* [f2fs-dev] [PATCH v3 0/1] f2fs: check position in move range ioctl @ 2020-08-30 21:45 Dan Robertson 2020-08-30 21:45 ` [f2fs-dev] [PATCH v3 1/1] " Dan Robertson 0 siblings, 1 reply; 3+ messages in thread From: Dan Robertson @ 2020-08-30 21:45 UTC (permalink / raw) To: Jaegeuk Kim, Chao Yu; +Cc: Dan Robertson, linux-f2fs-devel Changes in v3: - Check the input position as well as the output position. Changes in v2: - Moved check of output position before we lock the source or destination inode. If a negative value is provided as the output position to the F2FS_IOC_MOVE_RANGE ioctl, f2fs_get_dnode_of_data may hit a memory bug like the following: BUG: unable to handle page fault for address: ffffed10b30435a4 [...] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) ... [...] Call Trace: f2fs_get_dnode_of_data+0xa68/0xde0 [...] f2fs_reserve_block+0x3b/0x230 f2fs_get_new_data_page+0xf0/0x8b0 ? f2fs_get_lock_data_page+0x1f0/0x1f0 ? rwsem_down_write_slowpath+0x8d0/0x8d0 ? rwsem_down_read_slowpath+0x830/0x830 ? ___might_sleep+0xba/0xd0 ? f2fs_get_lock_data_page+0x17a/0x1f0 __exchange_data_block+0x11bf/0x24d0 ? f2fs_ioc_release_volatile_write+0x170/0x170 ? __might_sleep+0x31/0xd0 ? ___might_sleep+0xba/0xd0 ? rwsem_down_read_slowpath+0x830/0x830 ? __init_rwsem+0xa0/0xa0 f2fs_ioctl+0x469c/0x6980 Dan Robertson (1): f2fs: check position in move range ioctl fs/f2fs/file.c | 3 +++ 1 file changed, 3 insertions(+) _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel ^ permalink raw reply [flat|nested] 3+ messages in thread
* [f2fs-dev] [PATCH v3 1/1] f2fs: check position in move range ioctl 2020-08-30 21:45 [f2fs-dev] [PATCH v3 0/1] f2fs: check position in move range ioctl Dan Robertson @ 2020-08-30 21:45 ` Dan Robertson 2020-08-31 0:56 ` Chao Yu 0 siblings, 1 reply; 3+ messages in thread From: Dan Robertson @ 2020-08-30 21:45 UTC (permalink / raw) To: Jaegeuk Kim, Chao Yu; +Cc: Dan Robertson, linux-f2fs-devel When the move range ioctl is used, check the input and output position and ensure that it is a non-negative value. Without this check f2fs_get_dnode_of_data may hit a memmory bug. Signed-off-by: Dan Robertson <dan@dlrobertson.com> --- fs/f2fs/file.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 8a422400e824..f679fb015ee8 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2783,6 +2783,9 @@ static int f2fs_move_file_range(struct file *file_in, loff_t pos_in, if (IS_ENCRYPTED(src) || IS_ENCRYPTED(dst)) return -EOPNOTSUPP; + if (pos_out < 0 || pos_in < 0) + return -EINVAL; + if (src == dst) { if (pos_in == pos_out) return 0; _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [f2fs-dev] [PATCH v3 1/1] f2fs: check position in move range ioctl 2020-08-30 21:45 ` [f2fs-dev] [PATCH v3 1/1] " Dan Robertson @ 2020-08-31 0:56 ` Chao Yu 0 siblings, 0 replies; 3+ messages in thread From: Chao Yu @ 2020-08-31 0:56 UTC (permalink / raw) To: Dan Robertson, Jaegeuk Kim, Chao Yu; +Cc: linux-f2fs-devel On 2020/8/31 5:45, Dan Robertson wrote: > When the move range ioctl is used, check the input and output position and > ensure that it is a non-negative value. Without this check > f2fs_get_dnode_of_data may hit a memmory bug. > > Signed-off-by: Dan Robertson <dan@dlrobertson.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Thanks, _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-08-31 0:56 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-08-30 21:45 [f2fs-dev] [PATCH v3 0/1] f2fs: check position in move range ioctl Dan Robertson 2020-08-30 21:45 ` [f2fs-dev] [PATCH v3 1/1] " Dan Robertson 2020-08-31 0:56 ` Chao Yu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).