Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp7624487rdb; Thu, 4 Jan 2024 02:27:13 -0800 (PST) X-Google-Smtp-Source: AGHT+IFTtYvO7UykyLvXWqXlCeLd/LOkh7IlVA9H77x0u9xaaG2ElM/RwTyDA45Qj5gi6NQIzuX0 X-Received: by 2002:a05:620a:3199:b0:77e:fba3:755e with SMTP id bi25-20020a05620a319900b0077efba3755emr364805qkb.86.1704364032762; Thu, 04 Jan 2024 02:27:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704364032; cv=none; d=google.com; s=arc-20160816; b=evyKriPXBqiDLXiBqdevKwL0+6MumSkDuKPF8wfG4Jgm1FQEiCwzbFgYuUwSCpU03M wGOL9ld1ZVh6ft1nv1lCjjznkonuA87PIM3i3u2XmST8Oat4Vouu9gqyWte65w9dyEnG 30L3qGFwsolimEn0F+/RlWvY2J2V/EPOcRI8T48js3b57Kit+2rc8oYFrk0J/ESN5d6M 9TKtuW4xJPiUK43aEvxknVa6zAPqCPYFqDEupkTEWnAcLsrd6FPu5IicPRUZPWu1GXex /21EHPVg1EjjQWFFyp7Glv4YQIahpjiSWP/y/JqjCmjLJL0DnOkp7Fay0LgsushgvxWv qSSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-signature:dkim-signature :dkim-signature; bh=IpPQBTmyvOP/OKFAG4qDUnS9KMdhc1z7R/7qs76GfkQ=; fh=5un1d8xtzyGoOLKz+kZ9DYZNSDsKNptG9uOLeK+5l+o=; b=fTeSswrqOoEIDaHvLZaSAoaozsAxQ9NVx8+Fr3PNcTyilP8BPt9IqsuQkAZIthp8Xm h9rHQP+2A1I1urbVzA6TR0NY8aBa++KcGDzGxzvj17ugBWI6AI9Bd7xEcWK2acdUgOwu khBipENRvdhl9ZJWHoYLBLM4qtpOsu+iGi8RAr3/ahCHqLLa1m1g5TReJZj7VLxLw9Bu u5LegcXJE+5HlELrBO3NNhBpUiTe3mLCqOXvKAV0FMEfzv9kcH/rKX94yP3vp44rpEiY M16DTfmpD3DWRkFxyjB13z9lMfehbX5fJRrvPo9oIX6r1XQWBfMZVpSciXviRCryQi3/ 08tQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=uQJP+z05; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=uQJP+z05; dkim=neutral (no key) header.i=@suse.cz; spf=pass (google.com: domain of linux-ext4+bounces-670-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-ext4+bounces-670-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id bn5-20020a05620a2ac500b0077d6046fc74si30774905qkb.577.2024.01.04.02.27.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jan 2024 02:27:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-ext4+bounces-670-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=uQJP+z05; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=uQJP+z05; dkim=neutral (no key) header.i=@suse.cz; spf=pass (google.com: domain of linux-ext4+bounces-670-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-ext4+bounces-670-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 6AA621C22842 for ; Thu, 4 Jan 2024 10:27:12 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C30C420B2F; Thu, 4 Jan 2024 10:27:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="uQJP+z05"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="ocKIaO+L"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="uQJP+z05"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="ocKIaO+L" X-Original-To: linux-ext4@vger.kernel.org Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 519A520B11; Thu, 4 Jan 2024 10:27:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 688B021E06; Thu, 4 Jan 2024 10:27:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1704364021; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=IpPQBTmyvOP/OKFAG4qDUnS9KMdhc1z7R/7qs76GfkQ=; b=uQJP+z05cUrj8PC51PfcNuJqx9Vjpi9JcPgzr+Z7RC3FepVFea/Kd59mSbSIx3+PSFy0u4 8a/8LGOWKAbUQmzG34OEkfQl8DB05XJPl41K+OLIw+sjVMLLgVa8jITRPTb87lgK0+1HE8 cJ8KnD0NNphRA+Xjj0KcHHZ9LlYsTXU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1704364021; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=IpPQBTmyvOP/OKFAG4qDUnS9KMdhc1z7R/7qs76GfkQ=; b=ocKIaO+Lvr2HMGBjdsRAFQpfdZyWibgWKlYF7bjz//rlr400lrl5zpbB4/Pkl8UjfwKvjD +JqF+6LmiynGAsDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1704364021; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=IpPQBTmyvOP/OKFAG4qDUnS9KMdhc1z7R/7qs76GfkQ=; b=uQJP+z05cUrj8PC51PfcNuJqx9Vjpi9JcPgzr+Z7RC3FepVFea/Kd59mSbSIx3+PSFy0u4 8a/8LGOWKAbUQmzG34OEkfQl8DB05XJPl41K+OLIw+sjVMLLgVa8jITRPTb87lgK0+1HE8 cJ8KnD0NNphRA+Xjj0KcHHZ9LlYsTXU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1704364021; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=IpPQBTmyvOP/OKFAG4qDUnS9KMdhc1z7R/7qs76GfkQ=; b=ocKIaO+Lvr2HMGBjdsRAFQpfdZyWibgWKlYF7bjz//rlr400lrl5zpbB4/Pkl8UjfwKvjD +JqF+6LmiynGAsDQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 59246137E8; Thu, 4 Jan 2024 10:27:01 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 7ai9FfWHlmXEcQAAD6G6ig (envelope-from ); Thu, 04 Jan 2024 10:27:01 +0000 Received: by quack3.suse.cz (Postfix, from userid 1000) id DF668A07EF; Thu, 4 Jan 2024 11:27:00 +0100 (CET) Date: Thu, 4 Jan 2024 11:27:00 +0100 From: Jan Kara To: Baokun Li Cc: linux-ext4@vger.kernel.org, tytso@mit.edu, adilger.kernel@dilger.ca, jack@suse.cz, ritesh.list@gmail.com, linux-kernel@vger.kernel.org, yi.zhang@huawei.com, yangerkun@huawei.com, yukuai3@huawei.com, Wei Chen , xingwei lee , stable@vger.kernel.org Subject: Re: [PATCH v2 1/8] ext4: fix double-free of blocks due to wrong extents moved_len Message-ID: <20240104102700.kqfc6xg3mc7ur5kl@quack3> References: <20231221150558.2740823-1-libaokun1@huawei.com> <20231221150558.2740823-2-libaokun1@huawei.com> Precedence: bulk X-Mailing-List: linux-ext4@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231221150558.2740823-2-libaokun1@huawei.com> Authentication-Results: smtp-out1.suse.de; none X-Spam-Level: ***** X-Spam-Score: 5.20 X-Spamd-Result: default: False [5.20 / 50.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; BAYES_HAM(-0.00)[38.34%]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_ENVRCPT(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_THREE(0.00)[3]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; NEURAL_SPAM_LONG(3.50)[1.000]; RCPT_COUNT_TWELVE(0.00)[13]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; MID_RHS_NOT_FQDN(0.50)[]; FREEMAIL_CC(0.00)[vger.kernel.org,mit.edu,dilger.ca,suse.cz,gmail.com,huawei.com]; RCVD_TLS_ALL(0.00)[]; SUSPICIOUS_RECIPS(1.50)[] X-Spam-Flag: NO On Thu 21-12-23 23:05:51, Baokun Li wrote: > In ext4_move_extents(), moved_len is only updated when all moves are > successfully executed, and only discards orig_inode and donor_inode > preallocations when moved_len is not zero. When the loop fails to exit > after successfully moving some extents, moved_len is not updated and > remains at 0, so it does not discard the preallocations. > > If the moved extents overlap with the preallocated extents, the > overlapped extents are freed twice in ext4_mb_release_inode_pa() and > ext4_process_freed_data() (as described in commit 94d7c16cbbbd ("ext4: > Fix double-free of blocks with EXT4_IOC_MOVE_EXT")), and bb_free is > incremented twice. Hence when trim is executed, a zero-division bug is > triggered in mb_update_avg_fragment_size() because bb_free is not zero > and bb_fragments is zero. > > Therefore, update move_len after each extent move to avoid the issue. > > Reported-by: Wei Chen > Reported-by: xingwei lee > Closes: https://lore.kernel.org/r/CAO4mrferzqBUnCag8R3m2zf897ts9UEuhjFQGPtODT92rYyR2Q@mail.gmail.com > Fixes: fcf6b1b729bc ("ext4: refactor ext4_move_extents code base") > CC: stable@vger.kernel.org # 3.18 > Signed-off-by: Baokun Li Looks good! Feel free to add: Reviewed-by: Jan Kara Honza > --- > fs/ext4/move_extent.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/fs/ext4/move_extent.c b/fs/ext4/move_extent.c > index 3aa57376d9c2..391efa6d4c56 100644 > --- a/fs/ext4/move_extent.c > +++ b/fs/ext4/move_extent.c > @@ -618,6 +618,7 @@ ext4_move_extents(struct file *o_filp, struct file *d_filp, __u64 orig_blk, > goto out; > o_end = o_start + len; > > + *moved_len = 0; > while (o_start < o_end) { > struct ext4_extent *ex; > ext4_lblk_t cur_blk, next_blk; > @@ -672,7 +673,7 @@ ext4_move_extents(struct file *o_filp, struct file *d_filp, __u64 orig_blk, > */ > ext4_double_up_write_data_sem(orig_inode, donor_inode); > /* Swap original branches with new branches */ > - move_extent_per_page(o_filp, donor_inode, > + *moved_len += move_extent_per_page(o_filp, donor_inode, > orig_page_index, donor_page_index, > offset_in_page, cur_len, > unwritten, &ret); > @@ -682,9 +683,6 @@ ext4_move_extents(struct file *o_filp, struct file *d_filp, __u64 orig_blk, > o_start += cur_len; > d_start += cur_len; > } > - *moved_len = o_start - orig_blk; > - if (*moved_len > len) > - *moved_len = len; > > out: > if (*moved_len) { > -- > 2.31.1 > -- Jan Kara SUSE Labs, CR