mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-13 22:25:03 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/f2fs
History
Chao Yu 5b5b4f85b0 f2fs: fix to do sanity check on .cp_pack_total_block_count 
As bughunter reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=215709

f2fs may hang when mounting a fuzzed image, the dmesg shows as below:

__filemap_get_folio+0x3a9/0x590
pagecache_get_page+0x18/0x60
__get_meta_page+0x95/0x460 [f2fs]
get_checkpoint_version+0x2a/0x1e0 [f2fs]
validate_checkpoint+0x8e/0x2a0 [f2fs]
f2fs_get_valid_checkpoint+0xd0/0x620 [f2fs]
f2fs_fill_super+0xc01/0x1d40 [f2fs]
mount_bdev+0x18a/0x1c0
f2fs_mount+0x15/0x20 [f2fs]
legacy_get_tree+0x28/0x50
vfs_get_tree+0x27/0xc0
path_mount+0x480/0xaa0
do_mount+0x7c/0xa0
__x64_sys_mount+0x8b/0xe0
do_syscall_64+0x38/0xc0
entry_SYSCALL_64_after_hwframe+0x44/0xae

The root cause is cp_pack_total_block_count field in checkpoint was fuzzed
to one, as calcuated, two cp pack block locates in the same block address,
so then read latter cp pack block, it will block on the page lock due to
the lock has already held when reading previous cp pack block, fix it by
adding sanity check for cp_pack_total_block_count.

Cc: stable@vger.kernel.org
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2022-03-21 09:10:21 -07:00
..
acl.c f2fs: support idmapped mounts 2022-02-12 06:20:46 -08:00
acl.h vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
checkpoint.c f2fs: fix to do sanity check on .cp_pack_total_block_count 2022-03-21 09:10:21 -07:00
compress.c f2fs: compress: fix to print raw data size in error path of lz4 decompression 2022-03-17 09:16:22 -07:00
data.c f2fs: fix compressed file start atomic write may cause data corruption 2022-03-18 09:12:48 -07:00
debug.c f2fs: introduce gc_urgent_mid mode 2022-03-17 09:16:22 -07:00
dir.c f2fs: move f2fs to use reader-unfair rwsems 2022-01-24 17:40:04 -08:00
extent_cache.c f2fs: support fault injection for f2fs_kmem_cache_alloc() 2021-08-17 11:59:05 -07:00
f2fs.h f2fs: introduce gc_urgent_mid mode 2022-03-17 09:16:22 -07:00
file.c f2fs: fix compressed file start atomic write may cause data corruption 2022-03-18 09:12:48 -07:00
gc.c f2fs: introduce gc_urgent_mid mode 2022-03-17 09:16:22 -07:00
gc.h f2fs: introduce gc_merge mount option 2021-03-30 18:48:56 -07:00
hash.c f2fs: Handle casefolding with Encryption 2020-12-02 22:00:21 -08:00
inline.c f2fs: move f2fs to use reader-unfair rwsems 2022-01-24 17:40:04 -08:00
inode.c f2fs: don't get FREEZE lock in f2fs_evict_inode in frozen fs 2022-03-11 07:36:17 -08:00
iostat.c f2fs: use iomap for direct I/O 2021-12-10 15:48:30 -08:00
iostat.h f2fs: introduce periodic iostat io latency traces 2021-08-23 10:25:51 -07:00
Kconfig f2fs: introduce F2FS_UNFAIR_RWSEM to support unfair rwsem 2022-03-04 09:15:53 -08:00
Makefile f2fs: separate out iostat feature 2021-08-23 10:25:51 -07:00
namei.c f2fs: remove redundant parameter judgment 2022-03-17 09:16:22 -07:00
node.c f2fs: fix to avoid potential deadlock 2022-03-03 13:30:48 -08:00
node.h f2fs: add a way to limit roll forward recovery time 2022-02-12 05:58:18 -08:00
recovery.c f2fs: add a way to limit roll forward recovery time 2022-02-12 05:58:18 -08:00
segment.c f2fs: fix to do sanity check on curseg->alloc_type 2022-03-03 18:19:41 -08:00
segment.h f2fs: introduce F2FS_IPU_HONOR_OPU_WRITE ipu policy 2022-02-07 11:28:35 -08:00
shrinker.c f2fs: avoid race condition for shrinker count 2020-12-03 00:59:26 -08:00
super.c f2fs: use aggressive GC policy during f2fs_disable_checkpoint() 2022-03-18 09:13:02 -07:00
sysfs.c f2fs: make gc_urgent and gc_segment_mode sysfs node readable 2022-03-21 09:09:54 -07:00
verity.c f2fs: move f2fs to use reader-unfair rwsems 2022-01-24 17:40:04 -08:00
xattr.c f2fs: move f2fs to use reader-unfair rwsems 2022-01-24 17:40:04 -08:00
xattr.h