* [f2fs-dev] [PATCH v3 0/1] f2fs: check position in move range ioctl
@ 2020-08-30 21:45 Dan Robertson
2020-08-30 21:45 ` [f2fs-dev] [PATCH v3 1/1] " Dan Robertson
0 siblings, 1 reply; 3+ messages in thread
From: Dan Robertson @ 2020-08-30 21:45 UTC (permalink / raw)
To: Jaegeuk Kim, Chao Yu; +Cc: Dan Robertson, linux-f2fs-devel
Changes in v3:
- Check the input position as well as the output position.
Changes in v2:
- Moved check of output position before we lock the source or
destination inode.
If a negative value is provided as the output position to the
F2FS_IOC_MOVE_RANGE ioctl, f2fs_get_dnode_of_data may hit a memory
bug like the following:
BUG: unable to handle page fault for address: ffffed10b30435a4
[...]
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) ...
[...]
Call Trace:
f2fs_get_dnode_of_data+0xa68/0xde0
[...]
f2fs_reserve_block+0x3b/0x230
f2fs_get_new_data_page+0xf0/0x8b0
? f2fs_get_lock_data_page+0x1f0/0x1f0
? rwsem_down_write_slowpath+0x8d0/0x8d0
? rwsem_down_read_slowpath+0x830/0x830
? ___might_sleep+0xba/0xd0
? f2fs_get_lock_data_page+0x17a/0x1f0
__exchange_data_block+0x11bf/0x24d0
? f2fs_ioc_release_volatile_write+0x170/0x170
? __might_sleep+0x31/0xd0
? ___might_sleep+0xba/0xd0
? rwsem_down_read_slowpath+0x830/0x830
? __init_rwsem+0xa0/0xa0
f2fs_ioctl+0x469c/0x6980
Dan Robertson (1):
f2fs: check position in move range ioctl
fs/f2fs/file.c | 3 +++
1 file changed, 3 insertions(+)
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* [f2fs-dev] [PATCH v3 1/1] f2fs: check position in move range ioctl
2020-08-30 21:45 [f2fs-dev] [PATCH v3 0/1] f2fs: check position in move range ioctl Dan Robertson
@ 2020-08-30 21:45 ` Dan Robertson
2020-08-31 0:56 ` Chao Yu
0 siblings, 1 reply; 3+ messages in thread
From: Dan Robertson @ 2020-08-30 21:45 UTC (permalink / raw)
To: Jaegeuk Kim, Chao Yu; +Cc: Dan Robertson, linux-f2fs-devel
When the move range ioctl is used, check the input and output position and
ensure that it is a non-negative value. Without this check
f2fs_get_dnode_of_data may hit a memmory bug.
Signed-off-by: Dan Robertson <dan@dlrobertson.com>
---
fs/f2fs/file.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 8a422400e824..f679fb015ee8 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -2783,6 +2783,9 @@ static int f2fs_move_file_range(struct file *file_in, loff_t pos_in,
if (IS_ENCRYPTED(src) || IS_ENCRYPTED(dst))
return -EOPNOTSUPP;
+ if (pos_out < 0 || pos_in < 0)
+ return -EINVAL;
+
if (src == dst) {
if (pos_in == pos_out)
return 0;
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [f2fs-dev] [PATCH v3 1/1] f2fs: check position in move range ioctl
2020-08-30 21:45 ` [f2fs-dev] [PATCH v3 1/1] " Dan Robertson
@ 2020-08-31 0:56 ` Chao Yu
0 siblings, 0 replies; 3+ messages in thread
From: Chao Yu @ 2020-08-31 0:56 UTC (permalink / raw)
To: Dan Robertson, Jaegeuk Kim, Chao Yu; +Cc: linux-f2fs-devel
On 2020/8/31 5:45, Dan Robertson wrote:
> When the move range ioctl is used, check the input and output position and
> ensure that it is a non-negative value. Without this check
> f2fs_get_dnode_of_data may hit a memmory bug.
>
> Signed-off-by: Dan Robertson <dan@dlrobertson.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Thanks,
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-08-31 0:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-30 21:45 [f2fs-dev] [PATCH v3 0/1] f2fs: check position in move range ioctl Dan Robertson
2020-08-30 21:45 ` [f2fs-dev] [PATCH v3 1/1] " Dan Robertson
2020-08-31 0:56 ` Chao Yu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).