diff mbox series

[f2fs-dev] f2fs: fix convert inline inode on readonly mode

Message ID 20240612022012epcms2p77300b5130d18b0397c9fc2877704949d@epcms2p7 (mailing list archive)
State New
Headers show
Series [f2fs-dev] f2fs: fix convert inline inode on readonly mode | expand

Commit Message

Daejun Park June 12, 2024, 2:20 a.m. UTC
syzbot reported a bug in f2fs_vm_page_mkwrite() which checks for
f2fs_has_inline_data(inode).
The bug was caused by f2fs_convert_inline_inode() not returning an
error when called on a read-only filesystem, but returning with the
inline attribute as set.
This patch fixes the problem by ensuring that f2fs_convert_inline_inode()
returns -EROFS on readonly.

Fixes: ec2ddf499402 ("f2fs: don't allow any writes on readonly mount")
Reported-by: syzbot+f195123a45ad487ca66c@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=f195123a45ad487ca66c
Signed-off-by: Daejun Park <daejun7.park@samsung.com>
---
 fs/f2fs/inline.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--
2.25.1

Comments

Chao Yu June 12, 2024, 3:39 a.m. UTC | #1
On 2024/6/12 10:20, Daejun Park wrote:
> syzbot reported a bug in f2fs_vm_page_mkwrite() which checks for
> f2fs_has_inline_data(inode).
> The bug was caused by f2fs_convert_inline_inode() not returning an
> error when called on a read-only filesystem, but returning with the
> inline attribute as set.
> This patch fixes the problem by ensuring that f2fs_convert_inline_inode()
> returns -EROFS on readonly.
> 
> Fixes: ec2ddf499402 ("f2fs: don't allow any writes on readonly mount")
> Reported-by: syzbot+f195123a45ad487ca66c@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=f195123a45ad487ca66c
> Signed-off-by: Daejun Park <daejun7.park@samsung.com>

Hi Daejun,

I guess below patch has fixed this issue, so we need to tag the report
as duplicated?

https://lore.kernel.org/linux-f2fs-devel/20240603010745.2246488-1-chao@kernel.org/T/#u

Thanks,

> ---
>   fs/f2fs/inline.c | 6 ++++--
>   1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c
> index 7638d0d7b7ee..ae1d8f2d82c9 100644
> --- a/fs/f2fs/inline.c
> +++ b/fs/f2fs/inline.c
> @@ -203,10 +203,12 @@ int f2fs_convert_inline_inode(struct inode *inode)
>          struct page *ipage, *page;
>          int err = 0;
> 
> -       if (!f2fs_has_inline_data(inode) ||
> -                       f2fs_hw_is_readonly(sbi) || f2fs_readonly(sbi->sb))
> +       if (!f2fs_has_inline_data(inode))
>                  return 0;
> 
> +       if (unlikely(f2fs_hw_is_readonly(sbi) || f2fs_readonly(sbi->sb)))
> +               return -EROFS;
> +
>          err = f2fs_dquot_initialize(inode);
>          if (err)
>                  return err;
> --
> 2.25.1
>
Daejun Park June 12, 2024, 4:50 a.m. UTC | #2
> On 2024/6/12 10:20, Daejun Park wrote:
> > syzbot reported a bug in f2fs_vm_page_mkwrite() which checks for
> > f2fs_has_inline_data(inode).
> > The bug was caused by f2fs_convert_inline_inode() not returning an
> > error when called on a read-only filesystem, but returning with the
> > inline attribute as set.
> > This patch fixes the problem by ensuring that f2fs_convert_inline_inode()
> > returns -EROFS on readonly.
> >
> > Fixes: ec2ddf499402 ("f2fs: don't allow any writes on readonly mount")
> > Reported-by: syzbot+f195123a45ad487ca66c@syzkaller.appspotmail.com
> > Closes: https://protect2.fireeye.com/v1/url?k=4fe36b34-10785251-4fe2e07b-000babff32e3-e4235a49bbe14a93&q=1&e=b7eda9c4-8db2-474e-801d-f3eb85d38066&u=https%3A%2F%2Fsyzkaller.appspot.com%2Fbug%3Fextid%3Df195123a45ad487ca66c
> > Signed-off-by: Daejun Park <daejun7.park@samsung.com>
> 
> Hi Daejun,
> 
> I guess below patch has fixed this issue, so we need to tag the report
> as duplicated?
> 
> https://lore.kernel.org/linux-f2fs-devel/20240603010745.2246488-1-chao@kernel.org/T/#u
> 
> Thanks,

Hi Chao,

I didn't check that patch, please simply ignore it, thank you :)

Thanks,
Daejun

> > ---
> >  fs/f2fs/inline.c 6 ++++--
> >  1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c
> > index 7638d0d7b7ee..ae1d8f2d82c9 100644
> > --- a/fs/f2fs/inline.c
> > +++ b/fs/f2fs/inline.c
> > @@ -203,10 +203,12 @@ int f2fs_convert_inline_inode(struct inode *inode)
> >          struct page *ipage, *page;
> >          int err = 0;
> >
> > -      if (!f2fs_has_inline_data(inode)
> > -                      f2fs_hw_is_readonly(sbi) f2fs_readonly(sbi->sb))
> > +      if (!f2fs_has_inline_data(inode))
> >                  return 0;
> >
> > +      if (unlikely(f2fs_hw_is_readonly(sbi) f2fs_readonly(sbi->sb)))
> > +              return -EROFS;
> > +
> >          err = f2fs_dquot_initialize(inode);
> >          if (err)
> >                  return err;
> > --
> > 2.25.1
> >
diff mbox series

Patch

diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c
index 7638d0d7b7ee..ae1d8f2d82c9 100644
--- a/fs/f2fs/inline.c
+++ b/fs/f2fs/inline.c
@@ -203,10 +203,12 @@  int f2fs_convert_inline_inode(struct inode *inode)
        struct page *ipage, *page;
        int err = 0;

-       if (!f2fs_has_inline_data(inode) ||
-                       f2fs_hw_is_readonly(sbi) || f2fs_readonly(sbi->sb))
+       if (!f2fs_has_inline_data(inode))
                return 0;

+       if (unlikely(f2fs_hw_is_readonly(sbi) || f2fs_readonly(sbi->sb)))
+               return -EROFS;
+
        err = f2fs_dquot_initialize(inode);
        if (err)
                return err;