From patchwork Sun Jan 29 07:55:09 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?b?5p2O5oms6Z+s?= <frank.li@vivo.com>
X-Patchwork-Id: 49944
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1660530wrn;
        Sun, 29 Jan 2023 00:23:48 -0800 (PST)
X-Google-Smtp-Source: 
 AK7set8LcMf/xZSYX5DV+TbBHOKrEZEVcpJejC83vqbyYaIjdYhaItBPCXdz0VRkfeSLENG/hi1S
X-Received: by 2002:aa7:de90:0:b0:4a0:b63a:119f with SMTP id
 j16-20020aa7de90000000b004a0b63a119fmr13410211edv.30.1674980628021;
        Sun, 29 Jan 2023 00:23:48 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1674980628; cv=pass;
        d=google.com; s=arc-20160816;
        b=wW3aD8Z2pIzxTWQImWgt68h7/+8qBl5udSZBVjgk0WXuAKRWrFCl+Qf1cy3EACHeZu
         WoNGgdBBBxXYvTnCbzy8HPwDT702RIV9duZbAw52NXhZCiyZ6jSuAl1tUfoBk8AafWo4
         AO583I9pKuGi1fUudTlzFLdZkBSej2IQcXjiw7SBCZCfMNXNhTqRnBsSLE6NMF5wC+SV
         V7YXGl3HZWCOoRhdyNTc2wG4HH7uj1EDxhicL4UVE+CSMyOVrnX94A/47h2TbUspUmD3
         Qovdc0KBiBsRK18pv9YsBtskB+mLDZ/7mi/y2ecOyvJt5654KIyyo5Xia54ov0aUR16Y
         sqXQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:mime-version:content-transfer-encoding
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=nlr7RdF6wtt6Qsh9IQnsHE28CWKpGDB4ZL13yIjjuMc=;
        b=dArM6xsw5eePgqCQLfYpb0mBFAJqp5h7LH5cRAXHTIqU5a1QhwAKDm5GfmRFjkt8P+
         S991gdNwJzwuWE5A6YA32hzEIaEFkOLkFUL8AqF+VDc3SDfJfLdsWo7/h9284ZrotHBZ
         CYs4sPnk0SlOPrcxI776V+8pgJBwAGabrJ5r+6/V0BXCfd+eeRymgAN8iUpsaLO36bpq
         0eAD5O8fymXhfshSeoxA9VvXJTxzbjtE+r7JeRyYRZQakOZWSlHITRN1pv7sxE5//7kt
         40EzpJkfqLZZN85O1DjrfnMxwHuIncnbq4pAMF5uZ0zHAKdM3o2iBsf9AgfrOsNlsit/
         XdkA==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@vivo.com header.s=selector2 header.b=JrTrnN5D;
       arc=pass (i=1 spf=pass spfdomain=vivo.com dkim=pass dkdomain=vivo.com
 dmarc=pass fromdomain=vivo.com);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=vivo.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 y3-20020a50eb03000000b0046c0f2a94dbsi11424422edp.353.2023.01.29.00.23.24;
        Sun, 29 Jan 2023 00:23:47 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@vivo.com header.s=selector2 header.b=JrTrnN5D;
       arc=pass (i=1 spf=pass spfdomain=vivo.com dkim=pass dkdomain=vivo.com
 dmarc=pass fromdomain=vivo.com);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=vivo.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231211AbjA2HzZ (ORCPT <rfc822;n2h9z4@gmail.com> + 99 others);
        Sun, 29 Jan 2023 02:55:25 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54980 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230123AbjA2HzY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 29 Jan 2023 02:55:24 -0500
Received: from APC01-PSA-obe.outbound.protection.outlook.com
 (mail-psaapc01on2123.outbound.protection.outlook.com [40.107.255.123])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C9A2C1E9D1
        for <linux-kernel@vger.kernel.org>;
 Sat, 28 Jan 2023 23:55:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=gDMztSYIWXMWPy0h6/CTWUmS8+o9bEWYfsC3BQAabt5c4yr8MKxvHmOIVnMR2X6qFCjuSpCpbtn1taBXiP2XFnlTNdLBuv0RTfvgvYTqChjvdxlYTCqpDpMVCLNQ65njzMo7YJnzVEKMsVMpgkg9y0V22DK9aD+xBU7fTzTSrYYK8UNpDZGT4weOmGj8FHLs/e6dEAEYKJTb/m7dY0wRvHj29sGRul1T0TFWcf0mMO/j/5/o+/WQVGDzzl14YPa1//RbLXTAtqKLQOV7PUXKigjgBSyWAg+4yiC6JJGuU0JmD1yuRhDEBwji/Jzhumd32KRH/kexvrFDW1YwJqLmDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=nlr7RdF6wtt6Qsh9IQnsHE28CWKpGDB4ZL13yIjjuMc=;
 b=Qgfg6oO9HxAMTiDUfkEIudEyi9g2o2JvRnBuw/kYosgvhSTmGulb+W4PwvhcGzcdci6+VV40ymJzUKPPT7T1Ur3+YhMMea+1hVTd5+Nmj+8VW16WWJnRRbDA8EMWmkXsdky3DaxG1QvyyGSZU7rAuRQCiLO/tFEgKOzvkNR5eUxQTVJvJmLzw6/jvRpiGX5h5uY+Qwx/6jKnCW+McqsNYKQuMTjEuRn6JmqVG5QUmxqyc5l/P/nKaOHVOSGYFoRuxcebnMISHeQqkPbMzYeo9e/8HIW8Ts5LlkvL+LcGzmQ5+b+bPf6XIj9Jfd5xQ+NnaK0/2ptLmXFaftDOK/YrLw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=vivo.com; dmarc=pass action=none header.from=vivo.com;
 dkim=pass header.d=vivo.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vivo.com; s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=nlr7RdF6wtt6Qsh9IQnsHE28CWKpGDB4ZL13yIjjuMc=;
 b=JrTrnN5DEY1R0eD88irCayXLhOlz5oPN2A+uqPqJAXdY6jUqWWbsqrvlGNAa8b3max1Gn05qTdMgm6txiR4TXswHhTOM+HAPtjL5/PTZLhkBzTd90NVySx1pYNwf5ONI5ZcCFl+vnw716Y9/P5iOv2jK3tV1AX43raR66nZ+dGAKsjqoOtvAqE8+gXV1fmlbm14qAUNsQwpoU6PL1KKnLf07K2WI8NnrKvFbpp/XMRbAk89WYX59ZLuXS98IQJ5F9JlLr4D6gwNt/IPb4ZLt8vxyeN2hcpKEoS7+cTJlUemxNlNiyv710di7LFF/9bzyCD/14INasU5IA3NnoOTk2A==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=vivo.com;
Received: from SEZPR06MB5269.apcprd06.prod.outlook.com (2603:1096:101:78::6)
 by TYZPR06MB3982.apcprd06.prod.outlook.com (2603:1096:400:27::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.19; Sun, 29 Jan
 2023 07:55:19 +0000
Received: from SEZPR06MB5269.apcprd06.prod.outlook.com
 ([fe80::3e52:d08c:ecf4:d572]) by SEZPR06MB5269.apcprd06.prod.outlook.com
 ([fe80::3e52:d08c:ecf4:d572%5]) with mapi id 15.20.6064.017; Sun, 29 Jan 2023
 07:55:19 +0000
From: Yangtao Li <frank.li@vivo.com>
To: jaegeuk@kernel.org, chao@kernel.org
Cc: linux-f2fs-devel@lists.sourceforge.net,
        linux-kernel@vger.kernel.org, Yangtao Li <frank.li@vivo.com>,
        syzbot+fea4bcda5eb938ee88ed@syzkaller.appspotmail.com
Subject: [PATCH] f2fs: fix shift-out-of-bounds in f2fs_fill_super
Date: Sun, 29 Jan 2023 15:55:09 +0800
Message-Id: <20230129075509.37107-1-frank.li@vivo.com>
X-Mailer: git-send-email 2.35.1
X-ClientProxiedBy: SI1PR02CA0002.apcprd02.prod.outlook.com
 (2603:1096:4:1f7::16) To SEZPR06MB5269.apcprd06.prod.outlook.com
 (2603:1096:101:78::6)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SEZPR06MB5269:EE_|TYZPR06MB3982:EE_
X-MS-Office365-Filtering-Correlation-Id: d1c77aa5-3ba1-4b63-70b3-08db01ce2a70
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 URyH8cy/cfwVetWjM1YJPwdWtiJRNRFPfJtuGam8h1vhDbLhzO/MtXMpHlh1N0m7w5oP0oaZ8wploHoY/mT8lNOeNZPaQuUD0DKrc1C9IxC0BX3Xf60ifo01obMRfV6WNz7FSosV8qmZQQsyBje20G2OvhNrSICM2kalL/0RNBqlvRyGqDP1NkRBcI8fRF3LHYU0iJHK7U2xGWAjLrPKg4sRVrXqXWyAt0y/sGlvFFa1rqsfT/4xOe6L9O1e8IhR2KZs3E2/CmOtg70SW54H5qDy3njTgl3wWIf9wPaIJCbwo8PD/4lr655LOdMPk4loGMW9e63J8KHUZ0Lucm9G0g68JtKLKAgZTPK2S3PhrxnP8YYJyYwiPvy5wMmX5Z1dFFPpP9QGBGcOtd7HxZ/xP+fkE5amo6JS8xi4GyJx37Uj4HBA+3ZQQNbEjZq/OzFaXs/1EM7bFOXISgbN3vJzuRzlK+/mwOQA+KEH24/VdKEiEfGZmW0r5pFVkxsbnbrRaYZ/S7g0T+7Vhk3Fs6SwXmciU2H56J2j0ienQPH5khORvENN6AmSTbIUxgsUlzQNn0ZKwvHSO/JMrBvs/CQfqtMLaaVguCA3VoZGnwimbgA9Jaq9WfdRwi8Nx+1ewkYcrW0g/2B/EDIglvCniW9IhK7DAkT0TeYLzX7x9tpL/496BE1jyFywCvUr8eAhpdjhQZoP/BNEuQM6CFTu3RZe8g==
X-Forefront-Antispam-Report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SEZPR06MB5269.apcprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(39850400004)(396003)(366004)(136003)(346002)(376002)(451199018)(36756003)(316002)(4326008)(8936002)(41300700001)(66946007)(66556008)(66476007)(8676002)(86362001)(38350700002)(38100700002)(6506007)(1076003)(6666004)(26005)(186003)(52116002)(6512007)(5660300002)(2906002)(83380400001)(6486002)(478600001)(2616005);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 spcdjgTbdnLucwUsXVUFgpSLvskZPfLfxLKCQ0hHCHLffKZI0s4ZNC45kP+TQVXM2MFqRwC+S14uTwS/XO+brWc99zI+8GkSGbKrBfp3aGaqoCn9SFwa8h34Z9wKCiDArsTg4XBPrbpI4L5zyan9p+NeyjtopBG80fHLiuN6FehmaxTZJKJdx9AUpW4L3SaUoQziH6XS8dSF+jZfUw4lNbgJh35qDequTEguaJUFscaLpRLsDXGrMFR87gAtd/TwAz+djJkjILncS34MFBL/PLQV6VO5DpN/bLmF/GrBzwJLSyEqraISnuau3+JPyiMpO4TdR0tWUCwDwC2KnrjX8ZdeRNf0jolzWxK0fzhjMXJlfIxPh9oSyewTdng0D1+SkirAUHsOTJ4P6W05rXjoiasEKKGLHPdQMTmrPPSWlgQs9OdNfMWTB1fXZHd8AnSYUlcgNZl6tQaNQfm6B+PdfEa25p+ZE66uyrwom08oICmiC1fToL2wF9JSbZNKlzd7JdHFM2WLwm3+Ab+ljxmj0VPKgBWbFp7/AwtOxLKjTmRJb2tIDvTKzyqsFvuWePtZw7NQIQrq80rKbQB2ZHXFs2MZdkylBJ0LIkznB3ThcSqBdd58DLwZKlc7ZEaqR/iqL7wErkmqZwv2yJ+/81GVO8Y/DiBuYh9yLQnWqKTBn+ccUMC11D6C9+GKhPqOH49ciJX/78nCpgmM22c56DzWOfAMlPx5V87BkAws0vu2Zl3PQKyPLwMJKcv4egpHB/OJ66/JshO09iYVlnBkUMZVt1FgzloS6jPfdwjdQCFj1xL2W0M2YUSxTeHC3LwAGHZj7M/c/uUTfpqSj9TtujUrMdKwPE6n6E3iBP56LVAyKwBftEFGSswx1XmA42RvEm/u+MxG89YE6ouuP/0oQol4Y9yHHwE8buoD6rM9NqDdkynQCJXSCi+VxiytpDNsHqVep9mVo4+p4DZdlHG9srRb5aGiup2g9Pi+1dVH/qIwg1IGyk+O/QsSqEbj6CeRwxSvICFXIWLESrfb0mtLEqnoVadPTkJDkct9K6SovZpnn2YwllcS20Vc/u15dz9JdM7bG4PctgVSi7O6QxbJz3b+kmgpgatGD6ptppm/1QI7rTzRhpR9bOJd1wH4D7mb/DHiMf/Ec4r6OUhIW6A3dFQXmB26UHxGUpM9Rbr3JV14uSj3vCcUljkTBDcYDiJbmNUwXRerX3pj5vVQlTAlneO3T4pgJoeA51XzqcHSu5hdTWSCat53M3+IZ9wjzS27r/A7vEHROtNBUfEY3FxA3JpjC2Xl6ZRDpOeRD18pmE7djmYGbitu0ZnSY4zl5IzVGFC6MKyLFdsGO4TuZi4rinz067r7B9a6OLGZ440Zrcp8geb5QAOPryl/BqIDARTvPZ1qHoKmXiuln8AWJtpgeil+/+4GZOMf5t+bVEhwpR3RtVMM5LxTV05t59Mj7fWE82WF+uWKxLl3iZBHlf4qB6jWu44MGGchZkem9IPDXeqM4jRTpSlB6bqRr5wckKdmoGZ609A4BTXMBmonzXKkB0UsNRcGNLXXqvLzlhXx2IvrNGMqB3iygZFexcKUC92fXMZQ
X-OriginatorOrg: vivo.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 d1c77aa5-3ba1-4b63-70b3-08db01ce2a70
X-MS-Exchange-CrossTenant-AuthSource: SEZPR06MB5269.apcprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jan 2023 07:55:19.1834
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 923e42dc-48d5-4cbe-b582-1a797a6412ed
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 0lKyhjfIcG46OjMt+MWOAmk00Kkjs+QFkyENMV89XqUw3A+0oEeqsF4M213oFm+lsQH7j0kC1o2mOThna0EI/Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYZPR06MB3982
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1756344487193308904?=
X-GMAIL-MSGID: =?utf-8?q?1756344487193308904?=

syzbot reported a bug which could cause shift-out-of-bounds issue:

UBSAN: shift-out-of-bounds in fs/f2fs/super.c:4184:41
shift exponent 613 is too large for 64-bit type 'loff_t' (aka 'long long')
CPU: 1 PID: 5467 Comm: syz-executor.0 Not tainted 6.2.0-rc5-syzkaller #0
Hardware name: Google Compute Engine/Google Compute Engine,
	BIOS Google 01/12/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_shift_out_of_bounds+0x33d/0x3a0 lib/ubsan.c:321
 f2fs_fill_super+0x5518/0x6ee0 fs/f2fs/super.c:4184
 mount_bdev+0x26c/0x3a0 fs/super.c:1359
 legacy_get_tree+0xea/0x180 fs/fs_context.c:610
 vfs_get_tree+0x88/0x270 fs/super.c:1489
 do_new_mount+0x289/0xad0 fs/namespace.c:3145
 do_mount fs/namespace.c:3488 [inline]
 __do_sys_mount fs/namespace.c:3697 [inline]
 __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
 </TASK>

Since currently only 4kb block size is supported by f2fs,
let's use 4kb directly to avoid triggering UBSAN exception.

Reported-by: syzbot+fea4bcda5eb938ee88ed@syzkaller.appspotmail.com
Signed-off-by: Yangtao Li <frank.li@vivo.com>
---
 fs/f2fs/super.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index d8a65645ee48..41c2bbd3e719 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -4174,8 +4174,8 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
 	if (err)
 		goto free_options;
 
-	sb->s_maxbytes = max_file_blocks(NULL) <<
-				le32_to_cpu(raw_super->log_blocksize);
+	/* Currently, support only 4KB block size */
+	sb->s_maxbytes = max_file_blocks(NULL) << F2FS_BLKSIZE_BITS;
 	sb->s_max_links = F2FS_LINK_MAX;
 
 	err = f2fs_setup_casefold(sbi);