From: Gao Xiang <hsiangkao@aol.com> To: Chao Yu <yuchao0@huawei.com>, Richard Weinberger <richard@nod.at>, Matthew Wilcox <willy@infradead.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, devel@driverdev.osuosl.org, linux-fsdevel@vger.kernel.org Cc: LKML <linux-kernel@vger.kernel.org>, linux-erofs@lists.ozlabs.org, Chao Yu <chao@kernel.org>, Miao Xie <miaoxie@huawei.com>, Fang Wei <fangwei1@huawei.com>, Gao Xiang <gaoxiang25@huawei.com>, stable@vger.kernel.org Subject: [PATCH] staging: erofs: fix an error handling in erofs_readdir() Date: Sun, 18 Aug 2019 11:18:55 +0800 [thread overview] Message-ID: <20190818031855.9723-1-hsiangkao@aol.com> (raw) In-Reply-To: <20190818030109.GA8225@hsiangkao-HP-ZHAN-66-Pro-G1> From: Gao Xiang <gaoxiang25@huawei.com> Richard observed a forever loop of erofs_read_raw_page() [1] which can be generated by forcely setting ->u.i_blkaddr to 0xdeadbeef (as my understanding block layer can handle access beyond end of device correctly). After digging into that, it seems the problem is highly related with directories and then I found the root cause is an improper error handling in erofs_readdir(). Let's fix it now. [1] https://lore.kernel.org/r/1163995781.68824.1566084358245.JavaMail.zimbra@nod.at/ Reported-by: Richard Weinberger <richard@nod.at> Fixes: 3aa8ec716e52 ("staging: erofs: add directory operations") Cc: <stable@vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> --- changelog from v2: - transform EIO to EFSCORRUPTED as suggested by Matthew; changelog from v1: - fix the incorrect external link in commit message. This patch is based on the following patch as well https://lore.kernel.org/r/20190816071142.8633-1-gaoxiang25@huawei.com/ and https://lore.kernel.org/r/20190817082313.21040-1-hsiangkao@aol.com/ can still be properly applied after this patch. drivers/staging/erofs/dir.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/staging/erofs/dir.c b/drivers/staging/erofs/dir.c index 5f38382637e6..eb430a031b20 100644 --- a/drivers/staging/erofs/dir.c +++ b/drivers/staging/erofs/dir.c @@ -82,8 +82,17 @@ static int erofs_readdir(struct file *f, struct dir_context *ctx) unsigned int nameoff, maxsize; dentry_page = read_mapping_page(mapping, i, NULL); - if (IS_ERR(dentry_page)) - continue; + if (dentry_page == ERR_PTR(-ENOMEM)) { + errln("no memory to readdir of logical block %u of nid %llu", + i, EROFS_V(dir)->nid); + err = -ENOMEM; + break; + } else if (IS_ERR(dentry_page)) { + errln("fail to readdir of logical block %u of nid %llu", + i, EROFS_V(dir)->nid); + err = -EFSCORRUPTED; + break; + } de = (struct erofs_dirent *)kmap(dentry_page); -- 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: hsiangkao@aol.com (Gao Xiang) Subject: [PATCH] staging: erofs: fix an error handling in erofs_readdir() Date: Sun, 18 Aug 2019 11:18:55 +0800 [thread overview] Message-ID: <20190818031855.9723-1-hsiangkao@aol.com> (raw) In-Reply-To: <20190818030109.GA8225@hsiangkao-HP-ZHAN-66-Pro-G1> From: Gao Xiang <gaoxiang25@huawei.com> Richard observed a forever loop of erofs_read_raw_page() [1] which can be generated by forcely setting ->u.i_blkaddr to 0xdeadbeef (as my understanding block layer can handle access beyond end of device correctly). After digging into that, it seems the problem is highly related with directories and then I found the root cause is an improper error handling in erofs_readdir(). Let's fix it now. [1] https://lore.kernel.org/r/1163995781.68824.1566084358245.JavaMail.zimbra at nod.at/ Reported-by: Richard Weinberger <richard at nod.at> Fixes: 3aa8ec716e52 ("staging: erofs: add directory operations") Cc: <stable at vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25 at huawei.com> --- changelog from v2: - transform EIO to EFSCORRUPTED as suggested by Matthew; changelog from v1: - fix the incorrect external link in commit message. This patch is based on the following patch as well https://lore.kernel.org/r/20190816071142.8633-1-gaoxiang25 at huawei.com/ and https://lore.kernel.org/r/20190817082313.21040-1-hsiangkao at aol.com/ can still be properly applied after this patch. drivers/staging/erofs/dir.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/staging/erofs/dir.c b/drivers/staging/erofs/dir.c index 5f38382637e6..eb430a031b20 100644 --- a/drivers/staging/erofs/dir.c +++ b/drivers/staging/erofs/dir.c @@ -82,8 +82,17 @@ static int erofs_readdir(struct file *f, struct dir_context *ctx) unsigned int nameoff, maxsize; dentry_page = read_mapping_page(mapping, i, NULL); - if (IS_ERR(dentry_page)) - continue; + if (dentry_page == ERR_PTR(-ENOMEM)) { + errln("no memory to readdir of logical block %u of nid %llu", + i, EROFS_V(dir)->nid); + err = -ENOMEM; + break; + } else if (IS_ERR(dentry_page)) { + errln("fail to readdir of logical block %u of nid %llu", + i, EROFS_V(dir)->nid); + err = -EFSCORRUPTED; + break; + } de = (struct erofs_dirent *)kmap(dentry_page); -- 2.17.1
next prev parent reply other threads:[~2019-08-18 3:19 UTC|newest] Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-08-18 1:48 [PATCH] staging: erofs: fix an error handling in erofs_readdir() Gao Xiang 2019-08-18 1:48 ` Gao Xiang 2019-08-18 1:56 ` [PATCH v2] " Gao Xiang 2019-08-18 1:56 ` Gao Xiang 2019-08-18 2:20 ` Matthew Wilcox 2019-08-18 2:20 ` Matthew Wilcox 2019-08-18 2:32 ` Gao Xiang 2019-08-18 2:32 ` Gao Xiang 2019-08-18 2:53 ` Matthew Wilcox 2019-08-18 2:53 ` Matthew Wilcox 2019-08-18 3:01 ` Gao Xiang 2019-08-18 3:01 ` Gao Xiang 2019-08-18 3:18 ` Gao Xiang [this message] 2019-08-18 3:18 ` [PATCH] " Gao Xiang 2019-08-18 12:07 ` kbuild test robot 2019-08-18 12:07 ` kbuild test robot 2019-08-18 12:07 ` kbuild test robot 2019-08-18 13:17 ` kbuild test robot 2019-08-18 13:17 ` kbuild test robot 2019-08-18 13:17 ` kbuild test robot 2019-08-18 13:25 ` Gao Xiang 2019-08-18 13:25 ` Gao Xiang 2019-08-20 6:50 ` Philip Li 2019-08-20 6:50 ` Philip Li 2019-08-20 6:50 ` Philip Li 2019-08-20 6:50 ` Gao Xiang 2019-08-20 6:50 ` Gao Xiang 2019-08-20 6:50 ` Gao Xiang 2019-08-20 6:58 ` Li, Philip 2019-08-20 6:58 ` Li, Philip 2019-08-20 6:58 ` Li, Philip 2019-08-20 7:16 ` Gao Xiang 2019-08-20 7:16 ` Gao Xiang 2019-08-20 7:16 ` Gao Xiang 2019-08-18 3:21 ` [PATCH v3 RESEND] " Gao Xiang 2019-08-18 3:21 ` Gao Xiang 2019-08-18 8:33 ` Richard Weinberger 2019-08-18 8:33 ` Richard Weinberger 2019-08-18 9:10 ` Gao Xiang 2019-08-18 9:10 ` Gao Xiang 2019-08-18 9:18 ` [PATCH v3 RESEND] staging: erofs: fix an error handling in erofs_readdir()y Gao Xiang 2019-08-18 9:18 ` Gao Xiang 2019-08-18 11:52 ` [PATCH v3 RESEND] staging: erofs: fix an error handling in erofs_readdir() Sasha Levin 2019-08-18 12:29 ` Chao Yu 2019-08-18 12:29 ` Chao Yu 2019-08-18 12:33 ` Matthew Wilcox 2019-08-18 12:33 ` Matthew Wilcox 2019-08-18 12:38 ` Gao Xiang 2019-08-18 12:38 ` Gao Xiang 2019-08-18 12:54 ` [PATCH v4] " Gao Xiang 2019-08-18 12:54 ` Gao Xiang 2019-08-19 0:08 ` Sasha Levin 2019-08-18 10:39 ` [PATCH v2] " Chao Yu 2019-08-18 10:39 ` Chao Yu 2019-08-18 10:52 ` Gao Xiang 2019-08-18 10:52 ` Gao Xiang 2019-08-18 12:28 ` Chao Yu 2019-08-18 12:28 ` Chao Yu
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190818031855.9723-1-hsiangkao@aol.com \ --to=hsiangkao@aol.com \ --cc=chao@kernel.org \ --cc=devel@driverdev.osuosl.org \ --cc=fangwei1@huawei.com \ --cc=gaoxiang25@huawei.com \ --cc=gregkh@linuxfoundation.org \ --cc=linux-erofs@lists.ozlabs.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=miaoxie@huawei.com \ --cc=richard@nod.at \ --cc=stable@vger.kernel.org \ --cc=willy@infradead.org \ --cc=yuchao0@huawei.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.