Re: [f2fs-dev] [f2fs bug] infinite loop in f2fs_get_meta_page_nofail()

[Chao Yu]

On 2020/10/8 5:53, jaegeuk@xxxxxxxxxx wrote:
> On 10/07, Eric Biggers wrote:
> > [moved linux-fsdevel to Bcc]
> >
> > On Wed, Oct 07, 2020 at 02:18:19AM -0700, syzbot wrote:
> > > Hello,
> > >
> > > syzbot found the following issue on:
> > >
> > > HEAD commit:    a804ab08 Add linux-next specific files for 20201006
> > > git tree:       linux-next
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=17fe30bf900000
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=26c1b4cc4a62ccb
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=ee250ac8137be41d7b13
> > > compiler:       gcc (GCC) 10.1.0-syz 20200507
> > > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1336413b900000
> > > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12f7392b900000
> > >
> > > The issue was bisected to:
> > >
> > > commit eede846af512572b1f30b34f9889d7df64c017d4
> > > Author: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>
> > > Date:   Fri Oct 2 21:17:35 2020 +0000
> > >
> > >      f2fs: f2fs_get_meta_page_nofail should not be failed
> >
> > Jaegeuk, it looks like the loop you added in the above commit doesn't terminate
> > if the requested page is beyond the end of the device.
>
> Yes, that will go infinite loop. Otherwise, it will trigger a panic during
> the device reboot. Let me think how to avoid that before trying to get the
> wrong lba access.

Delivering f2fs_get_sum_page()'s return value needs a lot of codes change, I think
we can just zeroing sum_page in error case, as we have already shutdown f2fs via
calling f2fs_stop_checkpoint(), then f2fs_cp_error() will stop all updates to
filesystem data including summary pages.

Thoughts?

Thanks,

> > - Eric
>
>
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
> .