:b0:4b7:45b7:63fc with SMTP id g23-20020ac5c5d7000000b004b745b763fcmr3079766vkl.33.1705442310109; Tue, 16 Jan 2024 13:58:30 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240116141138.1245-1-qwjhust@gmail.com> In-Reply-To: <20240116141138.1245-1-qwjhust@gmail.com> From: Daeho Jeong Date: Tue, 16 Jan 2024 13:58:18 -0800 Message-ID: Subject: Re: [f2fs-dev] [PATCH v1] f2fs: fix NULL pointer dereference in f2fs_submit_page_write() To: Wenjie Qi Cc: jaegeuk@kernel.org, chao@kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org, hustqwj@hust.edu.cn Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Jan 16, 2024 at 6:13=E2=80=AFAM Wenjie Qi wrote= : > > BUG: kernel NULL pointer dereference, address: 0000000000000014 > RIP: 0010:f2fs_submit_page_write+0x6cf/0x780 [f2fs] > Call Trace: > > ? show_regs+0x6e/0x80 > ? __die+0x29/0x70 > ? page_fault_oops+0x154/0x4a0 > ? prb_read_valid+0x20/0x30 > ? __irq_work_queue_local+0x39/0xd0 > ? irq_work_queue+0x36/0x70 > ? do_user_addr_fault+0x314/0x6c0 > ? exc_page_fault+0x7d/0x190 > ? asm_exc_page_fault+0x2b/0x30 > ? f2fs_submit_page_write+0x6cf/0x780 [f2fs] > ? f2fs_submit_page_write+0x736/0x780 [f2fs] > do_write_page+0x50/0x170 [f2fs] > f2fs_outplace_write_data+0x61/0xb0 [f2fs] > f2fs_do_write_data_page+0x3f8/0x660 [f2fs] > f2fs_write_single_data_page+0x5bb/0x7a0 [f2fs] > f2fs_write_cache_pages+0x3da/0xbe0 [f2fs] > ... > It is possible that other threads have added this fio to io->bio > and submitted the io->bio before entering f2fs_submit_page_write(). > At this point io->bio =3D NULL. > If is_end_zone_blkaddr(sbi, fio->new_blkaddr) of this fio is true, > then an NULL pointer dereference error occurs at bio_get(io->bio). > The original code for determining zone end was after "out:", > which would have missed some fio who is zone end. I've moved > this code before "skip:" to make sure it's done for each fio. > > Signed-off-by: Wenjie Qi > --- > fs/f2fs/data.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c > index dce8defdf4c7..4f445906db8b 100644 > --- a/fs/f2fs/data.c > +++ b/fs/f2fs/data.c > @@ -1080,10 +1080,6 @@ void f2fs_submit_page_write(struct f2fs_io_info *f= io) > io->last_block_in_bio =3D fio->new_blkaddr; > > trace_f2fs_submit_page_write(fio->page, fio); > -skip: > - if (fio->in_list) > - goto next; > -out: > #ifdef CONFIG_BLK_DEV_ZONED > if (f2fs_sb_has_blkzoned(sbi) && btype < META && > is_end_zone_blkaddr(sbi, fio->new_blkaddr)) { > @@ -1096,6 +1092,10 @@ void f2fs_submit_page_write(struct f2fs_io_info *f= io) > __submit_merged_bio(io); > } > #endif > +skip: > + if (fio->in_list) > + goto next; > +out: How about moving only the "out" label instead of the whole block from "skip" to "out"? > if (is_sbi_flag_set(sbi, SBI_IS_SHUTDOWN) || > !f2fs_is_checkpoint_ready(sbi)) > __submit_merged_bio(io); > -- > 2.34.1 > > > > _______________________________________________ > Linux-f2fs-devel mailing list > Linux-f2fs-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel