From: kernel test robot <lkp@intel.com>
To: Randy Dunlap <rdunlap@infradead.org>, linux-kernel@vger.kernel.org
Cc: kbuild-all@lists.01.org, Randy Dunlap <rdunlap@infradead.org>,
syzbot+36315852ece4132ec193@syzkaller.appspotmail.com,
Dave Kleikamp <shaggy@kernel.org>,
jfs-discussion@lists.sourceforge.net
Subject: Re: [PATCH] JFS: more checks for invalid superblock
Date: Fri, 18 Dec 2020 15:23:21 +0800 [thread overview]
Message-ID: <202012181528.QLtx4Ix4-lkp@intel.com> (raw)
In-Reply-To: <20201218051920.6229-1-rdunlap@infradead.org>
[-- Attachment #1: Type: text/plain, Size: 4530 bytes --]
Hi Randy,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on shaggy/jfs-next]
[also build test WARNING on linux/master linus/master v5.10 next-20201217]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Randy-Dunlap/JFS-more-checks-for-invalid-superblock/20201218-132143
base: https://github.com/kleikamp/linux-shaggy jfs-next
config: i386-randconfig-s002-20201217 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.3-184-g1b896707-dirty
# https://github.com/0day-ci/linux/commit/11cb0575aca69504da8b7984fc7f3e439b1a2331
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Randy-Dunlap/JFS-more-checks-for-invalid-superblock/20201218-132143
git checkout 11cb0575aca69504da8b7984fc7f3e439b1a2331
# save the attached .config to linux build tree
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=i386
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
"sparse warnings: (new ones prefixed by >>)"
>> fs/jfs/jfs_mount.c:373:17: sparse: sparse: restricted __le32 degrades to integer
vim +373 fs/jfs/jfs_mount.c
324
325 jfs_info("superblock: flag:0x%08x state:0x%08x size:0x%Lx",
326 le32_to_cpu(j_sb->s_flag), le32_to_cpu(j_sb->s_state),
327 (unsigned long long) le64_to_cpu(j_sb->s_size));
328
329 /* validate the descriptors for Secondary AIM and AIT */
330 if ((j_sb->s_flag & cpu_to_le32(JFS_BAD_SAIT)) !=
331 cpu_to_le32(JFS_BAD_SAIT)) {
332 expected_AIM_bytesize = 2 * PSIZE;
333 AIM_bytesize = lengthPXD(&(j_sb->s_aim2)) * bsize;
334 expected_AIT_bytesize = 4 * PSIZE;
335 AIT_bytesize = lengthPXD(&(j_sb->s_ait2)) * bsize;
336 AIM_byte_addr = addressPXD(&(j_sb->s_aim2)) * bsize;
337 AIT_byte_addr = addressPXD(&(j_sb->s_ait2)) * bsize;
338 byte_addr_diff0 = AIT_byte_addr - AIM_byte_addr;
339 fsckwsp_addr = addressPXD(&(j_sb->s_fsckpxd)) * bsize;
340 byte_addr_diff1 = fsckwsp_addr - AIT_byte_addr;
341 if ((AIM_bytesize != expected_AIM_bytesize) ||
342 (AIT_bytesize != expected_AIT_bytesize) ||
343 (byte_addr_diff0 != AIM_bytesize) ||
344 (byte_addr_diff1 <= AIT_bytesize))
345 j_sb->s_flag |= cpu_to_le32(JFS_BAD_SAIT);
346 }
347
348 if ((j_sb->s_flag & cpu_to_le32(JFS_GROUPCOMMIT)) !=
349 cpu_to_le32(JFS_GROUPCOMMIT))
350 j_sb->s_flag |= cpu_to_le32(JFS_GROUPCOMMIT);
351
352 /* validate fs state */
353 if (j_sb->s_state != cpu_to_le32(FM_CLEAN) &&
354 !sb_rdonly(sb)) {
355 jfs_err("jfs_mount: Mount Failure: File System Dirty.");
356 rc = -EINVAL;
357 goto out;
358 }
359
360 sbi->state = le32_to_cpu(j_sb->s_state);
361 sbi->mntflag = le32_to_cpu(j_sb->s_flag);
362
363 /*
364 * JFS always does I/O by 4K pages. Don't tell the buffer cache
365 * that we use anything else (leave s_blocksize alone).
366 */
367 sbi->bsize = bsize;
368 sbi->l2bsize = le16_to_cpu(j_sb->s_l2bsize);
369
370 /* check some fields for possible corruption */
371 if (sbi->l2bsize != ilog2((u32)bsize) ||
372 j_sb->pad != 0 ||
> 373 j_sb->s_state > FM_STATE_MAX) {
374 rc = -EINVAL;
375 jfs_err("jfs_mount: Mount Failure: superblock is corrupt!");
376 goto out;
377 }
378
379 /*
380 * For now, ignore s_pbsize, l2bfactor. All I/O going through buffer
381 * cache.
382 */
383 sbi->nbperpage = PSIZE >> sbi->l2bsize;
384 sbi->l2nbperpage = L2PSIZE - sbi->l2bsize;
385 sbi->l2niperblk = sbi->l2bsize - L2DISIZE;
386 if (sbi->mntflag & JFS_INLINELOG)
387 sbi->logpxd = j_sb->s_logpxd;
388 else {
389 sbi->logdev = new_decode_dev(le32_to_cpu(j_sb->s_logdev));
390 uuid_copy(&sbi->uuid, &j_sb->s_uuid);
391 uuid_copy(&sbi->loguuid, &j_sb->s_loguuid);
392 }
393 sbi->fsckpxd = j_sb->s_fsckpxd;
394 sbi->ait2 = j_sb->s_ait2;
395
396 out:
397 brelse(bh);
398 return rc;
399 }
400
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 37675 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: kernel test robot <lkp@intel.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH] JFS: more checks for invalid superblock
Date: Fri, 18 Dec 2020 15:23:21 +0800 [thread overview]
Message-ID: <202012181528.QLtx4Ix4-lkp@intel.com> (raw)
In-Reply-To: <20201218051920.6229-1-rdunlap@infradead.org>
[-- Attachment #1: Type: text/plain, Size: 4646 bytes --]
Hi Randy,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on shaggy/jfs-next]
[also build test WARNING on linux/master linus/master v5.10 next-20201217]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Randy-Dunlap/JFS-more-checks-for-invalid-superblock/20201218-132143
base: https://github.com/kleikamp/linux-shaggy jfs-next
config: i386-randconfig-s002-20201217 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.3-184-g1b896707-dirty
# https://github.com/0day-ci/linux/commit/11cb0575aca69504da8b7984fc7f3e439b1a2331
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Randy-Dunlap/JFS-more-checks-for-invalid-superblock/20201218-132143
git checkout 11cb0575aca69504da8b7984fc7f3e439b1a2331
# save the attached .config to linux build tree
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=i386
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
"sparse warnings: (new ones prefixed by >>)"
>> fs/jfs/jfs_mount.c:373:17: sparse: sparse: restricted __le32 degrades to integer
vim +373 fs/jfs/jfs_mount.c
324
325 jfs_info("superblock: flag:0x%08x state:0x%08x size:0x%Lx",
326 le32_to_cpu(j_sb->s_flag), le32_to_cpu(j_sb->s_state),
327 (unsigned long long) le64_to_cpu(j_sb->s_size));
328
329 /* validate the descriptors for Secondary AIM and AIT */
330 if ((j_sb->s_flag & cpu_to_le32(JFS_BAD_SAIT)) !=
331 cpu_to_le32(JFS_BAD_SAIT)) {
332 expected_AIM_bytesize = 2 * PSIZE;
333 AIM_bytesize = lengthPXD(&(j_sb->s_aim2)) * bsize;
334 expected_AIT_bytesize = 4 * PSIZE;
335 AIT_bytesize = lengthPXD(&(j_sb->s_ait2)) * bsize;
336 AIM_byte_addr = addressPXD(&(j_sb->s_aim2)) * bsize;
337 AIT_byte_addr = addressPXD(&(j_sb->s_ait2)) * bsize;
338 byte_addr_diff0 = AIT_byte_addr - AIM_byte_addr;
339 fsckwsp_addr = addressPXD(&(j_sb->s_fsckpxd)) * bsize;
340 byte_addr_diff1 = fsckwsp_addr - AIT_byte_addr;
341 if ((AIM_bytesize != expected_AIM_bytesize) ||
342 (AIT_bytesize != expected_AIT_bytesize) ||
343 (byte_addr_diff0 != AIM_bytesize) ||
344 (byte_addr_diff1 <= AIT_bytesize))
345 j_sb->s_flag |= cpu_to_le32(JFS_BAD_SAIT);
346 }
347
348 if ((j_sb->s_flag & cpu_to_le32(JFS_GROUPCOMMIT)) !=
349 cpu_to_le32(JFS_GROUPCOMMIT))
350 j_sb->s_flag |= cpu_to_le32(JFS_GROUPCOMMIT);
351
352 /* validate fs state */
353 if (j_sb->s_state != cpu_to_le32(FM_CLEAN) &&
354 !sb_rdonly(sb)) {
355 jfs_err("jfs_mount: Mount Failure: File System Dirty.");
356 rc = -EINVAL;
357 goto out;
358 }
359
360 sbi->state = le32_to_cpu(j_sb->s_state);
361 sbi->mntflag = le32_to_cpu(j_sb->s_flag);
362
363 /*
364 * JFS always does I/O by 4K pages. Don't tell the buffer cache
365 * that we use anything else (leave s_blocksize alone).
366 */
367 sbi->bsize = bsize;
368 sbi->l2bsize = le16_to_cpu(j_sb->s_l2bsize);
369
370 /* check some fields for possible corruption */
371 if (sbi->l2bsize != ilog2((u32)bsize) ||
372 j_sb->pad != 0 ||
> 373 j_sb->s_state > FM_STATE_MAX) {
374 rc = -EINVAL;
375 jfs_err("jfs_mount: Mount Failure: superblock is corrupt!");
376 goto out;
377 }
378
379 /*
380 * For now, ignore s_pbsize, l2bfactor. All I/O going through buffer
381 * cache.
382 */
383 sbi->nbperpage = PSIZE >> sbi->l2bsize;
384 sbi->l2nbperpage = L2PSIZE - sbi->l2bsize;
385 sbi->l2niperblk = sbi->l2bsize - L2DISIZE;
386 if (sbi->mntflag & JFS_INLINELOG)
387 sbi->logpxd = j_sb->s_logpxd;
388 else {
389 sbi->logdev = new_decode_dev(le32_to_cpu(j_sb->s_logdev));
390 uuid_copy(&sbi->uuid, &j_sb->s_uuid);
391 uuid_copy(&sbi->loguuid, &j_sb->s_loguuid);
392 }
393 sbi->fsckpxd = j_sb->s_fsckpxd;
394 sbi->ait2 = j_sb->s_ait2;
395
396 out:
397 brelse(bh);
398 return rc;
399 }
400
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 37675 bytes --]
next prev parent reply other threads:[~2020-12-18 7:24 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-18 5:19 [PATCH] JFS: more checks for invalid superblock Randy Dunlap
2020-12-18 7:23 ` kernel test robot [this message]
2020-12-18 7:23 ` kernel test robot
2020-12-18 20:14 ` Randy Dunlap
2020-12-18 20:14 ` Randy Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202012181528.QLtx4Ix4-lkp@intel.com \
--to=lkp@intel.com \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=kbuild-all@lists.01.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rdunlap@infradead.org \
--cc=shaggy@kernel.org \
--cc=syzbot+36315852ece4132ec193@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.