commit: 297148d7527b5bcd0796503f09fd87af052541dc Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Fri Dec 18 16:07:30 2020 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Fri Dec 18 16:07:30 2020 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=297148d7
f2fs: fix to seek incorrect data offset in inline data file See bug #760573 Thanks to Stefan de Konink for reporting Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 ++ 1900_f2fs-seek-data-offset-inline-data.patch | 65 ++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) diff --git a/0000_README b/0000_README index 414f5d7..4cf514e 100644 --- a/0000_README +++ b/0000_README @@ -55,6 +55,10 @@ Patch: 1510_fs-enable-link-security-restrictions-by-default.patch From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/ Desc: Enable link security restrictions by default. +Patch: 1900_f2fs-seek-data-offset-inline-data.patch +From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7a6e59d719ef0ec9b3d765cba3ba98ee585cbde3 +Desc: f2fs: fix to seek incorrect data offset in inline data file + Patch: 2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch From: https://lore.kernel.org/linux-bluetooth/20190522070540.48895-1-mar...@holtmann.org/raw Desc: Bluetooth: Check key sizes only when Secure Simple Pairing is enabled. See bug #686758 diff --git a/1900_f2fs-seek-data-offset-inline-data.patch b/1900_f2fs-seek-data-offset-inline-data.patch new file mode 100644 index 0000000..28b00eb --- /dev/null +++ b/1900_f2fs-seek-data-offset-inline-data.patch @@ -0,0 +1,65 @@ +From 7a6e59d719ef0ec9b3d765cba3ba98ee585cbde3 Mon Sep 17 00:00:00 2001 +From: Chao Yu <yuch...@huawei.com> +Date: Mon, 2 Nov 2020 17:36:58 +0800 +Subject: f2fs: fix to seek incorrect data offset in inline data file + +As kitestramuort reported: + +F2FS-fs (nvme0n1p4): access invalid blkaddr:1598541474 +[ 25.725898] ------------[ cut here ]------------ +[ 25.725903] WARNING: CPU: 6 PID: 2018 at f2fs_is_valid_blkaddr+0x23a/0x250 +[ 25.725923] Call Trace: +[ 25.725927] ? f2fs_llseek+0x204/0x620 +[ 25.725929] ? ovl_copy_up_data+0x14f/0x200 +[ 25.725931] ? ovl_copy_up_inode+0x174/0x1e0 +[ 25.725933] ? ovl_copy_up_one+0xa22/0xdf0 +[ 25.725936] ? ovl_copy_up_flags+0xa6/0xf0 +[ 25.725938] ? ovl_aio_cleanup_handler+0xd0/0xd0 +[ 25.725939] ? ovl_maybe_copy_up+0x86/0xa0 +[ 25.725941] ? ovl_open+0x22/0x80 +[ 25.725943] ? do_dentry_open+0x136/0x350 +[ 25.725945] ? path_openat+0xb7e/0xf40 +[ 25.725947] ? __check_sticky+0x40/0x40 +[ 25.725948] ? do_filp_open+0x70/0x100 +[ 25.725950] ? __check_sticky+0x40/0x40 +[ 25.725951] ? __check_sticky+0x40/0x40 +[ 25.725953] ? __x64_sys_openat+0x1db/0x2c0 +[ 25.725955] ? do_syscall_64+0x2d/0x40 +[ 25.725957] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +llseek() reports invalid block address access, the root cause is if +file has inline data, f2fs_seek_block() will access inline data regard +as block address index in inode block, which should be wrong, fix it. + +Reported-by: kitestramuort <kitestramu...@autistici.org> +Signed-off-by: Chao Yu <yuch...@huawei.com> +Signed-off-by: Jaegeuk Kim <jaeg...@kernel.org> +--- + fs/f2fs/file.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c +index ee861c6d9ff02..fe39e591e5b4c 100644 +--- a/fs/f2fs/file.c ++++ b/fs/f2fs/file.c +@@ -412,9 +412,14 @@ static loff_t f2fs_seek_block(struct file *file, loff_t offset, int whence) + goto fail; + + /* handle inline data case */ +- if (f2fs_has_inline_data(inode) && whence == SEEK_HOLE) { +- data_ofs = isize; +- goto found; ++ if (f2fs_has_inline_data(inode)) { ++ if (whence == SEEK_HOLE) { ++ data_ofs = isize; ++ goto found; ++ } else if (whence == SEEK_DATA) { ++ data_ofs = offset; ++ goto found; ++ } + } + + pgofs = (pgoff_t)(offset >> PAGE_SHIFT); +-- +cgit 1.2.3-1.el7 +
