linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
To: Jintao Yin <nicememory@gmail.com>, phillip@squashfs.org.uk
Cc: bagasdotme@gmail.com, hsinyi@chromium.org,
	linux-kernel@vger.kernel.org, marcmiltenberger@gmail.com,
	regressions@leemhuis.info, regressions@lists.linux.dev,
	srw@sladewatkins.net
Subject: Re: BISECT result: 6.0.0-RC kernels trigger Firefox snap bug with 6.0.0-rc3 through 6.0.0-rc7
Date: Thu, 20 Oct 2022 18:00:06 +0200	[thread overview]
Message-ID: <d2580643-f58e-c1b0-7671-c5bbb38c05d0@alu.unizg.hr> (raw)
In-Reply-To: <20221020135545.586-1-nicememory@gmail.com>

On 10/20/22 15:55, Jintao Yin wrote:

> Hi all,
>
> After review the details of page actor, the tail bytes may be written to
> a temp buffer instead the last used page. So before diff would wrongly
> memzero a page which is not the tail bytes in.
>
> In this diff fixes it by caculation of the real index the trailing bytes
> in and check if the last used page matches this index. If the page is
> the real tail bytes in, then memzero the trailing bypte of the page.
>
> Please help test and any feedbacks are welcome.
>
> Thanks,
>
> Jintao

Hi, Jintao,

I have very good news. The bug reproducing Firefox windows and tabs 
setup that
crashed with core dump in your previous diff now works a OK.

The build from the previous email was v6.0.2+ and this one is 6.1-rc1+.

As a newbie I cannot say anything of importance, but I feel good about this
being done.

Have a nice day!
Mirsad

> diff --git a/fs/squashfs/file.c b/fs/squashfs/file.c
> index e56510964b22..e1fafd10a850 100644
> --- a/fs/squashfs/file.c
> +++ b/fs/squashfs/file.c
> @@ -506,8 +506,9 @@ static int squashfs_readahead_fragment(struct page **page,
>   		squashfs_i(inode)->fragment_size);
>   	struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info;
>   	unsigned int n, mask = (1 << (msblk->block_log - PAGE_SHIFT)) - 1;
> +	int res = buffer->error;
>   
> -	if (buffer->error)
> +	if (res)
>   		goto out;
>   
>   	expected += squashfs_i(inode)->fragment_offset;
> @@ -529,7 +530,7 @@ static int squashfs_readahead_fragment(struct page **page,
>   
>   out:
>   	squashfs_cache_put(buffer);
> -	return buffer->error;
> +	return res;
>   }
>   
>   static void squashfs_readahead(struct readahead_control *ractl)
> @@ -557,6 +558,7 @@ static void squashfs_readahead(struct readahead_control *ractl)
>   		int res, bsize;
>   		u64 block = 0;
>   		unsigned int expected;
> +		int nr_used_pages;
>   
>   		nr_pages = __readahead_batch(ractl, pages, max_pages);
>   		if (!nr_pages)
> @@ -593,18 +595,21 @@ static void squashfs_readahead(struct readahead_control *ractl)
>   
>   		res = squashfs_read_data(inode->i_sb, block, bsize, NULL, actor);
>   
> -		squashfs_page_actor_free(actor);
> +		nr_used_pages = squashfs_page_actor_free(actor);
>   
>   		if (res == expected) {
>   			int bytes;
> +			pgoff_t bytes_index;
>   
>   			/* Last page (if present) may have trailing bytes not filled */
>   			bytes = res % PAGE_SIZE;
> -			if (pages[nr_pages - 1]->index == file_end && bytes)
> -				memzero_page(pages[nr_pages - 1], bytes,
> +			bytes_index = (index << shift) + ((res - bytes) >> PAGE_SHIFT);
> +			if (bytes && nr_used_pages > 0 &&
> +				pages[nr_used_pages - 1]->index == bytes_index)
> +				memzero_page(pages[nr_used_pages - 1], bytes,
>   					     PAGE_SIZE - bytes);
>   
> -			for (i = 0; i < nr_pages; i++) {
> +			for (i = 0; i < nr_used_pages; i++) {
>   				flush_dcache_page(pages[i]);
>   				SetPageUptodate(pages[i]);
>   			}
> diff --git a/fs/squashfs/file_direct.c b/fs/squashfs/file_direct.c
> index f1ccad519e28..ee462ef380bf 100644
> --- a/fs/squashfs/file_direct.c
> +++ b/fs/squashfs/file_direct.c
> @@ -26,14 +26,14 @@ int squashfs_readpage_block(struct page *target_page, u64 block, int bsize,
>   	struct inode *inode = target_page->mapping->host;
>   	struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info;
>   
> -	int file_end = (i_size_read(inode) - 1) >> PAGE_SHIFT;
> -	int mask = (1 << (msblk->block_log - PAGE_SHIFT)) - 1;
> -	int start_index = target_page->index & ~mask;
> -	int end_index = start_index | mask;
> -	int i, n, pages, bytes, res = -ENOMEM;
> +	pgoff_t file_end = (i_size_read(inode) - 1) >> PAGE_SHIFT;
> +	pgoff_t mask = (1 << (msblk->block_log - PAGE_SHIFT)) - 1;
> +	pgoff_t start_index = target_page->index & ~mask;
> +	pgoff_t end_index = start_index | mask;
> +	int i, pages, used_pages, bytes, res = -ENOMEM;
> +	pgoff_t n, bytes_index;
>   	struct page **page;
>   	struct squashfs_page_actor *actor;
> -	void *pageaddr;
>   
>   	if (end_index > file_end)
>   		end_index = file_end;
> @@ -74,7 +74,7 @@ int squashfs_readpage_block(struct page *target_page, u64 block, int bsize,
>   	/* Decompress directly into the page cache buffers */
>   	res = squashfs_read_data(inode->i_sb, block, bsize, NULL, actor);
>   
> -	squashfs_page_actor_free(actor);
> +	used_pages = squashfs_page_actor_free(actor);
>   
>   	if (res < 0)
>   		goto mark_errored;
> @@ -86,16 +86,19 @@ int squashfs_readpage_block(struct page *target_page, u64 block, int bsize,
>   
>   	/* Last page (if present) may have trailing bytes not filled */
>   	bytes = res % PAGE_SIZE;
> -	if (page[pages - 1]->index == end_index && bytes) {
> -		pageaddr = kmap_local_page(page[pages - 1]);
> -		memset(pageaddr + bytes, 0, PAGE_SIZE - bytes);
> -		kunmap_local(pageaddr);
> +	bytes_index = start_index + ((res - bytes) >> PAGE_SHIFT);
> +	if (used_pages > 0 && bytes &&
> +		page[used_pages - 1]->index == bytes_index) {
> +		memzero_page(page[used_pages - 1], bytes,
> +			     PAGE_SIZE - bytes);
>   	}
>   
>   	/* Mark pages as uptodate, unlock and release */
>   	for (i = 0; i < pages; i++) {
> -		flush_dcache_page(page[i]);
> -		SetPageUptodate(page[i]);
> +		if (i < used_pages) {
> +			flush_dcache_page(page[i]);
> +			SetPageUptodate(page[i]);
> +		}
>   		unlock_page(page[i]);
>   		if (page[i] != target_page)
>   			put_page(page[i]);
> @@ -112,8 +115,10 @@ int squashfs_readpage_block(struct page *target_page, u64 block, int bsize,
>   	for (i = 0; i < pages; i++) {
>   		if (page[i] == NULL || page[i] == target_page)
>   			continue;
> -		flush_dcache_page(page[i]);
> -		SetPageError(page[i]);
> +		if (i < used_pages) {
> +			flush_dcache_page(page[i]);
> +			SetPageError(page[i]);
> +		}
>   		unlock_page(page[i]);
>   		put_page(page[i]);
>   	}
> diff --git a/fs/squashfs/page_actor.h b/fs/squashfs/page_actor.h
> index 95ffbb543d91..c2c5c3937ef9 100644
> --- a/fs/squashfs/page_actor.h
> +++ b/fs/squashfs/page_actor.h
> @@ -29,10 +29,12 @@ extern struct squashfs_page_actor *squashfs_page_actor_init(void **buffer,
>   extern struct squashfs_page_actor *squashfs_page_actor_init_special(
>   				struct squashfs_sb_info *msblk,
>   				struct page **page, int pages, int length);
> -static inline void squashfs_page_actor_free(struct squashfs_page_actor *actor)
> +static inline int squashfs_page_actor_free(struct squashfs_page_actor *actor)
>   {
> +	int res = actor->next_page;
>   	kfree(actor->tmp_buffer);
>   	kfree(actor);
> +	return res;
>   }
>   static inline void *squashfs_first_page(struct squashfs_page_actor *actor)
>   {

-- 
Mirsad Goran Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
-- 
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia


      parent reply	other threads:[~2022-10-20 16:00 UTC|newest]

Thread overview: 85+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-27 17:57 6.0.0-RC kernels trigger Firefox snap bug with 6.0.0-rc3 through 6.0.0-rc7 Mirsad Goran Todorovac
2022-09-30 10:48 ` BUG: " Mirsad Todorovac
2022-09-30 11:21   ` Slade Watkins
2022-09-30 11:44     ` Mirsad Todorovac
2022-09-30 12:03       ` Slade Watkins
2022-09-30 18:27         ` Slade Watkins
2022-10-03  8:18           ` Mirsad Goran Todorovac
2022-10-07  8:47             ` Slade Watkins
2022-10-07 10:55               ` Mirsad Goran Todorovac
2022-10-06 10:39   ` Marc Miltenberger
2022-10-06 16:27     ` Slade Watkins
2022-10-06 12:00 ` Thorsten Leemhuis
2022-10-06 12:25   ` Thorsten Leemhuis
2022-10-06 12:43     ` Mirsad Todorovac
2022-10-06 13:23       ` Thorsten Leemhuis
     [not found]         ` <c05134cc-92fa-dac2-e738-cf6fae194521@alu.unizg.hr>
2022-10-06 16:58           ` Thorsten Leemhuis
     [not found]             ` <f23494b5-b4ea-a32a-e260-4541039dedc8@alu.unizg.hr>
2022-10-07  6:09               ` Mirsad Goran Todorovac
2022-10-07  6:31               ` Mirsad Goran Todorovac
2022-10-08 13:41             ` Mirsad Goran Todorovac
2022-10-08 16:46               ` Mirsad Goran Todorovac
     [not found]               ` <c40786ab-8b3b-9b64-683f-dac589c024df@alu.unizg.hr>
2022-10-09  6:45                 ` BUG reproduced: " Thorsten Leemhuis
2022-10-09 22:45                   ` Slade Watkins
2022-10-11 17:53                     ` Mirsad Goran Todorovac
2022-10-12  6:05                 ` Mirsad Todorovac
2022-10-12 22:58                   ` Slade Watkins
2022-10-06 12:38   ` Mirsad Todorovac
2022-10-12  7:46 ` Bagas Sanjaya
2022-10-13 13:24   ` Mirsad Goran Todorovac
2022-10-14 10:32     ` Mirsad Todorovac
2022-10-14 12:28       ` Bagas Sanjaya
2022-10-14 15:06         ` Mirsad Todorovac
2022-10-14 21:44         ` Mirsad Goran Todorovac
     [not found]           ` <ddf13e46-c091-80b2-3b57-c43ac45435f0@alu.unizg.hr>
2022-10-15 14:59             ` Fwd: BISECT result: " Mirsad Goran Todorovac
2022-10-15 15:32             ` Thorsten Leemhuis
2022-10-15 20:59               ` Phillip Lougher
2022-10-16 12:21                 ` Bagas Sanjaya
2022-10-16 12:24                   ` Bagas Sanjaya
2022-10-16 12:43                     ` Thorsten Leemhuis
2022-11-04 12:06                       ` BISECT result: 6.0.0-RC kernels trigger Firefox snap bug with 6.0.0-rc3 through 6.0.0-rc7 #forregzbot Thorsten Leemhuis
2022-10-17  9:45                   ` BISECT result: 6.0.0-RC kernels trigger Firefox snap bug with 6.0.0-rc3 through 6.0.0-rc7 Bagas Sanjaya
2022-10-17 12:32                     ` Bagas Sanjaya
2022-10-17 17:25                       ` Phillip Lougher
2022-10-18  1:38                         ` Bagas Sanjaya
2022-10-18  8:35                     ` Bagas Sanjaya
2022-10-16 15:55                 ` Mirsad Goran Todorovac
2022-10-16 19:55                   ` Phillip Lougher
2022-10-16 20:19                     ` Phillip Lougher
2022-10-17  2:03                       ` Bagas Sanjaya
2022-10-17  2:41                         ` Mirsad Goran Todorovac
2022-10-17  4:15                           ` Bagas Sanjaya
2022-10-17  8:32                             ` Mirsad Goran Todorovac
2022-10-17 13:22                     ` Mirsad Goran Todorovac
2022-10-17 13:59                       ` Phillip Lougher
2022-10-18  5:49                         ` Mirsad Todorovac
2022-10-18  2:15                 ` Jintao Yin
2022-10-18  6:52                   ` Mirsad Todorovac
2022-10-18  8:24                     ` Hsin-Yi Wang
2022-10-18  9:23                       ` Mirsad Todorovac
2022-10-18 12:59                       ` Bagas Sanjaya
2022-10-18 13:38                         ` Phillip Lougher
2022-10-18 13:36                       ` Phillip Lougher
2022-10-18  7:23                   ` Bagas Sanjaya
2022-10-18  8:33                     ` Bagas Sanjaya
2022-10-18 17:15                   ` Phillip Lougher
2022-10-18 17:41                     ` Mirsad Goran Todorovac
2022-10-18 17:41                     ` Phillip Lougher
     [not found]                       ` <1b41bf99-754e-8b90-cc2c-67f50642e2dc@alu.unizg.hr>
2022-10-18 21:34                         ` Mirsad Goran Todorovac
2022-10-19  5:17                       ` Slade Watkins
2022-10-19 11:07                         ` Mirsad Goran Todorovac
2022-10-19  7:53                       ` Bagas Sanjaya
2022-10-20  6:59                       ` Jintao Yin
2022-10-20  7:43                       ` Jintao Yin
2022-10-20  9:51                         ` Mirsad Goran Todorovac
2022-10-20 13:02                         ` Bagas Sanjaya
2022-10-20 13:55                       ` Jintao Yin
2022-10-20 15:00                         ` Mirsad Todorovac
2022-10-20 15:45                         ` Phillip Lougher
2022-10-20 23:23                           ` Bagas Sanjaya
2022-10-20 23:44                             ` Slade Watkins
2022-10-21  1:48                               ` Phillip Lougher
2022-10-21  7:12                                 ` Mirsad Goran Todorovac
2022-10-21  8:33                                 ` Mirsad Goran Todorovac
2022-10-21  3:09                           ` Jintao Yin
2022-10-20 15:49                         ` Phillip Lougher
2022-10-20 16:00                         ` Mirsad Todorovac [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d2580643-f58e-c1b0-7671-c5bbb38c05d0@alu.unizg.hr \
    --to=mirsad.todorovac@alu.unizg.hr \
    --cc=bagasdotme@gmail.com \
    --cc=hsinyi@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marcmiltenberger@gmail.com \
    --cc=nicememory@gmail.com \
    --cc=phillip@squashfs.org.uk \
    --cc=regressions@leemhuis.info \
    --cc=regressions@lists.linux.dev \
    --cc=srw@sladewatkins.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).