f2fs: fix to do sanity check in is_alive()

chaseyu · Jaegeuk Kim · commit 77900c45ee5c · 2021-12-10T15:48:33.000-08:00
In fuzzed image, SSA table may indicate that a data block belongs to
invalid node, which node ID is out-of-range (0, 1, 2 or max_nid), in
order to avoid migrating inconsistent data in such corrupted image,
let's do sanity check anyway before data block migration.

Cc: stable@vger.kernel.org
Signed-off-by: Chao Yu &lt;chao@kernel.org&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c
@@ -1026,6 +1026,9 @@ static bool is_alive(struct f2fs_sb_info *sbi, struct f2fs_summary *sum,
 		set_sbi_flag(sbi, SBI_NEED_FSCK);
 	}
 
+	if (f2fs_check_nid_range(sbi, dni->ino))
+		return false;
+
 	*nofs = ofs_of_node(node_page);
 	source_blkaddr = data_blkaddr(NULL, node_page, ofs_in_node);
 	f2fs_put_page(node_page, 1);

Original file line number	Diff line number	Diff line change
`@@ -1026,6 +1026,9 @@ static bool is_alive(struct f2fs_sb_info sbi, struct f2fs_summary sum,`
`1026`	`1026`	`set_sbi_flag(sbi, SBI_NEED_FSCK);`
`1027`	`1027`	`}`
`1028`	`1028`
	`1029`	`+ if (f2fs_check_nid_range(sbi, dni->ino))`
	`1030`	`+ return false;`
	`1031`	`+`
`1029`	`1032`	`*nofs = ofs_of_node(node_page);`
`1030`	`1033`	`source_blkaddr = data_blkaddr(NULL, node_page, ofs_in_node);`
`1031`	`1034`	`f2fs_put_page(node_page, 1);`