mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-13 06:08:07 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/ext4
History
Ye Bin 1da18e38cb ext4: fix reserved cluster accounting in __es_remove_extent() 
When bigalloc is enabled, reserved cluster accounting for delayed
allocation is handled in extent_status.c.  With a corrupted file
system, it's possible for this accounting to be incorrect,
dsicovered by Syzbot:

EXT4-fs error (device loop0): ext4_validate_block_bitmap:398: comm rep:
	bg 0: block 5: invalid block bitmap
EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical
	offset 0 with max blocks 32 with error 28
EXT4-fs (loop0): This should not happen!! Data will be lost

EXT4-fs (loop0): Total free blocks count 0
EXT4-fs (loop0): Free/Dirty block details
EXT4-fs (loop0): free_blocks=0
EXT4-fs (loop0): dirty_blocks=32
EXT4-fs (loop0): Block reservation details
EXT4-fs (loop0): i_reserved_data_blocks=2
EXT4-fs (loop0): Inode 18 (00000000845cd634):
	i_reserved_data_blocks (1) not cleared!

Above issue happens as follows:
Assume:
sbi->s_cluster_ratio = 16
Step1:
Insert delay block [0, 31] -> ei->i_reserved_data_blocks=2
Step2:
ext4_writepages
  mpage_map_and_submit_extent -> return failed
  mpage_release_unused_pages -> to release [0, 30]
    ext4_es_remove_extent -> remove lblk=0 end=30
      __es_remove_extent -> len1=0 len2=31-30=1
 __es_remove_extent:
 ...
 if (len2 > 0) {
  ...
	  if (len1 > 0) {
		  ...
	  } else {
		es->es_lblk = end + 1;
		es->es_len = len2;
		...
	  }
  	if (count_reserved)
		count_rsvd(inode, lblk, ...);
	goto out; -> will return but didn't calculate 'reserved'
 ...
Step3:
ext4_destroy_inode -> trigger "i_reserved_data_blocks (1) not cleared!"

To solve above issue if 'len2>0' call 'get_rsvd()' before goto out.

Reported-by: syzbot+05a0f0ccab4a25626e38@syzkaller.appspotmail.com
Fixes: 8fcc3a5806 ("ext4: rework reserved cluster accounting when invalidating pages")
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Eric Whitney <enwlinux@gmail.com>
Link: https://lore.kernel.org/r/20221208033426.1832460-2-yebin@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
2022-12-09 00:58:04 -05:00
..
.kunitconfig ext4: add .kunitconfig fragment to enable ext4-specific tests 2021-02-11 23:16:30 -05:00
acl.c fs/ext4: fix comments mentioning i_mutex 2022-02-03 10:57:53 -05:00
acl.h vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
balloc.c ext4: use ext4_debug() instead of jbd_debug() 2022-08-02 23:52:19 -04:00
bitmap.c
block_validity.c ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() 2022-02-25 21:34:56 -05:00
crypto.c ext4: refactor and move ext4_ioctl_get_encryption_pwsalt() 2022-05-21 22:24:24 -04:00
dir.c ext4: fix spelling errors in comments 2022-05-11 15:19:06 -04:00
ext4.h ext4: switch to using ext4_do_writepages() for ordered data writeout 2022-12-08 21:49:25 -05:00
ext4_extents.h ext4: fix sparse warnings 2021-08-30 23:36:50 -04:00
ext4_jbd2.c ext4: split ext4_journal_start trace for debug 2022-12-01 10:46:54 -05:00
ext4_jbd2.h ext4: split ext4_journal_start trace for debug 2022-12-01 10:46:54 -05:00
extents.c ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline 2022-12-08 21:49:25 -05:00
extents_status.c ext4: fix reserved cluster accounting in __es_remove_extent() 2022-12-09 00:58:04 -05:00
extents_status.h ext4: fix extent_status trace points 2020-01-25 02:03:03 -05:00
fast_commit.c jbd2: switch jbd2_submit_inode_data() to use fs-provided hook for data writeout 2022-12-08 21:49:25 -05:00
fast_commit.h ext4: add missing validation of fast-commit record lengths 2022-12-08 21:49:24 -05:00
file.c The first two changes that involve files outside of fs/ext4: 2022-10-06 17:45:53 -07:00
fsmap.c treewide: Change list_sort to use const pointers 2021-04-08 16:04:22 -07:00
fsmap.h ext4: fsmap: fix the block/inode bitmap comment 2021-06-24 09:48:29 -04:00
fsync.c block: use an on-stack bio in blkdev_issue_flush 2021-01-27 09:51:48 -07:00
hash.c unicode: clean up the Kconfig symbol confusion 2022-01-20 19:57:24 -05:00
ialloc.c ext4: split ext4_journal_start trace for debug 2022-12-01 10:46:54 -05:00
indirect.c ext4: fix error code return to user-space in ext4_get_branch() 2022-12-08 21:49:24 -05:00
inline.c fs/ext4: replace ternary operator with min()/max() and min_t() 2022-11-29 16:10:49 -05:00
inode-test.c fs: ext4: Modify inode-test.c to use KUnit parameterized testing feature 2020-12-02 16:07:25 -07:00
inode.c ext4: avoid unaccounted block allocation when expanding inode 2022-12-08 22:03:15 -05:00
ioctl.c ext4: initialize quota before expanding inode in setproject ioctl 2022-12-08 22:03:15 -05:00
Kconfig ext: EXT4_KUNIT_TESTS should depend on EXT4_FS instead of selecting it 2021-02-11 23:12:59 -05:00
Makefile ext4: move ext4 crypto code to its own file crypto.c 2022-05-21 22:24:24 -04:00
mballoc.c ext4: make ext4_mb_initialize_context return void 2022-12-08 21:49:25 -05:00
mballoc.h ext4: use buckets for cr 1 block scan instead of rbtree 2022-09-21 22:12:03 -04:00
migrate.c ext4: fix warning in 'ext4_da_release_space' 2022-11-06 01:07:59 -04:00
mmp.c treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
move_extent.c ext4: factor out ext4_free_ext_path() 2022-09-30 23:46:54 -04:00
namei.c ext4: init quota for 'old.inode' in 'ext4_rename' 2022-12-08 21:49:24 -05:00
orphan.c ext4: remove trailing newline from ext4_msg() message 2022-12-08 21:49:23 -05:00
page-io.c ext4: drop pointless IO submission from ext4_bio_write_page() 2022-12-08 21:49:25 -05:00
readpage.c ext4: replace kmem_cache_create with KMEM_CACHE 2022-12-08 21:49:24 -05:00
resize.c ext4: fix corruption when online resizing a 1K bigalloc fs 2022-12-08 21:49:24 -05:00
super.c ext4: switch to using ext4_do_writepages() for ordered data writeout 2022-12-08 21:49:25 -05:00
symlink.c ext4: fix reading leftover inlined symlinks 2022-08-02 23:37:50 -04:00
sysfs.c unicode: clean up the Kconfig symbol confusion 2022-01-20 19:57:24 -05:00
truncate.h ext4: Convert to use mapping->invalidate_lock 2021-07-13 14:29:00 +02:00
verity.c fs: ext4: initialize fsdata in pagecache_write() 2022-12-08 21:49:25 -05:00
xattr.c ext4: fix inode leak in ext4_xattr_inode_create() on an error path 2022-12-09 00:57:01 -05:00
xattr.h ext4: remove EA inode entry from mbcache on inode eviction 2022-08-02 23:56:25 -04:00
xattr_hurd.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_security.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_trusted.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_user.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00