From: Eric Biggers <ebiggers@kernel.org>
To: Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <chao@kernel.org>,
linux-f2fs-devel@lists.sourceforge.net
Cc: Daniel Rosenberg <drosen@google.com>,
Gabriel Krisman Bertazi <krisman@collabora.com>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
syzkaller-bugs@googlegroups.com,
syzbot+05139c4039d0679e19ff@syzkaller.appspotmail.com
Subject: [PATCH] f2fs: reject CASEFOLD inode flag without casefold feature
Date: Thu, 8 Oct 2020 12:15:22 -0700 [thread overview]
Message-ID: <20201008191522.1948889-1-ebiggers@kernel.org> (raw)
In-Reply-To: <00000000000085be6f05b12a1366@google.com>
From: Eric Biggers <ebiggers@google.com>
syzbot reported:
general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 PID: 6860 Comm: syz-executor835 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:utf8_casefold+0x43/0x1b0 fs/unicode/utf8-core.c:107
[...]
Call Trace:
f2fs_init_casefolded_name fs/f2fs/dir.c:85 [inline]
__f2fs_setup_filename fs/f2fs/dir.c:118 [inline]
f2fs_prepare_lookup+0x3bf/0x640 fs/f2fs/dir.c:163
f2fs_lookup+0x10d/0x920 fs/f2fs/namei.c:494
__lookup_hash+0x115/0x240 fs/namei.c:1445
filename_create+0x14b/0x630 fs/namei.c:3467
user_path_create fs/namei.c:3524 [inline]
do_mkdirat+0x56/0x310 fs/namei.c:3664
do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
[...]
The problem is that an inode has F2FS_CASEFOLD_FL set, but the
filesystem doesn't have the casefold feature flag set, and therefore
super_block::s_encoding is NULL.
Fix this by making sanity_check_inode() reject inodes that have
F2FS_CASEFOLD_FL when the filesystem doesn't have the casefold feature.
Reported-by: syzbot+05139c4039d0679e19ff@syzkaller.appspotmail.com
Fixes: 2c2eb7a300cd ("f2fs: Support case-insensitive file name lookups")
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
fs/f2fs/inode.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
index 2ed935c13aed..d5664bc7d6c6 100644
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -287,6 +287,13 @@ static bool sanity_check_inode(struct inode *inode, struct page *node_page)
return false;
}
+ if ((fi->i_flags & F2FS_CASEFOLD_FL) && !f2fs_sb_has_casefold(sbi)) {
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ f2fs_warn(sbi, "%s: inode (ino=%lx) has casefold flag, but casefold feature is off",
+ __func__, inode->i_ino);
+ return false;
+ }
+
if (f2fs_has_extra_attr(inode) && f2fs_sb_has_compression(sbi) &&
fi->i_flags & F2FS_COMPR_FL &&
F2FS_FITS_IN_INODE(ri, fi->i_extra_isize,
base-commit: db40330b0de9a9d9939178f48cd5fc5e3fab14de
--
2.28.0.1011.ga647a8990f-goog
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Jaegeuk Kim <jaegeuk@kernel.org>, Chao Yu <chao@kernel.org>,
linux-f2fs-devel@lists.sourceforge.net
Cc: Daniel Rosenberg <drosen@google.com>,
syzkaller-bugs@googlegroups.com, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
syzbot+05139c4039d0679e19ff@syzkaller.appspotmail.com,
Gabriel Krisman Bertazi <krisman@collabora.com>
Subject: [f2fs-dev] [PATCH] f2fs: reject CASEFOLD inode flag without casefold feature
Date: Thu, 8 Oct 2020 12:15:22 -0700 [thread overview]
Message-ID: <20201008191522.1948889-1-ebiggers@kernel.org> (raw)
In-Reply-To: <00000000000085be6f05b12a1366@google.com>
From: Eric Biggers <ebiggers@google.com>
syzbot reported:
general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 PID: 6860 Comm: syz-executor835 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:utf8_casefold+0x43/0x1b0 fs/unicode/utf8-core.c:107
[...]
Call Trace:
f2fs_init_casefolded_name fs/f2fs/dir.c:85 [inline]
__f2fs_setup_filename fs/f2fs/dir.c:118 [inline]
f2fs_prepare_lookup+0x3bf/0x640 fs/f2fs/dir.c:163
f2fs_lookup+0x10d/0x920 fs/f2fs/namei.c:494
__lookup_hash+0x115/0x240 fs/namei.c:1445
filename_create+0x14b/0x630 fs/namei.c:3467
user_path_create fs/namei.c:3524 [inline]
do_mkdirat+0x56/0x310 fs/namei.c:3664
do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
[...]
The problem is that an inode has F2FS_CASEFOLD_FL set, but the
filesystem doesn't have the casefold feature flag set, and therefore
super_block::s_encoding is NULL.
Fix this by making sanity_check_inode() reject inodes that have
F2FS_CASEFOLD_FL when the filesystem doesn't have the casefold feature.
Reported-by: syzbot+05139c4039d0679e19ff@syzkaller.appspotmail.com
Fixes: 2c2eb7a300cd ("f2fs: Support case-insensitive file name lookups")
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
fs/f2fs/inode.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
index 2ed935c13aed..d5664bc7d6c6 100644
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -287,6 +287,13 @@ static bool sanity_check_inode(struct inode *inode, struct page *node_page)
return false;
}
+ if ((fi->i_flags & F2FS_CASEFOLD_FL) && !f2fs_sb_has_casefold(sbi)) {
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ f2fs_warn(sbi, "%s: inode (ino=%lx) has casefold flag, but casefold feature is off",
+ __func__, inode->i_ino);
+ return false;
+ }
+
if (f2fs_has_extra_attr(inode) && f2fs_sb_has_compression(sbi) &&
fi->i_flags & F2FS_COMPR_FL &&
F2FS_FITS_IN_INODE(ri, fi->i_extra_isize,
base-commit: db40330b0de9a9d9939178f48cd5fc5e3fab14de
--
2.28.0.1011.ga647a8990f-goog
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2020-10-08 19:16 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-08 14:59 general protection fault in utf8_casefold syzbot
2020-10-08 19:15 ` Eric Biggers [this message]
2020-10-08 19:15 ` [f2fs-dev] [PATCH] f2fs: reject CASEFOLD inode flag without casefold feature Eric Biggers
2020-10-08 19:26 ` Gabriel Krisman Bertazi
2020-10-08 19:26 ` [f2fs-dev] " Gabriel Krisman Bertazi
2020-10-09 1:30 ` Chao Yu
2020-10-09 1:30 ` [f2fs-dev] " Chao Yu
2020-10-09 2:40 ` general protection fault in utf8_casefold syzbot
2020-10-09 2:40 ` [f2fs-dev] " syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201008191522.1948889-1-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=chao@kernel.org \
--cc=drosen@google.com \
--cc=jaegeuk@kernel.org \
--cc=krisman@collabora.com \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+05139c4039d0679e19ff@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.