From: Pavel Skripkin <paskripkin@gmail.com>
To: Jan Kara <jack@suse.cz>
Cc: tiantao6@hisilicon.com, rdunlap@infradead.org,
reiserfs-devel@vger.kernel.org, linux-kernel@vger.kernel.org,
syzbot+0ba9909df31c6a36974d@syzkaller.appspotmail.com
Subject: Re: [PATCH] reiserfs: add check for invalid 1st journal block
Date: Mon, 17 May 2021 14:37:52 +0300 [thread overview]
Message-ID: <20210517143752.2f43af03@gmail.com> (raw)
In-Reply-To: <20210517101523.GB31755@quack2.suse.cz>
On Mon, 17 May 2021 12:15:23 +0200
Jan Kara <jack@suse.cz> wrote:
> On Sat 15-05-21 00:23:35, Pavel Skripkin wrote:
> > syzbot reported divide error in reiserfs.
> > The problem was in incorrect journal 1st block.
> >
> > Syzbot's reproducer manualy generated wrong superblock
> > with incorrect 1st block. In journal_init() wasn't
> > any checks about this particular case.
> >
> > For example, if 1st journal block is before superblock
> > 1st block, it can cause zeroing important superblock members
> > in do_journal_end().
> >
> > Reported-and-tested-by:
> > syzbot+0ba9909df31c6a36974d@syzkaller.appspotmail.com
> > Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
>
> Thanks for the patch. One comment below:
>
> > diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c
> > index 9edc8e2b154e..d58f24a08385 100644
> > --- a/fs/reiserfs/journal.c
> > +++ b/fs/reiserfs/journal.c
> > @@ -2758,6 +2758,19 @@ int journal_init(struct super_block *sb,
> > const char *j_dev_name, goto free_and_return;
> > }
> >
> > + /*
> > + * Sanity check to see is journal first block correct.
> > + * If journal first block is invalid it can cause
> > + * zeroing important superblock members.
> > + */
> > + if (SB_ONDISK_JOURNAL_1st_BLOCK(sb) <
> > SB_JOURNAL_1st_RESERVED_BLOCK(sb)) {
>
> I guess this check is valid only if !SB_ONDISK_JOURNAL_DEVICE(sb),
> isn't it? Otherwise you are comparing block numbers from two
> different devices...
>
Hi!
Indeed. Thanks for pointing it out! I'll send v2 soon
> Honza
>
> > + reiserfs_warning(sb, "journal-1393",
> > + "journal 1st super block is invalid: 1st
> > reserved block %d, but actual 1st block is %d",
> > + SB_JOURNAL_1st_RESERVED_BLOCK(sb),
> > + SB_ONDISK_JOURNAL_1st_BLOCK(sb));
> > + goto free_and_return;
> > + }
> > +
> > if (journal_init_dev(sb, journal, j_dev_name) != 0) {
> > reiserfs_warning(sb, "sh-462",
> > "unable to initialize journal
> > device"); --
> > 2.31.1
> >
With regards,
Pavel Skripkin
next prev parent reply other threads:[~2021-05-17 11:37 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-14 21:23 [PATCH] reiserfs: add check for invalid 1st journal block Pavel Skripkin
2021-05-17 10:15 ` Jan Kara
2021-05-17 11:37 ` Pavel Skripkin [this message]
2021-05-17 12:15 ` [PATCH v2] " Pavel Skripkin
2021-05-17 13:08 ` Jan Kara
2021-06-08 10:44 ` Pavel Skripkin
2021-06-08 11:56 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210517143752.2f43af03@gmail.com \
--to=paskripkin@gmail.com \
--cc=jack@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=rdunlap@infradead.org \
--cc=reiserfs-devel@vger.kernel.org \
--cc=syzbot+0ba9909df31c6a36974d@syzkaller.appspotmail.com \
--cc=tiantao6@hisilicon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.