From patchwork Fri Jan 27 13:22:02 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ryusuke Konishi <konishi.ryusuke@gmail.com>
X-Patchwork-Id: 49398
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp834761wrn;
        Fri, 27 Jan 2023 05:31:58 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXvv0U42abFiKdPfN7K4ULMOsnGyH4/Wq6/wZeIJbjoWtPpP8f0iGK1AdYlQw+vLDaUHGrYR
X-Received: by 2002:a17:90a:7802:b0:229:4a88:47de with SMTP id
 w2-20020a17090a780200b002294a8847demr40324165pjk.13.1674826318247;
        Fri, 27 Jan 2023 05:31:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1674826318; cv=none;
        d=google.com; s=arc-20160816;
        b=YYMm3uJXRGgfNgIZ4bG839NfTtm7IwRe2yx8l2Kd5G+hYqMdCjEO98rjfIohz3HtPV
         OFCdX50Gmzs2lPndlWYjmKL4NzusqDOpMqcD8rIt3RpY1taa/9TG0rh82y3w0b+LvXBV
         dMwciexrIo16hRWXPaGkBmIsUKZdQZZ6jbPelG/vE2dc0IQrZSvoyF6NRs1AP0z+zyAm
         k6rSJmGNfRMeY10PY713Aylt858i1V9I8sXEOxBuLINHJhGjlCIYS3aBiCii67Mtie+c
         9ID9OZxYW/jb3kRFUqoKynEMN8RMQAbybgo2T//1M9NymB0j1xTpic2HCXlyPXDS1eD2
         wn7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=5j29kml6zIepJZzNZLhnsejuRvqVcZnRr54YcbRqQ4s=;
        b=w2xFgFrIb4pR+ObomCBfxwZTMXLWWn1SxQaGA2iZoCA33xGz/pveu/4GEpZ5tFTj6j
         hnC0yzPdQpnMP3LaboJGV0PzNlTWBgz/hAziiILniGqDJvqBxEJUAfByF2YhzR/GRFHm
         00dOWlsqd2moT6Nc9nmcI1Kaeo3C+Rb2CdfOrA2ZlYQH9q+7bm9oin5+eBOmAcf380vH
         unK+45Q6V6zNqi9V82eD45DiwP7h94sOTxfgz9cVpQdJ9zjkBOXnsl2hQ4gbCVgGWl/k
         aMi7/DxlnFjpSrowsqKQjf4ba4/K2yMhborRc7SE/aA6GqXpVmwrYeJMxu1ZMXdFI8cy
         7RQw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b="NAD/8CLe";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 n10-20020a17090ade8a00b00210d1aeabc1si6309582pjv.188.2023.01.27.05.31.45;
        Fri, 27 Jan 2023 05:31:58 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b="NAD/8CLe";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234711AbjA0NXZ (ORCPT <rfc822;lekhanya01809@gmail.com>
        + 99 others); Fri, 27 Jan 2023 08:23:25 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41158 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234149AbjA0NXW (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 27 Jan 2023 08:23:22 -0500
Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com
 [IPv6:2607:f8b0:4864:20::633])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D017D80148;
        Fri, 27 Jan 2023 05:23:20 -0800 (PST)
Received: by mail-pl1-x633.google.com with SMTP id x5so1444694plr.2;
        Fri, 27 Jan 2023 05:23:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=5j29kml6zIepJZzNZLhnsejuRvqVcZnRr54YcbRqQ4s=;
        b=NAD/8CLetbneQ3aGVzaDGDWFro/8aJ2Y/tSZS1ISbz5SE2Vikv/Ho49ojlXLmKtdt4
         yBBvYT2ZX5Pd8ja+Rct0Bifa6avxL3n8l4/5QvNAMOf+xX97YR0r41ZkDNiNRkNzUyfH
         FhXGHiQtte0nX6akxLxU6+B5YPEn8RKHEGNEy5AEgoRBCcssc2g/MD5MRpy+KmHWX4Yq
         BvxYgn6w3GisTfZnmzPjJ22aLGJ4ra8gB4uHNGxsuPhxSQArlQTNt/4JGJdR8+EiMbST
         8S+LSK+RUpgHtN2rDI9Wdew1YbpTyTO/MmA6hAqIfT/lQUchyv/vO42sj0RSx7WWIkVq
         BWmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=5j29kml6zIepJZzNZLhnsejuRvqVcZnRr54YcbRqQ4s=;
        b=lYQkXEm+jPVs2aedQ7VZh9BCsRuK0p/jCejZJXXUfgh4LaEsI3vWVnyptgBWtP43MK
         rMGNZTL91uPqrHmo6MN/gmNHZ2aGC51KMv2JTHr2ZSNhHT8smv2qrxLIFIuQ+trVI1cI
         Ayr/FO7ElbGyzioSnMJGag40LrXQtbDOgVT06569bNGu+z0+e52ac6xAzL3ExsBxeiNn
         ZcedVBc/d6vpXS2JAOEyzKsYr7B9bZY5jvwT2o8Un7qH6IehLS2kjrdLnFFy1UC7UcnV
         9tcULD2GYngdgPvbYy2CpGShfZOe8uLopsjZEdSzHwI3qLpU3r2njO/M8L+8cJB0FyIm
         cqQA==
X-Gm-Message-State: AFqh2komGW7YL1M/rMDWDCaqGURoicjRovqXFpC4vhLgl7VGGLfnnH7p
        xY4LANFAQBsoKy6MxKzYp90=
X-Received: by 2002:a17:902:7089:b0:194:6414:12db with SMTP id
 z9-20020a170902708900b00194641412dbmr37789473plk.56.1674825799976;
        Fri, 27 Jan 2023 05:23:19 -0800 (PST)
Received: from carrot.. (i223-217-149-217.s42.a014.ap.plala.or.jp.
 [223.217.149.217])
        by smtp.gmail.com with ESMTPSA id
 jo8-20020a170903054800b001946a3f4d9csm2870264plb.38.2023.01.27.05.23.17
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 27 Jan 2023 05:23:19 -0800 (PST)
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-nilfs <linux-nilfs@vger.kernel.org>,
        syzbot <syzbot+cbff7a52b6f99059e67f@syzkaller.appspotmail.com>,
        syzkaller-bugs@googlegroups.com,
        LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH] nilfs2: prevent WARNING in nilfs_dat_commit_end()
Date: Fri, 27 Jan 2023 22:22:02 +0900
Message-Id: <20230127132202.6083-1-konishi.ryusuke@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <000000000000154d2c05e9ec7df6@google.com>
References: <000000000000154d2c05e9ec7df6@google.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
        RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1756182681465996214?=
X-GMAIL-MSGID: =?utf-8?q?1756182681465996214?=

If nilfs2 reads a corrupted disk image and its DAT metadata file contains
invalid lifetime data for a virtual block number, a kernel warning can be
generated by the WARN_ON check in nilfs_dat_commit_end() and can panic
if the kernel is booted with panic_on_warn.

This patch avoids the issue with a sanity check that treats it as an
error.

Since error return is not allowed in the execution phase of
nilfs_dat_commit_end(), this inserts that sanity check in
nilfs_dat_prepare_end(), which prepares for nilfs_dat_commit_end().

As the error code, -EINVAL is returned to notify bmap layer of the
metadata corruption.  When the bmap layer sees this code, it handles the
abnormal situation and replaces the return code with -EIO as it should.

Link: https://lkml.kernel.org/r/000000000000154d2c05e9ec7df6@google.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+cbff7a52b6f99059e67f@syzkaller.appspotmail.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
---
Andrew, please add this patch to the queue.  This fixes another
WARN_ON hit in fs/nilfs2/dat.c for a corrupted disk image pattern.

Thanks,
Ryusuke Konishi

fs/nilfs2/dat.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c
index 1e7f653c1df7..9cf6ba58f585 100644
--- a/fs/nilfs2/dat.c
+++ b/fs/nilfs2/dat.c
@@ -158,6 +158,7 @@ void nilfs_dat_commit_start(struct inode *dat, struct nilfs_palloc_req *req,
 int nilfs_dat_prepare_end(struct inode *dat, struct nilfs_palloc_req *req)
 {
 	struct nilfs_dat_entry *entry;
+	__u64 start;
 	sector_t blocknr;
 	void *kaddr;
 	int ret;
@@ -169,6 +170,7 @@ int nilfs_dat_prepare_end(struct inode *dat, struct nilfs_palloc_req *req)
 	kaddr = kmap_atomic(req->pr_entry_bh->b_page);
 	entry = nilfs_palloc_block_get_entry(dat, req->pr_entry_nr,
 					     req->pr_entry_bh, kaddr);
+	start = le64_to_cpu(entry->de_start);
 	blocknr = le64_to_cpu(entry->de_blocknr);
 	kunmap_atomic(kaddr);
 
@@ -179,6 +181,15 @@ int nilfs_dat_prepare_end(struct inode *dat, struct nilfs_palloc_req *req)
 			return ret;
 		}
 	}
+	if (unlikely(start > nilfs_mdt_cno(dat))) {
+		nilfs_err(dat->i_sb,
+			  "vblocknr = %llu has abnormal lifetime: start cno (= %llu) > current cno (= %llu)",
+			  (unsigned long long)req->pr_entry_nr,
+			  (unsigned long long)start,
+			  (unsigned long long)nilfs_mdt_cno(dat));
+		nilfs_dat_abort_entry(dat, req);
+		return -EINVAL;
+	}
 
 	return 0;
 }