linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] f2fs: compress: fix NULL pointer dereference
@ 2020-01-03  9:50 Chao Yu
  0 siblings, 0 replies; only message in thread
From: Chao Yu @ 2020-01-03  9:50 UTC (permalink / raw)
  To: jaegeuk; +Cc: linux-f2fs-devel, linux-kernel, chao, Chao Yu

 BUG: kernel NULL pointer dereference, address: 0000000000000000
 #PF: supervisor read access in kernel mode
 #PF: error_code(0x0000) - not-present page
 PGD 0 P4D 0
 Oops: 0000 [#1] SMP PTI
 CPU: 11 PID: 70359 Comm: kworker/u256:4 Tainted: G           OE     5.5.0-rc1 #36
 Hardware name: Xen HVM domU, BIOS 4.1.2_115-908.790. 06/05/2017
 Workqueue: writeback wb_workfn (flush-251:0)
 RIP: 0010:f2fs_write_single_data_page+0x4f/0x700 [f2fs]
 Call Trace:
  ? __next_timer_interrupt+0xc0/0xc0
  ? finish_wait+0x32/0x70
  ? congestion_wait+0xa5/0x120
  f2fs_write_multi_pages+0xc7/0x810 [f2fs]
  f2fs_write_cache_pages+0x6c0/0x790 [f2fs]
  ? select_task_rq_fair+0x584/0x800
  ? atomic_notifier_chain_unregister+0x30/0x70
  ? __set_page_dirty_nobuffers+0x101/0x150
  f2fs_write_data_pages+0x2cd/0x320 [f2fs]
  ? f2fs_update_inode+0x9c/0x4f0 [f2fs]
  ? do_writepages+0x1a/0x60
  do_writepages+0x1a/0x60
  __writeback_single_inode+0x3d/0x340
  writeback_sb_inodes+0x225/0x4a0
  wb_writeback+0xf7/0x320
  ? wb_workfn+0xa8/0x450
  ? _raw_spin_unlock_bh+0xa/0x20
  wb_workfn+0xa8/0x450
  ? finish_task_switch+0x75/0x2a0
  process_one_work+0x15e/0x3e0
  worker_thread+0x4c/0x440
  ? rescuer_thread+0x350/0x350
  kthread+0xf8/0x130
  ? kthread_unpark+0x70/0x70
  ret_from_fork+0x35/0x40

In scenario of truncate vs writeback, we need to check page's mapping
before access it during writeback.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
---
 fs/f2fs/compress.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fs/f2fs/compress.c b/fs/f2fs/compress.c
index fa67ffd9d79d..9e8fba78db4d 100644
--- a/fs/f2fs/compress.c
+++ b/fs/f2fs/compress.c
@@ -932,6 +932,7 @@ static int f2fs_write_raw_pages(struct compress_ctx *cc,
 					enum iostat_type io_type,
 					bool compressed)
 {
+	struct address_space *mapping = cc->inode->i_mapping;
 	int i, _submitted;
 	int ret, err = 0;
 
@@ -939,6 +940,11 @@ static int f2fs_write_raw_pages(struct compress_ctx *cc,
 		if (!cc->rpages[i])
 			continue;
 retry_write:
+		if (cc->rpages[i]->mapping != mapping) {
+			unlock_page(cc->rpages[i]);
+			continue;
+		}
+
 		BUG_ON(!PageLocked(cc->rpages[i]));
 
 		ret = f2fs_write_single_data_page(cc->rpages[i], &_submitted,
-- 
2.18.0.rc1


^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2020-01-03  9:50 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-03  9:50 [PATCH] f2fs: compress: fix NULL pointer dereference Chao Yu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).