From: Zhihao Cheng <chengzhihao1@huawei.com>
To: <jack@suse.com>, <tytso@mit.edu>, <adilger.kernel@dilger.ca>
Cc: <linux-ext4@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<chengzhihao1@huawei.com>, <yi.zhang@huawei.com>
Subject: [PATCH] ext4: Fix WANRON caused by unconsistent boot loader inode's i_size and i_disksize
Date: Wed, 8 Mar 2023 11:26:43 +0800 [thread overview]
Message-ID: <20230308032643.641113-1-chengzhihao1@huawei.com> (raw)
Using corrupted ext4 image(non-zero i_size for boot loader inode) could
trigger WARNON 'i_size_read(inode) < EXT4_I(inode)->i_disksize' in
ext4_handle_inode_extension():
WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319
CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa
RIP: 0010:ext4_file_write_iter+0xbc7/0xd10
Call Trace:
vfs_write+0x3b1/0x5c0
ksys_write+0x77/0x160
__x64_sys_write+0x22/0x30
do_syscall_64+0x39/0x80
Reproducer (See Link):
1. mount corrupted ext4 image with non-zero i_size for boot loader inode
2. ioctl(fd, EXT4_IOC_SWAP_BOOT)
3. write(fd) // O_DIRECT
Fix it by setting i_disksize while first loading boot loader inode.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217159
Cc: <stable@kernel.org>
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
---
fs/ext4/ioctl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index 12435d61f09e..f9a430152063 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -431,6 +431,7 @@ static long swap_inode_boot_loader(struct super_block *sb,
ei_bl->i_flags = 0;
inode_set_iversion(inode_bl, 1);
i_size_write(inode_bl, 0);
+ EXT4_I(inode_bl)->i_disksize = inode_bl->i_size;
inode_bl->i_mode = S_IFREG;
if (ext4_has_feature_extents(sb)) {
ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
--
2.31.1
next reply other threads:[~2023-03-08 3:03 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-08 3:26 Zhihao Cheng [this message]
2023-03-08 4:31 ` [PATCH] ext4: Fix WANRON caused by unconsistent boot loader inode's i_size and i_disksize Theodore Ts'o
2023-03-11 5:16 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230308032643.641113-1-chengzhihao1@huawei.com \
--to=chengzhihao1@huawei.com \
--cc=adilger.kernel@dilger.ca \
--cc=jack@suse.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=yi.zhang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.