Patch "f2fs: fix to detect inconsistent nat entry during truncation" has been added to the 6.9-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 21 Jun 2024 11:43:10 -0400

This is a note to let you know that I've just added the patch titled

    f2fs: fix to detect inconsistent nat entry during truncation

to the 6.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     f2fs-fix-to-detect-inconsistent-nat-entry-during-tru.patch
and it can be found in the queue-6.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit deeb3102f02310f6d207ee0fd505976bc9479386
Author: Chao Yu <chao@xxxxxxxxxx>
Date:   Fri Mar 22 22:59:55 2024 +0800

    f2fs: fix to detect inconsistent nat entry during truncation
    
    [ Upstream commit 92c556ed6318e13c16746495a8d4513129eb9b0f ]
    
    As Roman Smirnov reported as below:
    
    "
    There is a possible bug in f2fs_truncate_inode_blocks():
    
        if (err < 0 && err != -ENOENT)
                            goto fail;
            ...
            offset[1] = 0;
            offset[0]++;
            nofs += err;
    
    If err = -ENOENT then nofs will sum with an error code,
    which is strange behaviour. Also if nofs < ENOENT this will
    cause an overflow. err will be equal to -ENOENT with the
    following call stack:
    
    truncate_nodes()
      f2fs_get_node_page()
         __get_node_page()
            read_node_page()
    "
    
    If nat is corrupted, truncate_nodes() may return -ENOENT, and
    f2fs_truncate_inode_blocks() doesn't handle such error correctly,
    fix it.
    
    Reported-by: Roman Smirnov <r.smirnov@xxxxxx>
    Closes: https://lore.kernel.org/linux-f2fs-devel/085b27fd2b364a3c8c3a9ca77363e246@xxxxxx
    Signed-off-by: Chao Yu <chao@xxxxxxxxxx>
    Signed-off-by: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index 7df5ad84cb5ea..15c9a9f5750bc 100644
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -1187,7 +1187,17 @@ int f2fs_truncate_inode_blocks(struct inode *inode, pgoff_t from)
 		default:
 			BUG();
 		}
-		if (err < 0 && err != -ENOENT)
+		if (err == -ENOENT) {
+			set_sbi_flag(F2FS_P_SB(page), SBI_NEED_FSCK);
+			f2fs_handle_error(sbi, ERROR_INVALID_BLKADDR);
+			f2fs_err_ratelimited(sbi,
+				"truncate node fail, ino:%lu, nid:%u, "
+				"offset[0]:%d, offset[1]:%d, nofs:%d",
+				inode->i_ino, dn.nid, offset[0],
+				offset[1], nofs);
+			err = 0;
+		}
+		if (err < 0)
 			goto fail;
 		if (offset[1] == 0 &&
 				ri->i_nid[offset[0] - NODE_DIR1_BLOCK]) {







