From patchwork Fri Jul 15 13:39:19 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vegard Nossum X-Patchwork-Id: 648817 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3rrYbY0cNCz9s65 for ; Fri, 15 Jul 2016 23:40:09 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752775AbcGONj3 (ORCPT ); Fri, 15 Jul 2016 09:39:29 -0400 Received: from aserp1040.oracle.com ([141.146.126.69]:37441 "EHLO aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752769AbcGONj1 (ORCPT ); Fri, 15 Jul 2016 09:39:27 -0400 Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u6FDdNg8001191 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 15 Jul 2016 13:39:23 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id u6FDdNrZ023873 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 15 Jul 2016 13:39:23 GMT Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by userv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u6FDdMuT018182; Fri, 15 Jul 2016 13:39:22 GMT Received: from [10.175.170.120] (/10.175.170.120) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 15 Jul 2016 06:39:22 -0700 Subject: kernel BUG at fs/ext4/inode.c:3709! (Re: open bugs found by fuzzing) To: linux-ext4@vger.kernel.org, Michael Halcrow References: <5787FFBA.70406@oracle.com> Cc: Ildar Muslukhov , Jaegeuk Kim From: Vegard Nossum Message-ID: <5788E787.106@oracle.com> Date: Fri, 15 Jul 2016 15:39:19 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: <5787FFBA.70406@oracle.com> X-Source-IP: aserv0022.oracle.com [141.146.126.234] Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On 07/14/2016 11:10 PM, Vegard Nossum wrote: > 3. kernel BUG at fs/ext4/inode.c:3709! > http://139.162.151.198/f/ext4/5bdefda69f39b2f2c56d9b67d5b7d9e2cc8dfd5f I don't see any evidence of memory corruption here, so this one seems pretty straightforward: we have an encrypted orphan inode and when we try to truncate it during the orphan list cleanup it results in a BUG because we haven't loaded the encryption key for it. The inode in question has ->i_ino == 16 so I don't think this has anything to do with special inodes. Something quick and dirty like this does solve the BUG_ON() for me, but it looks a lot like papering over an underlying bug: if (ext4_should_journal_data(inode)) { I'm a bit puzzled that we're actually creating a mapping and trying to decrypt here in the first place, since if this is an orphan inode that is being recovered at mount time it means that we know _for sure_ that there is no existing memory mappings and we're truncating it to 0. Anyway, adding some Ccs. Vegard --- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 5a6277d..794b33a 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3735,9 +3735,11 @@ static int __ext4_block_zero_page_range(handle_t *handle, if (S_ISREG(inode->i_mode) && ext4_encrypted_inode(inode)) { /* We expect the key to be set. */ - BUG_ON(!fscrypt_has_encryption_key(inode)); - BUG_ON(blocksize != PAGE_SIZE); - WARN_ON_ONCE(fscrypt_decrypt_page(page)); + if (list_empty(&EXT4_I(inode)->i_orphan)) { + BUG_ON(!fscrypt_has_encryption_key(inode)); + BUG_ON(blocksize != PAGE_SIZE); + WARN_ON_ONCE(fscrypt_decrypt_page(page)); + } } }