From: Chao Yu <yuchao0@huawei.com>
To: Randall Huang <huangrandall@google.com>, <jaegeuk@kernel.org>,
<linux-f2fs-devel@lists.sourceforge.net>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] f2fs: add boundary check in inline_data_addr
Date: Thu, 13 Jun 2019 15:09:24 +0800 [thread overview]
Message-ID: <e54b84ee-39a3-c518-8c9b-192fb9a92d27@huawei.com> (raw)
In-Reply-To: <20190612085800.11947-1-huangrandall@google.com>
Hi Randall,
On 2019/6/12 16:58, Randall Huang wrote:
> Add boundary check in case of extra_size is larger
> than sizeof array "i_addr"
>
> Signed-off-by: Randall Huang <huangrandall@google.com>
> ---
> fs/f2fs/f2fs.h | 18 ++++++++++++++----
> 1 file changed, 14 insertions(+), 4 deletions(-)
>
> diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
> index 760390f380b6..17f3858a00c3 100644
> --- a/fs/f2fs/f2fs.h
> +++ b/fs/f2fs/f2fs.h
> @@ -2660,11 +2660,25 @@ static inline bool f2fs_is_drop_cache(struct inode *inode)
> return is_inode_flag_set(inode, FI_DROP_CACHE);
> }
>
> +#define F2FS_TOTAL_EXTRA_ATTR_SIZE \
> + (offsetof(struct f2fs_inode, i_extra_end) - \
> + offsetof(struct f2fs_inode, i_extra_isize)) \
> +
> static inline void *inline_data_addr(struct inode *inode, struct page *page)
> {
> struct f2fs_inode *ri = F2FS_INODE(page);
> int extra_size = get_extra_isize(inode);
>
> + if (extra_size < 0 || extra_size > F2FS_TOTAL_EXTRA_ATTR_SIZE ||
> + extra_size % sizeof(__le32)) {
> + f2fs_msg(F2FS_I_SB(inode)->sb, KERN_ERR,
> + "%s: inode (ino=%lx) has corrupted i_extra_isize: %d, "
> + "max: %zu",
> + __func__, inode->i_ino, extra_size,
> + F2FS_TOTAL_EXTRA_ATTR_SIZE);
> + extra_size = 0;
> + }
Oh, we have already did the sanity check on .i_extra_isize field in
sanity_check_inode(), why can it be changed after that? bit-transition of cache
or memory overflow?
Thanks,
> +
> return (void *)&(ri->i_addr[extra_size + DEF_INLINE_RESERVED_SIZE]);
> }
>
> @@ -2817,10 +2831,6 @@ static inline int get_inline_xattr_addrs(struct inode *inode)
> ((is_inode_flag_set(i, FI_ACL_MODE)) ? \
> (F2FS_I(i)->i_acl_mode) : ((i)->i_mode))
>
> -#define F2FS_TOTAL_EXTRA_ATTR_SIZE \
> - (offsetof(struct f2fs_inode, i_extra_end) - \
> - offsetof(struct f2fs_inode, i_extra_isize)) \
> -
> #define F2FS_OLD_ATTRIBUTE_SIZE (offsetof(struct f2fs_inode, i_addr))
> #define F2FS_FITS_IN_INODE(f2fs_inode, extra_isize, field) \
> ((offsetof(typeof(*(f2fs_inode)), field) + \
>
WARNING: multiple messages have this Message-ID (diff)
From: Chao Yu <yuchao0@huawei.com>
To: Randall Huang <huangrandall@google.com>,
jaegeuk@kernel.org, linux-f2fs-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] f2fs: add boundary check in inline_data_addr
Date: Thu, 13 Jun 2019 15:09:24 +0800 [thread overview]
Message-ID: <e54b84ee-39a3-c518-8c9b-192fb9a92d27@huawei.com> (raw)
In-Reply-To: <20190612085800.11947-1-huangrandall@google.com>
Hi Randall,
On 2019/6/12 16:58, Randall Huang wrote:
> Add boundary check in case of extra_size is larger
> than sizeof array "i_addr"
>
> Signed-off-by: Randall Huang <huangrandall@google.com>
> ---
> fs/f2fs/f2fs.h | 18 ++++++++++++++----
> 1 file changed, 14 insertions(+), 4 deletions(-)
>
> diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
> index 760390f380b6..17f3858a00c3 100644
> --- a/fs/f2fs/f2fs.h
> +++ b/fs/f2fs/f2fs.h
> @@ -2660,11 +2660,25 @@ static inline bool f2fs_is_drop_cache(struct inode *inode)
> return is_inode_flag_set(inode, FI_DROP_CACHE);
> }
>
> +#define F2FS_TOTAL_EXTRA_ATTR_SIZE \
> + (offsetof(struct f2fs_inode, i_extra_end) - \
> + offsetof(struct f2fs_inode, i_extra_isize)) \
> +
> static inline void *inline_data_addr(struct inode *inode, struct page *page)
> {
> struct f2fs_inode *ri = F2FS_INODE(page);
> int extra_size = get_extra_isize(inode);
>
> + if (extra_size < 0 || extra_size > F2FS_TOTAL_EXTRA_ATTR_SIZE ||
> + extra_size % sizeof(__le32)) {
> + f2fs_msg(F2FS_I_SB(inode)->sb, KERN_ERR,
> + "%s: inode (ino=%lx) has corrupted i_extra_isize: %d, "
> + "max: %zu",
> + __func__, inode->i_ino, extra_size,
> + F2FS_TOTAL_EXTRA_ATTR_SIZE);
> + extra_size = 0;
> + }
Oh, we have already did the sanity check on .i_extra_isize field in
sanity_check_inode(), why can it be changed after that? bit-transition of cache
or memory overflow?
Thanks,
> +
> return (void *)&(ri->i_addr[extra_size + DEF_INLINE_RESERVED_SIZE]);
> }
>
> @@ -2817,10 +2831,6 @@ static inline int get_inline_xattr_addrs(struct inode *inode)
> ((is_inode_flag_set(i, FI_ACL_MODE)) ? \
> (F2FS_I(i)->i_acl_mode) : ((i)->i_mode))
>
> -#define F2FS_TOTAL_EXTRA_ATTR_SIZE \
> - (offsetof(struct f2fs_inode, i_extra_end) - \
> - offsetof(struct f2fs_inode, i_extra_isize)) \
> -
> #define F2FS_OLD_ATTRIBUTE_SIZE (offsetof(struct f2fs_inode, i_addr))
> #define F2FS_FITS_IN_INODE(f2fs_inode, extra_isize, field) \
> ((offsetof(typeof(*(f2fs_inode)), field) + \
>
WARNING: multiple messages have this Message-ID (diff)
From: Chao Yu <yuchao0@huawei.com>
To: Randall Huang <huangrandall@google.com>, <jaegeuk@kernel.org>,
<linux-f2fs-devel@lists.sourceforge.net>,
<linux-kernel@vger.kernel.org>
Subject: Re: [f2fs-dev] [PATCH] f2fs: add boundary check in inline_data_addr
Date: Thu, 13 Jun 2019 15:09:24 +0800 [thread overview]
Message-ID: <e54b84ee-39a3-c518-8c9b-192fb9a92d27@huawei.com> (raw)
Message-ID: <20190613070924.Sl206Qu0X1dJp-A0QbyPF2S7KL0H1ZgKlYYDTc5c41E@z> (raw)
In-Reply-To: <20190612085800.11947-1-huangrandall@google.com>
Hi Randall,
On 2019/6/12 16:58, Randall Huang wrote:
> Add boundary check in case of extra_size is larger
> than sizeof array "i_addr"
>
> Signed-off-by: Randall Huang <huangrandall@google.com>
> ---
> fs/f2fs/f2fs.h | 18 ++++++++++++++----
> 1 file changed, 14 insertions(+), 4 deletions(-)
>
> diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
> index 760390f380b6..17f3858a00c3 100644
> --- a/fs/f2fs/f2fs.h
> +++ b/fs/f2fs/f2fs.h
> @@ -2660,11 +2660,25 @@ static inline bool f2fs_is_drop_cache(struct inode *inode)
> return is_inode_flag_set(inode, FI_DROP_CACHE);
> }
>
> +#define F2FS_TOTAL_EXTRA_ATTR_SIZE \
> + (offsetof(struct f2fs_inode, i_extra_end) - \
> + offsetof(struct f2fs_inode, i_extra_isize)) \
> +
> static inline void *inline_data_addr(struct inode *inode, struct page *page)
> {
> struct f2fs_inode *ri = F2FS_INODE(page);
> int extra_size = get_extra_isize(inode);
>
> + if (extra_size < 0 || extra_size > F2FS_TOTAL_EXTRA_ATTR_SIZE ||
> + extra_size % sizeof(__le32)) {
> + f2fs_msg(F2FS_I_SB(inode)->sb, KERN_ERR,
> + "%s: inode (ino=%lx) has corrupted i_extra_isize: %d, "
> + "max: %zu",
> + __func__, inode->i_ino, extra_size,
> + F2FS_TOTAL_EXTRA_ATTR_SIZE);
> + extra_size = 0;
> + }
Oh, we have already did the sanity check on .i_extra_isize field in
sanity_check_inode(), why can it be changed after that? bit-transition of cache
or memory overflow?
Thanks,
> +
> return (void *)&(ri->i_addr[extra_size + DEF_INLINE_RESERVED_SIZE]);
> }
>
> @@ -2817,10 +2831,6 @@ static inline int get_inline_xattr_addrs(struct inode *inode)
> ((is_inode_flag_set(i, FI_ACL_MODE)) ? \
> (F2FS_I(i)->i_acl_mode) : ((i)->i_mode))
>
> -#define F2FS_TOTAL_EXTRA_ATTR_SIZE \
> - (offsetof(struct f2fs_inode, i_extra_end) - \
> - offsetof(struct f2fs_inode, i_extra_isize)) \
> -
> #define F2FS_OLD_ATTRIBUTE_SIZE (offsetof(struct f2fs_inode, i_addr))
> #define F2FS_FITS_IN_INODE(f2fs_inode, extra_isize, field) \
> ((offsetof(typeof(*(f2fs_inode)), field) + \
>
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2019-06-13 16:39 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-12 8:58 [PATCH] f2fs: add boundary check in inline_data_addr Randall Huang
2019-06-12 8:58 ` [f2fs-dev] " Randall Huang via Linux-f2fs-devel
2019-06-13 7:09 ` Chao Yu [this message]
2019-06-13 7:09 ` Chao Yu
2019-06-13 7:09 ` Chao Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e54b84ee-39a3-c518-8c9b-192fb9a92d27@huawei.com \
--to=yuchao0@huawei.com \
--cc=huangrandall@google.com \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.