AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-01-18 12:46:11 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
9fd62605bb
linux_dsm_epyc7002/fs/f2fs
History
Chao Yu 9fd62605bb f2fs: fix to avoid accessing cross the boundary 
Configure io_bits with 2 and enable LFS mode, generic/017 reports below dmesg:

BUG: unable to handle kernel NULL pointer dereference at 00000039
*pdpt = 000000002fcb2001 *pde = 0000000000000000
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: crc32_generic zram f2fs(O) bnep rfcomm bluetooth ecdh_generic snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi pcbc snd_seq joydev aesni_intel aes_i586 snd_seq_device snd_timer crypto_simd cryptd snd soundcore i2c_piix4 serio_raw mac_hid video parport_pc ppdev lp parport hid_generic usbhid psmouse hid e1000
CPU: 2 PID: 20779 Comm: xfs_io Tainted: G           O      4.17.0-rc2 #38
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
EIP: is_checkpointed_data+0x84/0xd0 [f2fs]
EFLAGS: 00010207 CPU: 2
EAX: 00000000 EBX: f5cd7000 ECX: fffffe32 EDX: 00000039
ESI: 000001cd EDI: ec95fb6c EBP: e264bd80 ESP: e264bd6c
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
CR0: 80050033 CR2: 00000039 CR3: 2fe55660 CR4: 000406f0
Call Trace:
 __exchange_data_block+0xb3f/0x1000 [f2fs]
 f2fs_fallocate+0xab9/0x16b0 [f2fs]
 vfs_fallocate+0x17c/0x2d0
 ksys_fallocate+0x42/0x70
 sys_fallocate+0x31/0x40
 do_fast_syscall_32+0xaa/0x22c
 entry_SYSENTER_32+0x4c/0x7b
EIP: 0xb7f98c51
EFLAGS: 00000293 CPU: 2
EAX: ffffffda EBX: 00000003 ECX: 00000008 EDX: 01001000
ESI: 00000000 EDI: 00001000 EBP: 00000000 ESP: bfc0357c
 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b
Code: 00 00 d3 e8 8b 4d ec 2b 02 8b 55 f0 6b c0 1c 03 41 70 29 d6 8b 93 d0 06 00 00 8b 40 0c 83 ea 01 21 d6 89 f2 89 f1 c1 ea 03 f7 d1 <0f> be 14 10 83 e1 07 b8 01 00 00 00 d3 e0 85 c2 89 f8 0f 95 c3
EIP: is_checkpointed_data+0x84/0xd0 [f2fs] SS:ESP: 0068:e264bd6c
CR2: 0000000000000039
---[ end trace 9a4d4087cce6080a ]---

This is because in recovery flow of __exchange_data_block, we didn't pass olen to
__roll_back_blkaddrs, instead we passed len, which indicates wrong array size, result
in copying random block address into dnode page.

Later, once that random block address was accessed by is_checkpointed_data, it can
cause NULL pointer dereference.

Signed-off-by: Chao Yu <yuchao0@huawei.com>

Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2018-05-31 11:31:53 -07:00
..
acl.c posix_acl: convert posix_acl.a_refcount from atomic_t to refcount_t 2018-01-02 19:27:28 -08:00
acl.h f2fs: remove dead code f2fs_check_acl 2016-09-14 16:52:36 -07:00
checkpoint.c f2fs: clean up with is_valid_blkaddr() 2018-05-31 11:31:50 -07:00
data.c f2fs: fix to let caller retry allocating block address 2018-05-31 11:31:53 -07:00
debug.c f2fs: avoid stucking GC due to atomic write 2018-05-31 11:31:51 -07:00
dir.c f2fs: clean up with clear_radix_tree_dirty_tag 2018-05-31 11:31:52 -07:00
extent_cache.c f2fs: remove redundant initialization of pointer 'p' 2018-03-13 08:05:45 +09:00
f2fs.h f2fs: fix to let caller retry allocating block address 2018-05-31 11:31:53 -07:00
file.c f2fs: fix to avoid accessing cross the boundary 2018-05-31 11:31:53 -07:00
gc.c f2fs: fix to let caller retry allocating block address 2018-05-31 11:31:53 -07:00
gc.h f2fs: introduce sbi->gc_mode to determine the policy 2018-05-31 11:31:51 -07:00
hash.c f2fs: check entire encrypted bigname when finding a dentry 2017-05-04 11:44:35 -04:00
inline.c f2fs: clean up with clear_radix_tree_dirty_tag 2018-05-31 11:31:52 -07:00
inode.c f2fs: avoid stucking GC due to atomic write 2018-05-31 11:31:51 -07:00
Kconfig fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at 2018-01-01 12:45:37 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
namei.c f2fs: fix to initialize i_current_depth according to inode type 2018-05-31 11:31:50 -07:00
node.c f2fs: clean up with clear_radix_tree_dirty_tag 2018-05-31 11:31:52 -07:00
node.h f2fs: don't track new nat entry in nat set 2018-03-27 20:10:29 -07:00
recovery.c f2fs: clean up with is_valid_blkaddr() 2018-05-31 11:31:50 -07:00
segment.c f2fs: fix to let caller retry allocating block address 2018-05-31 11:31:53 -07:00
segment.h f2fs: avoid stucking GC due to atomic write 2018-05-31 11:31:51 -07:00
shrinker.c f2fs: obsolete ALLOC_NID_LIST list 2017-10-10 12:49:53 -07:00
super.c disable loading f2fs module on PAGE_SIZE > 4KB 2018-05-31 11:31:52 -07:00
sysfs.c f2fs: fix to avoid race during access gc_thread pointer 2018-05-31 11:31:52 -07:00
trace.c f2fs: fix potential hangtask in f2fs_trace_pid 2018-01-02 19:27:30 -08:00
trace.h f2fs: add sbi and page pointer in f2fs_io_info 2015-05-28 15:41:32 -07:00
xattr.c f2fs: correct removexattr behavior for null valued extended attribute 2018-01-22 14:56:57 -08:00
xattr.h f2fs: guard macro variables with braces 2017-04-10 19:48:10 -07:00