Re: [PATCH 4.19 026/239] f2fs: fix to do sanity check in is_alive()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2022/1/25 4:36, Pavel Machek wrote:
Hi!

From: Chao Yu <chao@xxxxxxxxxx>

commit 77900c45ee5cd5da63bd4d818a41dbdf367e81cd upstream.

In fuzzed image, SSA table may indicate that a data block belongs to
invalid node, which node ID is out-of-range (0, 1, 2 or max_nid), in
order to avoid migrating inconsistent data in such corrupted image,
let's do sanity check anyway before data block migration.

This may be good idea, but AFAICT this leads to leak of page reference.

Hi Pavel,

Oops, you're right, my bad.


+++ b/fs/f2fs/gc.c
@@ -589,6 +589,9 @@ static bool is_alive(struct f2fs_sb_info
  		set_sbi_flag(sbi, SBI_NEED_FSCK);
  	}
+ if (f2fs_check_nid_range(sbi, dni->ino))
+		return false;
+
  	*nofs = ofs_of_node(node_page);
  	source_blkaddr = datablock_addr(NULL, node_page, ofs_in_node);
  	f2fs_put_page(node_page, 1);

AFAICT f2fs_put_page() needs to be done in the error path, too.

(Problem seems to exist in mainline, too).

Something like this?

Could you please send a formal patch to f2fs mailing list for better review?

Anyway, thanks a lot for the report and the patch!

Thanks,


Signed-off-by: Pavel Machek <pavel@xxxxxxx>

Best regards,
								Pavel

diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c
index ee308a8de432..e020804f7b07 100644
--- a/fs/f2fs/gc.c
+++ b/fs/f2fs/gc.c
@@ -1038,8 +1038,10 @@ static bool is_alive(struct f2fs_sb_info *sbi, struct f2fs_summary *sum,
  		set_sbi_flag(sbi, SBI_NEED_FSCK);
  	}
- if (f2fs_check_nid_range(sbi, dni->ino))
+	if (f2fs_check_nid_range(sbi, dni->ino)) {
+		f2fs_put_page(node_page, 1);
  		return false;
+	}
*nofs = ofs_of_node(node_page);
  	source_blkaddr = data_blkaddr(NULL, node_page, ofs_in_node);





[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux