tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()

If nilfs2 reads a disk image with corrupted segment usage metadata, and
its segment usage information is marked as an error for the segment at the
write location, nilfs_sufile_set_segment_usage() can trigger WARN_ONs
during log writing.

Segments newly allocated for writing with nilfs_sufile_alloc() will not
have this error flag set, but this unexpected situation will occur if the
segment indexed by either nilfs->ns_segnum or nilfs->ns_nextnum (active
segment) was marked in error.

Fix this issue by inserting a sanity check to treat it as a file system
corruption.

Since error returns are not allowed during the execution phase where
nilfs_sufile_set_segment_usage() is used, this inserts the sanity check
into nilfs_sufile_mark_dirty() which pre-reads the buffer containing the
segment usage record to be updated and sets it up in a dirty state for
writing.

In addition, nilfs_sufile_set_segment_usage() is also called when
canceling log writing and undoing segment usage update, so in order to
avoid issuing the same kernel warning in that case, in case of
cancellation, avoid checking the error flag in
nilfs_sufile_set_segment_usage().

Link: https://lkml.kernel.org/r/20231205085947.4431-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+14e9f834f6ddecece094@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=14e9f834f6ddecece094
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Ryusuke Konishi and committed by
Andrew Morton 675abf8d 4a3ef6be

+36 -8
+36 -8
fs/nilfs2/sufile.c
··· 501 501 502 502 down_write(&NILFS_MDT(sufile)->mi_sem); 503 503 ret = nilfs_sufile_get_segment_usage_block(sufile, segnum, 0, &bh); 504 - if (!ret) { 505 - mark_buffer_dirty(bh); 506 - nilfs_mdt_mark_dirty(sufile); 507 - kaddr = kmap_atomic(bh->b_page); 508 - su = nilfs_sufile_block_get_segment_usage(sufile, segnum, bh, kaddr); 509 - nilfs_segment_usage_set_dirty(su); 504 + if (ret) 505 + goto out_sem; 506 + 507 + kaddr = kmap_atomic(bh->b_page); 508 + su = nilfs_sufile_block_get_segment_usage(sufile, segnum, bh, kaddr); 509 + if (unlikely(nilfs_segment_usage_error(su))) { 510 + struct the_nilfs *nilfs = sufile->i_sb->s_fs_info; 511 + 510 512 kunmap_atomic(kaddr); 511 513 brelse(bh); 514 + if (nilfs_segment_is_active(nilfs, segnum)) { 515 + nilfs_error(sufile->i_sb, 516 + "active segment %llu is erroneous", 517 + (unsigned long long)segnum); 518 + } else { 519 + /* 520 + * Segments marked erroneous are never allocated by 521 + * nilfs_sufile_alloc(); only active segments, ie, 522 + * the segments indexed by ns_segnum or ns_nextnum, 523 + * can be erroneous here. 524 + */ 525 + WARN_ON_ONCE(1); 526 + } 527 + ret = -EIO; 528 + } else { 529 + nilfs_segment_usage_set_dirty(su); 530 + kunmap_atomic(kaddr); 531 + mark_buffer_dirty(bh); 532 + nilfs_mdt_mark_dirty(sufile); 533 + brelse(bh); 512 534 } 535 + out_sem: 513 536 up_write(&NILFS_MDT(sufile)->mi_sem); 514 537 return ret; 515 538 } ··· 559 536 560 537 kaddr = kmap_atomic(bh->b_page); 561 538 su = nilfs_sufile_block_get_segment_usage(sufile, segnum, bh, kaddr); 562 - WARN_ON(nilfs_segment_usage_error(su)); 563 - if (modtime) 539 + if (modtime) { 540 + /* 541 + * Check segusage error and set su_lastmod only when updating 542 + * this entry with a valid timestamp, not for cancellation. 543 + */ 544 + WARN_ON_ONCE(nilfs_segment_usage_error(su)); 564 545 su->su_lastmod = cpu_to_le64(modtime); 546 + } 565 547 su->su_nblocks = cpu_to_le32(nblocks); 566 548 kunmap_atomic(kaddr); 567 549