Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp1075979rdb; Wed, 24 Jan 2024 04:20:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IG+O2JdDO/A1eIMR5Jz/B+9Axcur/02ZOAUU33XY9Sgznuh86FE4MjeuKqVCs5cGH24VK1s X-Received: by 2002:ac8:5d46:0:b0:42a:4ec9:fc99 with SMTP id g6-20020ac85d46000000b0042a4ec9fc99mr2816283qtx.88.1706098800021; Wed, 24 Jan 2024 04:20:00 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706098800; cv=pass; d=google.com; s=arc-20160816; b=kHV1KR+vS4tJBaNbLMpVpGp6obchJtL7B2aSZB6bp8kYcUVtS8u9P+kFhZCBEbZaNh P5Hps+LoLW7b22qtScHJN066do6vDy3HsGIDKkEWPCboZOZfhVRan0osk8aLJV9dFb0a 8EYvlaD2lXAlZHqJTX1PzqAZX8WlQniHLQxQsqw2OVyOiVvPe2r+nyDkfj1x3OVlbyZ0 AbTvZqMDph9JvzFai2XHMKvdn+gzd/Q2rVY+RnT4N0wGg6U+eErk64qhtBq1lTK/jT2Q U/NYjp6lSK/M/CXG5FQGo1rpXNlkRatyfc7A3rrJT4Ve/GqV/UwG5VEuP+JiSTbKJBe9 XnXg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=Vx+0cl1ZNPikMxNrIrAgJ2neRZewXxRa0JMeCuH3m4Q=; fh=M4BPaMQ5Q3X2+FKbhXoDpy+/1kcj8JGJnMEJ6o+yvT4=; b=DmV2gJoOzfbCn9UrnKVtRiSxD1lCPDv6Mf+x//O2n/zmL+BhVyHvqzuxisHUfVxwkl jAhkF+g5aWFSzCgNbk8ukjWz4W0v10DUvlsLNfCUCZfEDz4a8uBpRFbnQ54YcxGsS81z FLpDwApCTjUV7utRCqM0UifwY1/zKN6Ay0klHjGXOCHcJeq1dnlenXMIwxEyzc7L32hC 4vj9T9jwyzOdTTYOn5npy0YF45W3fTj9mLhlfHDGBK1dqe0MF6cwT/ai6ex7X0/mpAVJ n3nph5Oaxp97coeX9MxNxt1MyIH7TNvkG7DP+T0cmp8xn17UKPEMq0Rlky+phDOojl0h t47g== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=VVh+Owxx; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-36959-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-36959-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id i10-20020ac85e4a000000b004298facb58asi10213519qtx.768.2024.01.24.04.19.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 04:20:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-36959-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=VVh+Owxx; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-36959-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-36959-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id C30211C21E46 for ; Wed, 24 Jan 2024 12:19:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 16AAB6311B; Wed, 24 Jan 2024 12:19:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VVh+Owxx" Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D96CD63115; Wed, 24 Jan 2024 12:19:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706098784; cv=none; b=UqCKH1yeE0Gspkj0quwpSEJ2RIzap+ZJpxBjbSj0I72CBuynQUNtTxt4L3BJnMQOxIjSPIpNeVszkxvlr2u6pAYeuSyQkNW77E3+MLXWMXGOHN7l0d01E6I1MQWpAP+PXQZBj6ZXb+SbBjRJvUhVyTCkC90ftUkiFUYMi0KVyd0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706098784; c=relaxed/simple; bh=9Ku4BKxZ6bGsXYD+z5ODPIV3wgtHmNAQqGbIzS9G2b0=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=UQLIcdJyX1MRuvlmBBtATY+jmjkYrqYSmp1h+mv1hx1pwTcTA3Q0kQz5SCnUxgBqYeyOW4hjUq8sxayyxGY6MaSpnBEuCYrFSGVVxqivX0bUHGpJIMPqIgNbp/4b+EruO2BJWyqXv3qzrVFFdpI54X6aLrxGK4si1ystM4yTZto= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=VVh+Owxx; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1d720c7fc04so30618155ad.2; Wed, 24 Jan 2024 04:19:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706098782; x=1706703582; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Vx+0cl1ZNPikMxNrIrAgJ2neRZewXxRa0JMeCuH3m4Q=; b=VVh+OwxxksfZiQQ9QoOzm5tMiC0U0V6yHy9C7qfzHPTrJyjGURESdMaBPp9Iw1uuc1 DGhCt7zzXDe8FY2p2k88JHBp2a0Aosjmpt5vfC96w8A8aq5DrQZZVYYjA2mYPIwRdw2q 0eKf7WzwRJpSeJW11hfNUvp+vJn9hYxFQgXGVEnTapUgtnqcdkmKFbDXqyy6Q4vo0q3S ejYrw1GgJkjhB4Uk9nE2pMi7FwZ13ZI74SmjuUNUH0p1gsKzuYCzxqm0p6DVpsSCn3yf G1G9t4RqVFR8fbPYpyTy5RwrnVWMOtbim2wi9I73wysbckOdcrm+XByA7CzsZR8r0NX/ 4p2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706098782; x=1706703582; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Vx+0cl1ZNPikMxNrIrAgJ2neRZewXxRa0JMeCuH3m4Q=; b=KiKbnf1k5bZ1eHNxKuTS/iFsPlJpTexKILF44v+G1zmiy+SsfI85TAmoftMNZA930H pJLZ9wffGcV2W2dFGp9ydvGtuFkGBvqcipn5qlW6GE+t4tVA3cPsWhMsP7tny9AcF97J EFvNHsG6reEtN+eH1M7cTwe5T6SxSlbIrzb0TvrHmqV6k+ZZIw9wnP1UIkYjKZ1sOrC4 j/gl1A9ckm1oNPWQrbLa3oZp5jIVih8cBh1TN2Ypeq2wXoj4UD5craFnblDR53YH/ECy k2GCu0cajTYjmARn2RVlN4FjaRlmbQuGMiqoBU3/V6tibKuDcdDrXctZeAKlX3Czt68x 3wcg== X-Gm-Message-State: AOJu0Yyu8TR45DLVhkxR0LA9TRjlhufcZAmFxRM7urcwSBqF/C+2m053 sZGEnywx60asConyjkD/dh66HyOtWlfwoA//ReydsuP0+Xpk+EWc43HE7dW1 X-Received: by 2002:a17:903:191:b0:1d7:2d44:576b with SMTP id z17-20020a170903019100b001d72d44576bmr733561plg.59.1706098781952; Wed, 24 Jan 2024 04:19:41 -0800 (PST) Received: from carrot.. (i223-218-154-72.s42.a014.ap.plala.or.jp. [223.218.154.72]) by smtp.gmail.com with ESMTPSA id j17-20020a170902f25100b001d70e83f9c3sm9816456plc.242.2024.01.24.04.19.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 04:19:40 -0800 (PST) From: Ryusuke Konishi To: Andrew Morton Cc: linux-nilfs@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] nilfs2: fix data corruption in dsync block recovery for small block sizes Date: Wed, 24 Jan 2024 21:19:36 +0900 Message-Id: <20240124121936.10575-1-konishi.ryusuke@gmail.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit The helper function nilfs_recovery_copy_block() of nilfs_recovery_dsync_blocks(), which recovers data from logs created by data sync writes during a mount after an unclean shutdown, incorrectly calculates the on-page offset when copying repair data to the file's page cache. In environments where the block size is smaller than the page size, this flaw can cause data corruption and leak uninitialized memory bytes during the recovery process. Fix these issues by correcting this byte offset calculation on the page. Signed-off-by: Ryusuke Konishi Tested-by: Ryusuke Konishi Cc: --- Andrew, please apply this patch as a bug fix. This patch may conflict with the first patch of the kmap conversion series that I posted earlier. Since this fix should be a priority, I made it against the mainline so that it can be applied before the kmap conversion patches. If the conflict ia a problem for your patch handling, please drop the first patch of the kmap conversion series (it can be dropped independently). In that case, I will repost the patch that resolves the conflict. Thanks, Ryusuke Konishi fs/nilfs2/recovery.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/nilfs2/recovery.c b/fs/nilfs2/recovery.c index 0955b657938f..a9b8d77c8c1d 100644 --- a/fs/nilfs2/recovery.c +++ b/fs/nilfs2/recovery.c @@ -472,9 +472,10 @@ static int nilfs_prepare_segment_for_recovery(struct the_nilfs *nilfs, static int nilfs_recovery_copy_block(struct the_nilfs *nilfs, struct nilfs_recovery_block *rb, - struct page *page) + loff_t pos, struct page *page) { struct buffer_head *bh_org; + size_t from = pos & ~PAGE_MASK; void *kaddr; bh_org = __bread(nilfs->ns_bdev, rb->blocknr, nilfs->ns_blocksize); @@ -482,7 +483,7 @@ static int nilfs_recovery_copy_block(struct the_nilfs *nilfs, return -EIO; kaddr = kmap_atomic(page); - memcpy(kaddr + bh_offset(bh_org), bh_org->b_data, bh_org->b_size); + memcpy(kaddr + from, bh_org->b_data, bh_org->b_size); kunmap_atomic(kaddr); brelse(bh_org); return 0; @@ -521,7 +522,7 @@ static int nilfs_recover_dsync_blocks(struct the_nilfs *nilfs, goto failed_inode; } - err = nilfs_recovery_copy_block(nilfs, rb, page); + err = nilfs_recovery_copy_block(nilfs, rb, pos, page); if (unlikely(err)) goto failed_page; -- 2.34.1