On 10/09, Chao Yu wrote:
On 2020/10/9 12:32, jaegeuk@xxxxxxxxxx wrote:
On 10/09, Chao Yu wrote:
On 2020/10/9 9:50, jaegeuk@xxxxxxxxxx wrote:
On 10/09, Chao Yu wrote:
On 2020/10/8 5:53, jaegeuk@xxxxxxxxxx wrote:
On 10/07, Eric Biggers wrote:
[moved linux-fsdevel to Bcc]
On Wed, Oct 07, 2020 at 02:18:19AM -0700, syzbot wrote:
Hello,
syzbot found the following issue on:
HEAD commit: a804ab08 Add linux-next specific files for 20201006
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=17fe30bf900000
kernel config: https://syzkaller.appspot.com/x/.config?x=26c1b4cc4a62ccb
dashboard link: https://syzkaller.appspot.com/bug?extid=ee250ac8137be41d7b13
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1336413b900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f7392b900000
The issue was bisected to:
commit eede846af512572b1f30b34f9889d7df64c017d4
Author: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>
Date: Fri Oct 2 21:17:35 2020 +0000
f2fs: f2fs_get_meta_page_nofail should not be failed
Jaegeuk, it looks like the loop you added in the above commit doesn't terminate
if the requested page is beyond the end of the device.
Yes, that will go infinite loop. Otherwise, it will trigger a panic during
the device reboot. Let me think how to avoid that before trying to get the
wrong lba access.
Delivering f2fs_get_sum_page()'s return value needs a lot of codes change, I think
we can just zeroing sum_page in error case, as we have already shutdown f2fs via
calling f2fs_stop_checkpoint(), then f2fs_cp_error() will stop all updates to
filesystem data including summary pages.
That sounds like one solution tho, I'm afraid of getting another panic by
wrong zero'ed summary page.
What case do you mean? maybe I missed some corner cases?
I sent v2 to fix syzbot issue, which fixes wrong use of
f2fs_get_meta_page_nofail.
I agreed to fix that case, however we may encounter deadloop in other
places where we call f2fs_get_meta_page_nofail()? like the case that
filesystem will always see EIO after we shutdown device via dmflakey?
We may need another option to deal with this. At least, however, it's literally
_nofail function which should guarantee no error, instead of hiding the error
with zero'ed page.
.
Thanks,
.
Thanks,
.
Thoughts?
Thanks,
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
.