Bug 200423
Summary: | Out-of-bound access in f2fs_get_dnode_of_data() when operating file on an f2fs image | ||
---|---|---|---|
Product: | File System | Reporter: | Wen Xu (wen.xu) |
Component: | f2fs | Assignee: | F2FS development list (linux-f2fs-devel) |
Status: | RESOLVED CODE_FIX | ||
Severity: | normal | CC: | chao, wen.xu, yuchaochina |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 4.18 | Subsystem: | |
Regression: | No | Bisected commit-id: | |
Attachments: | The (compressed) crafted image which causes crash |
Description
Wen Xu
2018-07-05 19:06:59 UTC
With last code in f2fs-dev branch of my git tree, it show below dmesg on mount: [78225.530123] F2FS-fs (loop1): Invalid segment count (0) [78225.530135] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [78225.574644] F2FS-fs (loop1): Mismatch valid blocks 0 vs. 3 [78225.574644] F2FS-fs (loop1): Failed to initialize F2FS segment manager [78225.574975] F2FS-fs (loop1): Invalid segment count (0) [78225.574979] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [78225.616662] F2FS-fs (loop1): Mismatch valid blocks 0 vs. 3 [78225.616672] F2FS-fs (loop1): Failed to initialize F2FS segment manager Could you check that again? is that attached image correct and do you update f2fs code? (In reply to Chao Yu from comment #1) > With last code in f2fs-dev branch of my git tree, it show below dmesg on > mount: > > [78225.530123] F2FS-fs (loop1): Invalid segment count (0) > [78225.530135] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th > superblock > [78225.574644] F2FS-fs (loop1): Mismatch valid blocks 0 vs. 3 > [78225.574644] F2FS-fs (loop1): Failed to initialize F2FS segment manager > [78225.574975] F2FS-fs (loop1): Invalid segment count (0) > [78225.574979] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th > superblock > [78225.616662] F2FS-fs (loop1): Mismatch valid blocks 0 vs. 3 > [78225.616672] F2FS-fs (loop1): Failed to initialize F2FS segment manager > > Could you check that again? is that attached image correct and do you update > f2fs code? Really, I used your f2fs-dev branch whose latest commit is f2fs: split discard command in prior to block layer I can test it again. (In reply to Chao Yu from comment #1) > With last code in f2fs-dev branch of my git tree, it show below dmesg on > mount: > > [78225.530123] F2FS-fs (loop1): Invalid segment count (0) > [78225.530135] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th > superblock > [78225.574644] F2FS-fs (loop1): Mismatch valid blocks 0 vs. 3 > [78225.574644] F2FS-fs (loop1): Failed to initialize F2FS segment manager > [78225.574975] F2FS-fs (loop1): Invalid segment count (0) > [78225.574979] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th > superblock > [78225.616662] F2FS-fs (loop1): Mismatch valid blocks 0 vs. 3 > [78225.616672] F2FS-fs (loop1): Failed to initialize F2FS segment manager > > Could you check that again? is that attached image correct and do you update > f2fs code? Hi Chao, I checked the code and I think the reason is because on my machine CONFIG_F2FS_FS=y CONFIG_F2FS_STAT_FS=y CONFIG_F2FS_FS_XATTR=y CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_F2FS_FS_SECURITY=y # CONFIG_F2FS_CHECK_FS is not set <--- CONFIG_F2FS_FS_ENCRYPTION=y # CONFIG_F2FS_IO_TRACE is not set # CONFIG_F2FS_FAULT_INJECTION is not set CONFIG_F2FS_CHECK_FS is not set. Hmm, I am not very sure this will be enabled by default on machines using F2FS or not usually...how do you think about this? After disableing CONFIG_F2FS_CHECK_FS and do retest, below dmesg was printed: [ 2549.717979] F2FS-fs (loop0): Invalid log blocks per segment (8) [ 2549.717987] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 2549.718721] F2FS-fs (loop0): invalid crc_offset: 30716 [ 2549.718729] F2FS-fs (loop0): Wrong cp_pack_start_sum: 4194305 [ 2549.718738] F2FS-fs (loop0): Failed to get valid F2FS checkpoint So I think it has been fixed by below commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e494c2f995d6181d6e29c4927d68e0f295ecf75b |