diff options
| author | Ryusuke Konishi <[email protected]> | 2023-05-01 04:30:46 +0900 |
|---|---|---|
| committer | Andrew Morton <[email protected]> | 2023-05-06 10:10:07 -0700 |
| commit | a6a491c048882e7e424d407d32cba0b52d9ef2bf (patch) | |
| tree | b0e0138611cdaf9da4909b5a0c0f6df1ecf22e34 /lib/test_fortify/write_overflow-strncpy.c | |
| parent | 29417d292bd0fa174d20360326abaf6444a23c3b (diff) | |
nilfs2: fix infinite loop in nilfs_mdt_get_block()
If the disk image that nilfs2 mounts is corrupted and a virtual block
address obtained by block lookup for a metadata file is invalid,
nilfs_bmap_lookup_at_level() may return the same internal return code as
-ENOENT, meaning the block does not exist in the metadata file.
This duplication of return codes confuses nilfs_mdt_get_block(), causing
it to read and create a metadata block indefinitely.
In particular, if this happens to the inode metadata file, ifile,
semaphore i_rwsem can be left held, causing task hangs in lock_mount.
Fix this issue by making nilfs_bmap_lookup_at_level() treat virtual block
address translation failures with -ENOENT as metadata corruption instead
of returning the error code.
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Ryusuke Konishi <[email protected]>
Tested-by: Ryusuke Konishi <[email protected]>
Reported-by: [email protected]
Link: https://syzkaller.appspot.com/bug?extid=221d75710bde87fa0e97
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Diffstat (limited to 'lib/test_fortify/write_overflow-strncpy.c')
0 files changed, 0 insertions, 0 deletions