* [Bug 202747] New: sometime kernel crash when kzfree is called in fs/f2fs/xattr.c
@ 2019-03-04 13:30 bugzilla-daemon
2019-03-05 6:40 ` [Bug 202747] " bugzilla-daemon
2019-03-16 8:09 ` bugzilla-daemon
0 siblings, 2 replies; 3+ messages in thread
From: bugzilla-daemon @ 2019-03-04 13:30 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=202747
Bug ID: 202747
Summary: sometime kernel crash when kzfree is called in
fs/f2fs/xattr.c
Product: File System
Version: 2.5
Kernel Version: f2fs-dev
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: high
Priority: P1
Component: f2fs
Assignee: filesystem_f2fs@kernel-bugs.kernel.org
Reporter: jiqun.li@unisoc.com
Regression: No
in file fs/f2fs/xattr.c
kzfree() is called somewhere
example:
static int read_all_xattrs(struct inode *inode, struct page *ipage,
void **base_addr)
{
......
txattr_addr = f2fs_kzalloc(F2FS_I_SB(inode),
inline_size + size + XATTR_PADDING_SIZE, GFP_NOFS);
.....
kzfree(txattr_addr);
return err;
}
address is alloced by f2fs_kzalloc(), step into, it may use kmalloc() or
kvmalloc(),
accordingly the address should be freed by kfree() or kvfree(), but kzfree()
aways use kfree(), then the kernel crashed when the address is alloced by
kvmalloc().
I have changed kzfree to kvfree, kernel not crash any more, I not understand
why set the memory to zero before free the address.
so I use the patch, kernel not crash also。
it diff diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 85d9508..c4b3d7b
100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -2798,6 +2798,18 @@ static inline void *f2fs_kmalloc(struct f2fs_sb_info
*sbi,
return kvmalloc(size, flags);
}
+static inline void *f2fs_kzfree(const void *p) {
+ size_t ks;
+ void *mem = (void *)p;
+
+ if (unlikely(ZERO_OR_NULL_PTR(mem)))
+ return;
+ ks = ksize(mem);
+ memset(mem, 0, ks);
+ kvfree(mem);
+}
+
static inline void *kvzalloc(size_t size, gfp_t flags) {
void *ret;
diff --git a/fs/f2fs/xattr.c b/fs/f2fs/xattr.c index dedc91a..0152ed8 100644
--- a/fs/f2fs/xattr.c
+++ b/fs/f2fs/xattr.c
@@ -386,7 +386,7 @@ check:
*base_addr = txattr_addr;
return 0;
out:
- kzfree(txattr_addr);
+ f2fs_kzfree(txattr_addr);
return err;
}
@@ -429,7 +429,7 @@ static int read_all_xattrs(struct inode *inode, struct page
*ipage,
*base_addr = txattr_addr;
return 0;
fail:
- kzfree(txattr_addr);
+ f2fs_kzfree(txattr_addr);
return err;
}
@@ -556,7 +556,7 @@ int f2fs_getxattr(struct inode *inode, int index, const
char *name,
}
error = size;
out:
- kzfree(base_addr);
+ f2fs_kzfree(base_addr);
return error;
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug 202747] sometime kernel crash when kzfree is called in fs/f2fs/xattr.c
2019-03-04 13:30 [Bug 202747] New: sometime kernel crash when kzfree is called in fs/f2fs/xattr.c bugzilla-daemon
@ 2019-03-05 6:40 ` bugzilla-daemon
2019-03-16 8:09 ` bugzilla-daemon
1 sibling, 0 replies; 3+ messages in thread
From: bugzilla-daemon @ 2019-03-05 6:40 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=202747
Chao Yu (chao@kernel.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |chao@kernel.org
--- Comment #1 from Chao Yu (chao@kernel.org) ---
I didn't see many filesystems are using kzfree(), instead, there are many
callers come from crypto module, I guess they use the buffer to store
ciphertext or crypto key temporarily, so, before freeing those buffer it will
be better to clean the data in buffer to avoid confidential data leak.
For f2fs, I think there is no such demand, and we just missed to change kzfree
to kvfree in below commit:
5222595d093e ("f2fs: use kvmalloc, if kmalloc is failed")
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug 202747] sometime kernel crash when kzfree is called in fs/f2fs/xattr.c
2019-03-04 13:30 [Bug 202747] New: sometime kernel crash when kzfree is called in fs/f2fs/xattr.c bugzilla-daemon
2019-03-05 6:40 ` [Bug 202747] " bugzilla-daemon
@ 2019-03-16 8:09 ` bugzilla-daemon
1 sibling, 0 replies; 3+ messages in thread
From: bugzilla-daemon @ 2019-03-16 8:09 UTC (permalink / raw)
To: linux-f2fs-devel
https://bugzilla.kernel.org/show_bug.cgi?id=202747
Chao Yu (chao@kernel.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |CODE_FIX
--- Comment #2 from Chao Yu (chao@kernel.org) ---
The fixing patch has been merged, close this issue.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2a6a7e722e7a78d774ce02b847c5b183a3ff2672
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-03-16 8:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-04 13:30 [Bug 202747] New: sometime kernel crash when kzfree is called in fs/f2fs/xattr.c bugzilla-daemon
2019-03-05 6:40 ` [Bug 202747] " bugzilla-daemon
2019-03-16 8:09 ` bugzilla-daemon
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.