On 2019/8/1 3:11, Pavel Machek wrote: > Hi! > >> [ Upstream commit 56f3ce675103e3fb9e631cfb4131fc768bc23e9a ] >> >> blkoff_off might over 512 due to fs corrupt or security >> vulnerability. That should be checked before being using. >> >> Use ENTRIES_IN_SUM to protect invalid value in cur_data_blkoff. >> >> Signed-off-by: Ocean Chen <[email protected]> >> Reviewed-by: Chao Yu <[email protected]> >> Signed-off-by: Jaegeuk Kim <[email protected]> >> Signed-off-by: Sasha Levin <[email protected]> >> --- >> fs/f2fs/segment.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c >> index 8fc3edb6760c..92f72bb5aff4 100644 >> --- a/fs/f2fs/segment.c >> +++ b/fs/f2fs/segment.c >> @@ -3261,6 +3261,11 @@ static int read_compacted_summaries(struct >> f2fs_sb_info *sbi) >> seg_i = CURSEG_I(sbi, i); >> segno = le32_to_cpu(ckpt->cur_data_segno[i]); >> blk_off = le16_to_cpu(ckpt->cur_data_blkoff[i]); >> + if (blk_off > ENTRIES_IN_SUM) { >> + f2fs_bug_on(sbi, 1); >> + f2fs_put_page(page, 1); >> + return -EFAULT; >> + } >> seg_i->next_segno = segno; > > We normally use -EUCLEAN to signal filesystem corruption. Plus, it is > good idea to report it to the syslog and mark filesystem as "needing > fsck" if filesystem can do that.
Thanks for pointing out this, I missed that restriction during review, since at that time, my focus is on how that case happen... Look at this again, I think we also need to add unlikely() keyword hint to compiler to indicate this should never happen. Thanks, > > Thanks, > Pavel >
