From: Gabriel Krisman Bertazi <krisman@collabora.com>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <chao@kernel.org>,
linux-f2fs-devel@lists.sourceforge.net,
Daniel Rosenberg <drosen@google.com>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
syzkaller-bugs@googlegroups.com,
syzbot+05139c4039d0679e19ff@syzkaller.appspotmail.com
Subject: Re: [PATCH] f2fs: reject CASEFOLD inode flag without casefold feature
Date: Thu, 08 Oct 2020 15:26:45 -0400 [thread overview]
Message-ID: <87ft6oldsa.fsf@collabora.com> (raw)
In-Reply-To: <20201008191522.1948889-1-ebiggers@kernel.org> (Eric Biggers's message of "Thu, 8 Oct 2020 12:15:22 -0700")
Eric Biggers <ebiggers@kernel.org> writes:
> From: Eric Biggers <ebiggers@google.com>
>
> syzbot reported:
>
> general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
> KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
> CPU: 0 PID: 6860 Comm: syz-executor835 Not tainted 5.9.0-rc8-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> RIP: 0010:utf8_casefold+0x43/0x1b0 fs/unicode/utf8-core.c:107
> [...]
> Call Trace:
> f2fs_init_casefolded_name fs/f2fs/dir.c:85 [inline]
> __f2fs_setup_filename fs/f2fs/dir.c:118 [inline]
> f2fs_prepare_lookup+0x3bf/0x640 fs/f2fs/dir.c:163
> f2fs_lookup+0x10d/0x920 fs/f2fs/namei.c:494
> __lookup_hash+0x115/0x240 fs/namei.c:1445
> filename_create+0x14b/0x630 fs/namei.c:3467
> user_path_create fs/namei.c:3524 [inline]
> do_mkdirat+0x56/0x310 fs/namei.c:3664
> do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
> entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [...]
>
> The problem is that an inode has F2FS_CASEFOLD_FL set, but the
> filesystem doesn't have the casefold feature flag set, and therefore
> super_block::s_encoding is NULL.
>
> Fix this by making sanity_check_inode() reject inodes that have
> F2FS_CASEFOLD_FL when the filesystem doesn't have the casefold feature.
>
> Reported-by: syzbot+05139c4039d0679e19ff@syzkaller.appspotmail.com
> Fixes: 2c2eb7a300cd ("f2fs: Support case-insensitive file name lookups")
> Signed-off-by: Eric Biggers <ebiggers@google.com>
Looks good. For the record, this is fixed on ext4 already.
Reviewed-by: Gabriel Krisman Bertazi <krisman@collabora.com>
--
Gabriel Krisman Bertazi
WARNING: multiple messages have this Message-ID (diff)
From: Gabriel Krisman Bertazi <krisman@collabora.com>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Daniel Rosenberg <drosen@google.com>,
syzkaller-bugs@googlegroups.com, linux-kernel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
syzbot+05139c4039d0679e19ff@syzkaller.appspotmail.com,
linux-fsdevel@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>
Subject: Re: [f2fs-dev] [PATCH] f2fs: reject CASEFOLD inode flag without casefold feature
Date: Thu, 08 Oct 2020 15:26:45 -0400 [thread overview]
Message-ID: <87ft6oldsa.fsf@collabora.com> (raw)
In-Reply-To: <20201008191522.1948889-1-ebiggers@kernel.org> (Eric Biggers's message of "Thu, 8 Oct 2020 12:15:22 -0700")
Eric Biggers <ebiggers@kernel.org> writes:
> From: Eric Biggers <ebiggers@google.com>
>
> syzbot reported:
>
> general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
> KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
> CPU: 0 PID: 6860 Comm: syz-executor835 Not tainted 5.9.0-rc8-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> RIP: 0010:utf8_casefold+0x43/0x1b0 fs/unicode/utf8-core.c:107
> [...]
> Call Trace:
> f2fs_init_casefolded_name fs/f2fs/dir.c:85 [inline]
> __f2fs_setup_filename fs/f2fs/dir.c:118 [inline]
> f2fs_prepare_lookup+0x3bf/0x640 fs/f2fs/dir.c:163
> f2fs_lookup+0x10d/0x920 fs/f2fs/namei.c:494
> __lookup_hash+0x115/0x240 fs/namei.c:1445
> filename_create+0x14b/0x630 fs/namei.c:3467
> user_path_create fs/namei.c:3524 [inline]
> do_mkdirat+0x56/0x310 fs/namei.c:3664
> do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
> entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [...]
>
> The problem is that an inode has F2FS_CASEFOLD_FL set, but the
> filesystem doesn't have the casefold feature flag set, and therefore
> super_block::s_encoding is NULL.
>
> Fix this by making sanity_check_inode() reject inodes that have
> F2FS_CASEFOLD_FL when the filesystem doesn't have the casefold feature.
>
> Reported-by: syzbot+05139c4039d0679e19ff@syzkaller.appspotmail.com
> Fixes: 2c2eb7a300cd ("f2fs: Support case-insensitive file name lookups")
> Signed-off-by: Eric Biggers <ebiggers@google.com>
Looks good. For the record, this is fixed on ext4 already.
Reviewed-by: Gabriel Krisman Bertazi <krisman@collabora.com>
--
Gabriel Krisman Bertazi
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2020-10-08 19:26 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-08 14:59 general protection fault in utf8_casefold syzbot
2020-10-08 19:15 ` [PATCH] f2fs: reject CASEFOLD inode flag without casefold feature Eric Biggers
2020-10-08 19:15 ` [f2fs-dev] " Eric Biggers
2020-10-08 19:26 ` Gabriel Krisman Bertazi [this message]
2020-10-08 19:26 ` Gabriel Krisman Bertazi
2020-10-09 1:30 ` Chao Yu
2020-10-09 1:30 ` [f2fs-dev] " Chao Yu
2020-10-09 2:40 ` general protection fault in utf8_casefold syzbot
2020-10-09 2:40 ` [f2fs-dev] " syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ft6oldsa.fsf@collabora.com \
--to=krisman@collabora.com \
--cc=chao@kernel.org \
--cc=drosen@google.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+05139c4039d0679e19ff@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.