android/android_kernel_asus_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_kernel_asus_sm8350/fs
History
Chao Yu 546d22f070 f2fs: fix to clear dirty inode in error path of f2fs_iget() 
As Jungyeon reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=203217

- Overview
When mounting the attached crafted image and running program, I got this error.
Additionally, it hangs on sync after running the program.

The image is intentionally fuzzed from a normal f2fs image for testing and I enabled option CONFIG_F2FS_CHECK_FS on.

- Reproduces
cc poc_test_05.c
mkdir test
mount -t f2fs tmp.img test
sudo ./a.out
sync

- Messages
 kernel BUG at fs/f2fs/inode.c:707!
 RIP: 0010:f2fs_evict_inode+0x33f/0x3a0
 Call Trace:
  evict+0xba/0x180
  f2fs_iget+0x598/0xdf0
  f2fs_lookup+0x136/0x320
  __lookup_slow+0x92/0x140
  lookup_slow+0x30/0x50
  walk_component+0x1c1/0x350
  path_lookupat+0x62/0x200
  filename_lookup+0xb3/0x1a0
  do_readlinkat+0x56/0x110
  __x64_sys_readlink+0x16/0x20
  do_syscall_64+0x43/0xf0
  entry_SYSCALL_64_after_hwframe+0x44/0xa9

During inode loading, __recover_inline_status() can recovery inode status
and set inode dirty, once we failed in following process, it will fail
the check in f2fs_evict_inode, result in trigger BUG_ON().

Let's clear dirty inode in error path of f2fs_iget() to avoid panic.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2019-05-08 21:23:08 -07:00
..
9p
Pull request for inlusion in 5.1
2019-03-17 09:10:56 -07:00
adfs
adfs: use timespec64 for time conversion
2018-08-22 10:52:51 -07:00
affs
afs
afs: Fix StoreData op marshalling
2019-03-28 08:54:20 -07:00
autofs
autofs: clear O_NONBLOCK on the pipe
2019-03-07 18:32:01 -08:00
befs
bfs
bfs: extra sanity checking and static inode bitmap
2019-01-04 13:13:47 -08:00
btrfs
for-5.1-rc2-tag
2019-03-26 10:32:13 -07:00
cachefiles
fscache, cachefiles: remove redundant variable 'cache'
2018-11-30 16:00:58 +00:00
ceph
ceph: fix use-after-free on symlink traversal
2019-03-27 19:00:37 +01:00
cifs
cifs: update internal module version number
2019-03-22 22:43:04 -05:00
coda
configfs
cramfs
Make the Cramfs code more robust against filesystem corruptions,
2018-10-30 12:46:25 -07:00
crypto
fscrypt updates for v5.1
2019-03-09 10:54:24 -08:00
debugfs
debugfs: fix use-after-free on symlink traversal
2019-04-01 00:31:02 -04:00
devpts
fs/devpts: always delete dcache dentry-s in dput()
2019-01-24 13:38:30 -05:00
dlm
socket: Rename SO_RCVTIMEO/ SO_SNDTIMEO with _OLD suffixes
2019-02-03 11:17:31 -08:00
ecryptfs
crypto: clarify name of WEAK_KEY request flag
2019-01-25 18:41:52 +08:00
efivarfs
efs
exportfs
exportfs: do not read dentry after free
2018-11-23 09:08:17 -05:00
ext2
\n
2019-03-07 09:01:33 -08:00
ext4
Miscellaneous ext4 bug fixes for 5.1.
2019-03-24 13:41:37 -07:00
f2fs
f2fs: fix to clear dirty inode in error path of f2fs_iget()
2019-05-08 21:23:08 -07:00
fat
fat: enable .splice_write to support splice on O_DIRECT file
2019-03-07 18:32:01 -08:00
freevxfs
fscache
fscache: fix race between enablement and dropping of object
2018-11-30 15:57:31 +00:00
fuse
fuse update for 5.1
2019-03-12 14:46:26 -07:00
gfs2
We've only got three patches ready for this merge window:
2019-03-09 11:52:11 -08:00
hfs
hfs: do not free node before using
2018-11-30 14:56:14 -08:00
hfsplus
hfsplus: return file attributes on statx
2019-01-04 13:13:47 -08:00
hostfs
vfs: discard ATTR_ATTR_FLAG
2018-08-17 16:20:28 -07:00
hpfs
hpfs: fix spelling mistake "partion" -> "partition"
2019-03-12 09:58:03 -07:00
hugetlbfs
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 14:08:19 -07:00
isofs
Update email address
2018-09-29 22:47:48 -04:00
jbd2
jbd2: jbd2_get_transaction does not need to return a value
2019-03-01 00:36:57 -05:00
jffs2
jffs2: fix use-after-free on symlink traversal
2019-04-01 00:31:02 -04:00
jfs
jfs: remove redundant dquot_initialize() in jfs_evict_inode()
2018-09-20 09:28:49 -05:00
kernfs
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 14:08:19 -07:00
lockd
NFS: fix mount/umount race in nlmclnt.
2019-03-18 22:39:34 -04:00
minix
nfs
pNFS/flexfiles: Fix layoutstats handling during read failovers
2019-03-23 12:03:58 -04:00
nfs_common
nfsd
Miscellaneous NFS server fixes. Probably the most visible bug is one
2019-03-12 15:06:54 -07:00
nilfs2
XArray: Change xa_insert to return -EBUSY
2019-02-06 13:12:15 -05:00
nls
notify
fanotify: Allow copying of file handle to userspace
2019-03-19 09:29:07 +01:00
ntfs
mm: convert totalram_pages and totalhigh_pages variables to atomic
2018-12-28 12:11:47 -08:00
ocfs2
ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock
2019-03-29 10:01:37 -07:00
omfs
openpromfs
fs/openpromfs: Use of_node_name_eq for node name comparisons
2018-11-18 13:35:19 -08:00
orangefs
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 13:27:20 -07:00
overlayfs
ovl: Do not lose security.capability xattr over metadata file copy-up
2019-02-13 11:14:46 +01:00
proc
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
2019-03-29 10:01:38 -07:00
pstore
pstore/ram: Avoid needless alloc during header write
2019-02-12 13:45:53 -08:00
qnx4
qnx6
quota
quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls.
2018-12-18 18:29:15 +01:00
ramfs
reiserfs
reiserfs: remove workaround code for GCC 3.x
2018-10-31 08:54:14 -07:00
romfs
squashfs
Squashfs: Compute expected length from inode size rather than block length
2018-08-02 09:34:02 -07:00
sysfs
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-16 10:31:02 -07:00
sysv
sysv: return 'err' instead of 0 in __sysv_write_inode
2018-11-10 08:02:40 -05:00
tracefs
tracefs: Annotate tracefs_ops with __ro_after_init
2018-07-31 11:32:44 -04:00
ubifs
ubifs: fix use-after-free on symlink traversal
2019-04-01 00:31:02 -04:00
udf
udf: Propagate errors from udf_truncate_extents()
2019-03-18 16:30:02 +01:00
ufs
fs/ufs: use ktime_get_real_seconds for sb and cg timestamps
2018-08-17 16:20:27 -07:00
xfs
xfs: serialize unaligned dio writes against all other dio writes
2019-03-26 08:37:55 -07:00
aio.c
aio: move sanity checks and request allocation to io_submit_one()
2019-03-17 20:52:32 -04:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
a.out: remove core dumping support
2019-03-05 10:00:35 -08:00
binfmt_elf_fdpic.c
binfmt_elf.c
fs/binfmt_elf.c: spread const a little
2019-03-07 18:32:01 -08:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
exec: load_script: Do not exec truncated interpreter path
2019-02-18 16:49:36 -08:00
block_dev.c
block: add BIO_NO_PAGE_REF flag
2019-03-18 10:44:48 -06:00
buffer.c
fs: fix guard_bio_eod to check for real EOD errors
2019-02-28 13:59:41 -07:00
char_dev.c
compat_binfmt_elf.c
y2038: globally rename compat_time to old_time32
2018-08-27 14:48:48 +02:00
compat_ioctl.c
media updates for v4.20-rc1
2018-10-29 14:29:58 -07:00
compat.c
coredump.c
signal: Distinguish between kernel_siginfo and siginfo
2018-10-03 16:47:43 +02:00
d_path.c
dax.c
dax: Flush partial PMDs correctly
2019-03-01 17:24:48 -08:00
dcache.c
fs/dcache: Track & report number of negative dentries
2019-01-30 11:02:11 -08:00
dcookies.c
direct-io.c
block: allow bio_for_each_segment_all() to iterate over multi-page bvec
2019-02-15 08:40:11 -07:00
drop_caches.c
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
2019-02-01 15:46:24 -08:00
eventfd.c
eventpoll.c
epoll: use rwlock in order to reduce ep_poll_callback() contention
2019-03-07 18:32:01 -08:00
exec.c
exec: increase BINPRM_BUF_SIZE to 256
2019-03-07 18:32:01 -08:00
fcntl.c
signal: Distinguish between kernel_siginfo and siginfo
2018-10-03 16:47:43 +02:00
fhandle.c
file_table.c
fs: add fget_many() and fput_many()
2019-02-28 08:24:23 -07:00
file.c
io_uring-2019-03-06
2019-03-08 14:48:40 -08:00
filesystems.c
vfs: Implement a filesystem superblock creation/configuration context
2019-02-28 03:29:26 -05:00
fs_context.c
vfs: Implement logging through fs_context
2019-02-28 03:29:37 -05:00
fs_parser.c
fs: fs_parser: fix printk format warning
2019-03-29 10:01:38 -07:00
fs_pin.c
fs_struct.c
fs_types.c
fs: common implementation of file type
2019-01-21 17:48:13 +01:00
fs-writeback.c
writeback: synchronize sync(2) against cgroup writeback membership switches
2019-01-22 14:39:38 -07:00
inode.c
fs/inode.c: inode_set_flags(): replace opencoded set_mask_bits()
2019-03-05 21:07:13 -08:00
internal.h
vfs: Add configuration parser helpers
2019-02-28 03:28:53 -05:00
io_uring.c
io_uring: offload write to async worker in case of -EAGAIN
2019-03-25 13:13:21 -06:00
ioctl.c
Remove 'type' argument from access_ok() function
2019-01-03 18:57:57 -08:00
iomap.c
block: add BIO_NO_PAGE_REF flag
2019-03-18 10:44:48 -06:00
Kconfig
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 14:08:19 -07:00
Kconfig.binfmt
kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt
2018-08-02 08:06:55 +09:00
libfs.c
locks.c
locks: wake any locks blocked on request before deadlock check
2019-03-25 08:36:24 -04:00
Makefile
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 14:08:19 -07:00
mbcache.c
mount.h
saner handling of temporary namespaces
2019-01-30 17:44:07 -05:00
mpage.c
block: allow bio_for_each_segment_all() to iterate over multi-page bvec
2019-02-15 08:40:11 -07:00
namei.c
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 14:08:19 -07:00
namespace.c
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 14:08:19 -07:00
no-block.c
nsfs.c
open.c
fs/open.c: allow opening only regular files during execve()
2019-03-29 10:01:37 -07:00
pipe.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 13:27:20 -07:00
pnode.c
separate copying and locking mount tree on cross-userns copies
2019-01-30 17:14:50 -05:00
pnode.h
separate copying and locking mount tree on cross-userns copies
2019-01-30 17:14:50 -05:00
posix_acl.c
proc_namespace.c
read_write.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 13:27:20 -07:00
readdir.c
Remove 'type' argument from access_ok() function
2019-01-03 18:57:57 -08:00
select.c
y2038: syscalls: rename y2038 compat syscalls
2019-02-07 00:13:27 +01:00
seq_file.c
fs/seq_file.c: simplify seq_file iteration code and interface
2018-08-17 16:20:28 -07:00
signalfd.c
signal: Distinguish between kernel_siginfo and siginfo
2018-10-03 16:47:43 +02:00
splice.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 13:27:20 -07:00
stack.c
stat.c
fs: move generic stat response attr handling to vfs_getattr_nosec
2019-02-01 01:55:45 -05:00
statfs.c
vfs: add vfs_get_fsid() helper
2019-02-07 16:38:35 +01:00
super.c
vfs: Add some logging to the core users of the fs_context log
2019-02-28 03:29:38 -05:00
sync.c
timerfd.c
y2038: syscalls: rename y2038 compat syscalls
2019-02-07 00:13:27 +01:00
userfaultfd.c
userfaultfd: clear flag if remap event not enabled
2018-12-28 12:11:51 -08:00
utimes.c
y2038: syscalls: rename y2038 compat syscalls
2019-02-07 00:13:27 +01:00
xattr.c
sysfs: Do not return POSIX ACL xattrs via listxattr
2018-09-18 07:30:48 -04:00