* fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
@ 2021-09-12 18:39 kernel test robot
0 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2021-09-12 18:39 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 7361 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Gao Xiang <hsiangkao@redhat.com>
CC: Chao Yu <yuchao0@huawei.com>, Chao Yu <chao@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 78e709522d2c012cb0daad2e668506637bffb7c2
commit: 14373711dd54be8a84e2f4f624bc58787f80cfbd erofs: add on-disk compression configurations
date: 6 months ago
:::::: branch date: 21 hours ago
:::::: commit date: 6 months ago
config: openrisc-randconfig-m031-20210912 (attached as .config)
compiler: or1k-linux-gcc (GCC) 11.2.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
vim +/ptr +149 fs/erofs/super.c
5efe5137f05bbb4 drivers/staging/erofs/super.c Gao Xiang 2019-06-13 124
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 125 #ifdef CONFIG_EROFS_FS_ZIP
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 126 /* read variable-sized metadata, offset will be aligned by 4-byte */
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 127 static void *erofs_read_metadata(struct super_block *sb, struct page **pagep,
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 128 erofs_off_t *offset, int *lengthp)
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 129 {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 130 struct page *page = *pagep;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 131 u8 *buffer, *ptr;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 132 int len, i, cnt;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 133 erofs_blk_t blk;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 134
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 135 *offset = round_up(*offset, 4);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 136 blk = erofs_blknr(*offset);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 137
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 138 if (!page || page->index != blk) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 139 if (page) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 140 unlock_page(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 141 put_page(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 142 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 143 page = erofs_get_meta_page(sb, blk);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 144 if (IS_ERR(page))
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 145 goto err_nullpage;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 146 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 147
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 148 ptr = kmap(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 @149 len = le16_to_cpu(*(__le16 *)&ptr[erofs_blkoff(*offset)]);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 150 if (!len)
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 151 len = U16_MAX + 1;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 152 buffer = kmalloc(len, GFP_KERNEL);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 153 if (!buffer) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 154 buffer = ERR_PTR(-ENOMEM);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 155 goto out;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 156 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 157 *offset += sizeof(__le16);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 158 *lengthp = len;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 159
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 160 for (i = 0; i < len; i += cnt) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 161 cnt = min(EROFS_BLKSIZ - (int)erofs_blkoff(*offset), len - i);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 162 blk = erofs_blknr(*offset);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 163
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 164 if (!page || page->index != blk) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 165 if (page) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 166 kunmap(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 167 unlock_page(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 168 put_page(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 169 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 170 page = erofs_get_meta_page(sb, blk);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 171 if (IS_ERR(page)) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 172 kfree(buffer);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 173 goto err_nullpage;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 174 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 175 ptr = kmap(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 176 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 177 memcpy(buffer + i, ptr + erofs_blkoff(*offset), cnt);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 178 *offset += cnt;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 179 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 180 out:
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 181 kunmap(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 182 *pagep = page;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 183 return buffer;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 184 err_nullpage:
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 185 *pagep = NULL;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 186 return page;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 187 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 188
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 28776 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
@ 2021-12-09 12:48 kernel test robot
0 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2021-12-09 12:48 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 7632 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Gao Xiang <hsiangkao@redhat.com>
CC: Chao Yu <yuchao0@huawei.com>, Chao Yu <chao@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 2a987e65025e2b79c6d453b78cb5985ac6e5eb26
commit: 14373711dd54be8a84e2f4f624bc58787f80cfbd erofs: add on-disk compression configurations
date: 9 months ago
:::::: branch date: 2 days ago
:::::: commit date: 9 months ago
config: arc-randconfig-m031-20211208 (https://download.01.org/0day-ci/archive/20211209/202112092024.Xtcn66QP-lkp(a)intel.com/config)
compiler: arc-elf-gcc (GCC) 11.2.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
Old smatch warnings:
arch/arc/include/asm/thread_info.h:65 current_thread_info() error: uninitialized symbol 'sp'.
vim +/ptr +149 fs/erofs/super.c
5efe5137f05bbb4 drivers/staging/erofs/super.c Gao Xiang 2019-06-13 124
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 125 #ifdef CONFIG_EROFS_FS_ZIP
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 126 /* read variable-sized metadata, offset will be aligned by 4-byte */
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 127 static void *erofs_read_metadata(struct super_block *sb, struct page **pagep,
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 128 erofs_off_t *offset, int *lengthp)
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 129 {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 130 struct page *page = *pagep;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 131 u8 *buffer, *ptr;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 132 int len, i, cnt;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 133 erofs_blk_t blk;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 134
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 135 *offset = round_up(*offset, 4);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 136 blk = erofs_blknr(*offset);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 137
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 138 if (!page || page->index != blk) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 139 if (page) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 140 unlock_page(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 141 put_page(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 142 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 143 page = erofs_get_meta_page(sb, blk);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 144 if (IS_ERR(page))
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 145 goto err_nullpage;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 146 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 147
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 148 ptr = kmap(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 @149 len = le16_to_cpu(*(__le16 *)&ptr[erofs_blkoff(*offset)]);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 150 if (!len)
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 151 len = U16_MAX + 1;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 152 buffer = kmalloc(len, GFP_KERNEL);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 153 if (!buffer) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 154 buffer = ERR_PTR(-ENOMEM);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 155 goto out;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 156 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 157 *offset += sizeof(__le16);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 158 *lengthp = len;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 159
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 160 for (i = 0; i < len; i += cnt) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 161 cnt = min(EROFS_BLKSIZ - (int)erofs_blkoff(*offset), len - i);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 162 blk = erofs_blknr(*offset);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 163
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 164 if (!page || page->index != blk) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 165 if (page) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 166 kunmap(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 167 unlock_page(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 168 put_page(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 169 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 170 page = erofs_get_meta_page(sb, blk);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 171 if (IS_ERR(page)) {
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 172 kfree(buffer);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 173 goto err_nullpage;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 174 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 175 ptr = kmap(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 176 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 177 memcpy(buffer + i, ptr + erofs_blkoff(*offset), cnt);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 178 *offset += cnt;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 179 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 180 out:
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 181 kunmap(page);
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 182 *pagep = page;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 183 return buffer;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 184 err_nullpage:
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 185 *pagep = NULL;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 186 return page;
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 187 }
14373711dd54be8 fs/erofs/super.c Gao Xiang 2021-03-29 188
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 4+ messages in thread
* fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
@ 2021-12-08 10:58 kernel test robot
0 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2021-12-08 10:58 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 7568 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Gao Xiang <hsiangkao@redhat.com>
CC: Chao Yu <yuchao0@huawei.com>, Chao Yu <chao@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 2a987e65025e2b79c6d453b78cb5985ac6e5eb26
commit: 14373711dd54be8a84e2f4f624bc58787f80cfbd erofs: add on-disk compression configurations
date: 8 months ago
:::::: branch date: 9 hours ago
:::::: commit date: 8 months ago
config: arc-randconfig-m031-20211208 (https://download.01.org/0day-ci/archive/20211208/202112081732.7p50rsrC-lkp(a)intel.com/config)
compiler: arc-elf-gcc (GCC) 11.2.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
Old smatch warnings:
arch/arc/include/asm/thread_info.h:65 current_thread_info() error: uninitialized symbol 'sp'.
vim +/ptr +149 fs/erofs/super.c
5efe5137f05bbb drivers/staging/erofs/super.c Gao Xiang 2019-06-13 124
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 125 #ifdef CONFIG_EROFS_FS_ZIP
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 126 /* read variable-sized metadata, offset will be aligned by 4-byte */
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 127 static void *erofs_read_metadata(struct super_block *sb, struct page **pagep,
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 128 erofs_off_t *offset, int *lengthp)
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 129 {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 130 struct page *page = *pagep;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 131 u8 *buffer, *ptr;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 132 int len, i, cnt;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 133 erofs_blk_t blk;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 134
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 135 *offset = round_up(*offset, 4);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 136 blk = erofs_blknr(*offset);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 137
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 138 if (!page || page->index != blk) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 139 if (page) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 140 unlock_page(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 141 put_page(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 142 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 143 page = erofs_get_meta_page(sb, blk);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 144 if (IS_ERR(page))
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 145 goto err_nullpage;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 146 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 147
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 148 ptr = kmap(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 @149 len = le16_to_cpu(*(__le16 *)&ptr[erofs_blkoff(*offset)]);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 150 if (!len)
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 151 len = U16_MAX + 1;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 152 buffer = kmalloc(len, GFP_KERNEL);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 153 if (!buffer) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 154 buffer = ERR_PTR(-ENOMEM);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 155 goto out;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 156 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 157 *offset += sizeof(__le16);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 158 *lengthp = len;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 159
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 160 for (i = 0; i < len; i += cnt) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 161 cnt = min(EROFS_BLKSIZ - (int)erofs_blkoff(*offset), len - i);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 162 blk = erofs_blknr(*offset);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 163
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 164 if (!page || page->index != blk) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 165 if (page) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 166 kunmap(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 167 unlock_page(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 168 put_page(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 169 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 170 page = erofs_get_meta_page(sb, blk);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 171 if (IS_ERR(page)) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 172 kfree(buffer);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 173 goto err_nullpage;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 174 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 175 ptr = kmap(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 176 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 177 memcpy(buffer + i, ptr + erofs_blkoff(*offset), cnt);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 178 *offset += cnt;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 179 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 180 out:
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 181 kunmap(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 182 *pagep = page;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 183 return buffer;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 184 err_nullpage:
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 185 *pagep = NULL;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 186 return page;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 187 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 188
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 4+ messages in thread
* fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
@ 2021-08-16 0:46 kernel test robot
0 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2021-08-16 0:46 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 7295 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Gao Xiang <hsiangkao@redhat.com>
CC: Chao Yu <yuchao0@huawei.com>, Chao Yu <chao@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: ecf93431963a95c0f475921101bedc0dd62ec96d
commit: 14373711dd54be8a84e2f4f624bc58787f80cfbd erofs: add on-disk compression configurations
date: 5 months ago
:::::: branch date: 8 hours ago
:::::: commit date: 5 months ago
config: openrisc-randconfig-m031-20210816 (attached as .config)
compiler: or1k-linux-gcc (GCC) 11.2.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191
vim +/ptr +149 fs/erofs/super.c
5efe5137f05bbb drivers/staging/erofs/super.c Gao Xiang 2019-06-13 124
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 125 #ifdef CONFIG_EROFS_FS_ZIP
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 126 /* read variable-sized metadata, offset will be aligned by 4-byte */
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 127 static void *erofs_read_metadata(struct super_block *sb, struct page **pagep,
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 128 erofs_off_t *offset, int *lengthp)
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 129 {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 130 struct page *page = *pagep;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 131 u8 *buffer, *ptr;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 132 int len, i, cnt;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 133 erofs_blk_t blk;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 134
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 135 *offset = round_up(*offset, 4);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 136 blk = erofs_blknr(*offset);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 137
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 138 if (!page || page->index != blk) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 139 if (page) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 140 unlock_page(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 141 put_page(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 142 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 143 page = erofs_get_meta_page(sb, blk);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 144 if (IS_ERR(page))
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 145 goto err_nullpage;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 146 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 147
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 148 ptr = kmap(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 @149 len = le16_to_cpu(*(__le16 *)&ptr[erofs_blkoff(*offset)]);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 150 if (!len)
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 151 len = U16_MAX + 1;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 152 buffer = kmalloc(len, GFP_KERNEL);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 153 if (!buffer) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 154 buffer = ERR_PTR(-ENOMEM);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 155 goto out;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 156 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 157 *offset += sizeof(__le16);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 158 *lengthp = len;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 159
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 160 for (i = 0; i < len; i += cnt) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 161 cnt = min(EROFS_BLKSIZ - (int)erofs_blkoff(*offset), len - i);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 162 blk = erofs_blknr(*offset);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 163
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 164 if (!page || page->index != blk) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 165 if (page) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 166 kunmap(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 167 unlock_page(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 168 put_page(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 169 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 170 page = erofs_get_meta_page(sb, blk);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 171 if (IS_ERR(page)) {
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 172 kfree(buffer);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 173 goto err_nullpage;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 174 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 175 ptr = kmap(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 176 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 177 memcpy(buffer + i, ptr + erofs_blkoff(*offset), cnt);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 178 *offset += cnt;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 179 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 180 out:
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 181 kunmap(page);
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 182 *pagep = page;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 183 return buffer;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 184 err_nullpage:
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 185 *pagep = NULL;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 186 return page;
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 187 }
14373711dd54be fs/erofs/super.c Gao Xiang 2021-03-29 188
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 27044 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-12-09 12:48 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-12 18:39 fs/erofs/super.c:149 erofs_read_metadata() error: buffer overflow 'ptr' 4096 <= 8191 kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2021-12-09 12:48 kernel test robot
2021-12-08 10:58 kernel test robot
2021-08-16 0:46 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.