From: Gao Xiang <gaoxiang25@huawei.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Chao Yu <chao@kernel.org>, <devel@driverdev.osuosl.org>,
Miao Xie <miaoxie@huawei.com>,
LKML <linux-kernel@vger.kernel.org>, <weidu.du@huawei.com>,
<linux-fsdevel@vger.kernel.org>, <linux-erofs@lists.ozlabs.org>,
Gao Xiang <gaoxiang25@huawei.com>, <stable@vger.kernel.org>
Subject: [PATCH v2 5/6] staging: erofs: detect potential multiref due to corrupted images
Date: Wed, 21 Aug 2019 22:01:52 +0800 [thread overview]
Message-ID: <20190821140152.229648-1-gaoxiang25@huawei.com> (raw)
In-Reply-To: <20190821021942.GA14087@kroah.com>
As reported by erofs-utils fuzzer, currently, multiref
(ondisk deduplication) hasn't been supported for now,
we should forbid it properly.
Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Cc: <stable@vger.kernel.org> # 4.19+
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
---
changelog from v1:
- change err = -EFSCORRUPTED as well as Chao suggested;
[ the difference between adding err or not to [PATCH 5/6] is just whether
we error out the whole compressed cluster or partial of them (since some
pages could be decompressed successfully), it's an undefined behavior
for these corrupted compressed images... ]
Hi Chao,
Could you kindly review it again? Thanks!
Hi Greg,
This is [PATCH 5/6] of the original patchset, and I fix as what Chao suggested...
But I'm not sure whether it should be merged right now, it is up to you. :)
Thanks,
Gao Xiang
drivers/staging/erofs/zdata.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c
index 4d6faaab04f5..60d7c20db87d 100644
--- a/drivers/staging/erofs/zdata.c
+++ b/drivers/staging/erofs/zdata.c
@@ -798,6 +798,7 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
for (i = 0; i < nr_pages; ++i)
pages[i] = NULL;
+ err = 0;
z_erofs_pagevec_ctor_init(&ctor, Z_EROFS_NR_INLINE_PAGEVECS,
cl->pagevec, 0);
@@ -819,8 +820,17 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
pagenr = z_erofs_onlinepage_index(page);
DBG_BUGON(pagenr >= nr_pages);
- DBG_BUGON(pages[pagenr]);
+ /*
+ * currently EROFS doesn't support multiref(dedup),
+ * so here erroring out one multiref page.
+ */
+ if (unlikely(pages[pagenr])) {
+ DBG_BUGON(1);
+ SetPageError(pages[pagenr]);
+ z_erofs_onlinepage_endio(pages[pagenr]);
+ err = -EFSCORRUPTED;
+ }
pages[pagenr] = page;
}
z_erofs_pagevec_ctor_exit(&ctor, true);
@@ -828,7 +838,6 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
overlapped = false;
compressed_pages = pcl->compressed_pages;
- err = 0;
for (i = 0; i < clusterpages; ++i) {
unsigned int pagenr;
@@ -852,7 +861,12 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
pagenr = z_erofs_onlinepage_index(page);
DBG_BUGON(pagenr >= nr_pages);
- DBG_BUGON(pages[pagenr]);
+ if (unlikely(pages[pagenr])) {
+ DBG_BUGON(1);
+ SetPageError(pages[pagenr]);
+ z_erofs_onlinepage_endio(pages[pagenr]);
+ err = -EFSCORRUPTED;
+ }
pages[pagenr] = page;
overlapped = true;
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Gao Xiang <gaoxiang25@huawei.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: devel@driverdev.osuosl.org, linux-erofs@lists.ozlabs.org,
LKML <linux-kernel@vger.kernel.org>,
stable@vger.kernel.org, weidu.du@huawei.com,
linux-fsdevel@vger.kernel.org, Miao Xie <miaoxie@huawei.com>
Subject: [PATCH v2 5/6] staging: erofs: detect potential multiref due to corrupted images
Date: Wed, 21 Aug 2019 22:01:52 +0800 [thread overview]
Message-ID: <20190821140152.229648-1-gaoxiang25@huawei.com> (raw)
In-Reply-To: <20190821021942.GA14087@kroah.com>
As reported by erofs-utils fuzzer, currently, multiref
(ondisk deduplication) hasn't been supported for now,
we should forbid it properly.
Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Cc: <stable@vger.kernel.org> # 4.19+
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
---
changelog from v1:
- change err = -EFSCORRUPTED as well as Chao suggested;
[ the difference between adding err or not to [PATCH 5/6] is just whether
we error out the whole compressed cluster or partial of them (since some
pages could be decompressed successfully), it's an undefined behavior
for these corrupted compressed images... ]
Hi Chao,
Could you kindly review it again? Thanks!
Hi Greg,
This is [PATCH 5/6] of the original patchset, and I fix as what Chao suggested...
But I'm not sure whether it should be merged right now, it is up to you. :)
Thanks,
Gao Xiang
drivers/staging/erofs/zdata.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c
index 4d6faaab04f5..60d7c20db87d 100644
--- a/drivers/staging/erofs/zdata.c
+++ b/drivers/staging/erofs/zdata.c
@@ -798,6 +798,7 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
for (i = 0; i < nr_pages; ++i)
pages[i] = NULL;
+ err = 0;
z_erofs_pagevec_ctor_init(&ctor, Z_EROFS_NR_INLINE_PAGEVECS,
cl->pagevec, 0);
@@ -819,8 +820,17 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
pagenr = z_erofs_onlinepage_index(page);
DBG_BUGON(pagenr >= nr_pages);
- DBG_BUGON(pages[pagenr]);
+ /*
+ * currently EROFS doesn't support multiref(dedup),
+ * so here erroring out one multiref page.
+ */
+ if (unlikely(pages[pagenr])) {
+ DBG_BUGON(1);
+ SetPageError(pages[pagenr]);
+ z_erofs_onlinepage_endio(pages[pagenr]);
+ err = -EFSCORRUPTED;
+ }
pages[pagenr] = page;
}
z_erofs_pagevec_ctor_exit(&ctor, true);
@@ -828,7 +838,6 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
overlapped = false;
compressed_pages = pcl->compressed_pages;
- err = 0;
for (i = 0; i < clusterpages; ++i) {
unsigned int pagenr;
@@ -852,7 +861,12 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
pagenr = z_erofs_onlinepage_index(page);
DBG_BUGON(pagenr >= nr_pages);
- DBG_BUGON(pages[pagenr]);
+ if (unlikely(pages[pagenr])) {
+ DBG_BUGON(1);
+ SetPageError(pages[pagenr]);
+ z_erofs_onlinepage_endio(pages[pagenr]);
+ err = -EFSCORRUPTED;
+ }
pages[pagenr] = page;
overlapped = true;
--
2.17.1
next prev parent reply other threads:[~2019-08-21 14:03 UTC|newest]
Thread overview: 170+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-17 8:23 [PATCH] erofs: move erofs out of staging Gao Xiang
2019-08-17 8:23 ` Gao Xiang
2019-08-17 21:19 ` Richard Weinberger
2019-08-17 21:19 ` Richard Weinberger
2019-08-17 22:07 ` Gao Xiang
2019-08-17 22:07 ` Gao Xiang
2019-08-17 23:25 ` Richard Weinberger
2019-08-17 23:25 ` Richard Weinberger
2019-08-17 23:38 ` Gao Xiang
2019-08-17 23:38 ` Gao Xiang
2019-08-18 0:04 ` Gao Xiang
2019-08-18 0:04 ` Gao Xiang
2019-08-18 0:52 ` Gao Xiang
2019-08-18 0:52 ` Gao Xiang
2019-08-18 8:16 ` Richard Weinberger
2019-08-18 8:16 ` Richard Weinberger
2019-08-18 8:45 ` Gao Xiang
2019-08-18 8:45 ` Gao Xiang
2019-08-18 9:03 ` Richard Weinberger
2019-08-18 9:03 ` Richard Weinberger
2019-08-18 9:09 ` Greg Kroah-Hartman
2019-08-18 9:09 ` Greg Kroah-Hartman
2019-08-18 9:21 ` Richard Weinberger
2019-08-18 9:21 ` Richard Weinberger
2019-08-18 10:12 ` Chao Yu
2019-08-18 10:12 ` Chao Yu
2019-08-18 15:11 ` Theodore Y. Ts'o
2019-08-18 15:11 ` Theodore Y. Ts'o
2019-08-18 15:58 ` Christoph Hellwig
2019-08-18 15:58 ` Christoph Hellwig
2019-08-18 16:16 ` Eric Biggers
2019-08-18 16:16 ` Eric Biggers
2019-08-18 16:22 ` Christoph Hellwig
2019-08-18 16:22 ` Christoph Hellwig
2019-08-18 16:33 ` Gao Xiang
2019-08-18 16:33 ` Gao Xiang
2019-08-18 17:29 ` Eric Biggers
2019-08-18 17:29 ` Eric Biggers
2019-08-18 17:47 ` Christoph Hellwig
2019-08-18 17:47 ` Christoph Hellwig
2019-08-18 18:16 ` Gao Xiang
2019-08-18 18:16 ` Gao Xiang
2019-08-18 20:14 ` Gao Xiang
2019-08-18 20:14 ` Gao Xiang
2019-08-19 7:35 ` Richard Weinberger
2019-08-19 7:35 ` Richard Weinberger
2019-08-19 8:02 ` Gao Xiang
2019-08-19 8:02 ` Gao Xiang
2019-08-19 10:34 ` [PATCH 0/6] staging: erofs: first stage of corrupted compressed images Gao Xiang
2019-08-19 10:34 ` Gao Xiang
2019-08-19 10:34 ` [PATCH 1/6] staging: erofs: some compressed cluster should be submitted for corrupted images Gao Xiang
2019-08-19 10:34 ` Gao Xiang
2019-08-19 14:36 ` Chao Yu
2019-08-19 14:36 ` Chao Yu
2019-08-19 14:36 ` Chao Yu
2019-08-19 14:39 ` Chao Yu
2019-08-19 14:39 ` Chao Yu
2019-08-19 14:39 ` Chao Yu
2019-08-19 10:34 ` [PATCH 2/6] staging: erofs: cannot set EROFS_V_Z_INITED_BIT if fill_inode_lazy fails Gao Xiang
2019-08-19 10:34 ` Gao Xiang
2019-08-19 14:43 ` Chao Yu
2019-08-19 14:43 ` Chao Yu
2019-08-19 14:43 ` Chao Yu
2019-08-19 10:34 ` [PATCH 3/6] staging: erofs: add two missing erofs_workgroup_put for corrupted images Gao Xiang
2019-08-19 10:34 ` Gao Xiang
2019-08-19 14:40 ` Chao Yu
2019-08-19 14:40 ` Chao Yu
2019-08-19 14:40 ` Chao Yu
2019-08-19 10:34 ` [PATCH 4/6] staging: erofs: avoid loop in submit chains Gao Xiang
2019-08-19 10:34 ` Gao Xiang
2019-08-19 14:50 ` Chao Yu
2019-08-19 14:50 ` Chao Yu
2019-08-19 14:50 ` Chao Yu
2019-08-19 10:34 ` [PATCH 5/6] staging: erofs: detect potential multiref due to corrupted images Gao Xiang
2019-08-19 10:34 ` Gao Xiang
2019-08-19 14:57 ` Chao Yu
2019-08-19 14:57 ` Chao Yu
2019-08-19 14:57 ` Chao Yu
2019-08-21 2:19 ` Greg Kroah-Hartman
2019-08-21 2:19 ` Greg Kroah-Hartman
2019-08-21 2:19 ` Greg Kroah-Hartman
2019-08-21 14:01 ` Gao Xiang [this message]
2019-08-21 14:01 ` [PATCH v2 " Gao Xiang
2019-08-21 14:24 ` Chao Yu
2019-08-21 14:24 ` Chao Yu
2019-08-19 10:34 ` [PATCH 6/6] staging: erofs: avoid endless loop of invalid lookback distance 0 Gao Xiang
2019-08-19 10:34 ` Gao Xiang
2019-08-19 14:58 ` Chao Yu
2019-08-19 14:58 ` Chao Yu
2019-08-19 14:58 ` Chao Yu
2019-08-19 16:09 ` [PATCH] erofs: move erofs out of staging Darrick J. Wong
2019-08-19 16:09 ` Darrick J. Wong
2019-08-19 16:09 ` Darrick J. Wong
2019-08-19 20:30 ` Gao Xiang
2019-08-19 20:30 ` Gao Xiang via Linux-erofs
2019-08-19 20:30 ` Gao Xiang
2019-08-20 0:55 ` Qu Wenruo
2019-08-20 0:55 ` Qu Wenruo
2019-08-20 0:55 ` Qu Wenruo
2019-08-20 1:55 ` Gao Xiang
2019-08-20 1:55 ` Gao Xiang
2019-08-20 1:55 ` Gao Xiang
2019-08-20 2:24 ` Chao Yu
2019-08-20 2:24 ` Chao Yu
2019-08-20 2:24 ` Chao Yu
2019-08-20 2:38 ` Qu Wenruo
2019-08-20 2:38 ` Qu Wenruo
2019-08-20 2:38 ` Qu Wenruo
2019-08-20 7:15 ` Chao Yu
2019-08-20 7:15 ` Chao Yu
2019-08-20 7:15 ` Chao Yu
2019-08-20 8:46 ` Qu Wenruo
2019-08-20 8:46 ` Qu Wenruo
2019-08-20 8:46 ` Qu Wenruo
2019-08-21 2:12 ` Chao Yu
2019-08-21 2:12 ` Chao Yu
2019-08-21 2:12 ` Chao Yu
2019-08-20 15:56 ` Theodore Y. Ts'o
2019-08-20 15:56 ` Theodore Y. Ts'o
2019-08-20 15:56 ` Theodore Y. Ts'o
2019-08-20 16:35 ` Gao Xiang
2019-08-20 16:35 ` Gao Xiang via Linux-erofs
2019-08-20 16:35 ` Gao Xiang
2019-08-21 0:51 ` Theodore Y. Ts'o
2019-08-21 0:51 ` Theodore Y. Ts'o
2019-08-21 0:51 ` Theodore Y. Ts'o
2019-08-21 1:34 ` Chao Yu
2019-08-21 1:34 ` Chao Yu
2019-08-21 1:48 ` Darrick J. Wong
2019-08-21 1:48 ` Darrick J. Wong
2019-08-21 1:48 ` Darrick J. Wong
2019-08-21 1:57 ` Chao Yu
2019-08-21 1:57 ` Chao Yu
2019-08-21 1:57 ` Chao Yu
2019-08-20 3:33 ` Miao Xie
2019-08-20 3:33 ` Miao Xie
2019-08-20 3:33 ` Miao Xie
2019-08-20 3:46 ` Gao Xiang
2019-08-20 3:46 ` Gao Xiang
2019-08-20 3:46 ` Gao Xiang
2019-08-20 6:04 ` Qu Wenruo
2019-08-20 6:04 ` Qu Wenruo
2019-08-20 6:04 ` Qu Wenruo
2019-08-20 6:22 ` Gao Xiang
2019-08-20 6:22 ` Gao Xiang
2019-08-20 6:22 ` Gao Xiang
2019-08-19 7:37 ` Richard Weinberger
2019-08-19 7:37 ` Richard Weinberger
2019-08-18 17:43 ` Theodore Y. Ts'o
2019-08-18 17:43 ` Theodore Y. Ts'o
2019-08-18 16:03 ` Gao Xiang
2019-08-18 16:03 ` Gao Xiang
2019-08-18 17:06 ` Richard Weinberger
2019-08-18 17:06 ` Richard Weinberger
2019-08-18 17:46 ` Theodore Y. Ts'o
2019-08-18 17:46 ` Theodore Y. Ts'o
2019-08-18 18:00 ` Richard Weinberger
2019-08-18 18:00 ` Richard Weinberger
2019-08-18 18:31 ` Gao Xiang
2019-08-18 18:31 ` Gao Xiang
2019-08-18 9:28 ` Gao Xiang
2019-08-18 9:28 ` Gao Xiang
2019-08-19 5:28 ` [PATCH] erofs: Use common kernel logging style Joe Perches
2019-08-19 5:28 ` Joe Perches
2019-08-19 5:52 ` Gao Xiang
2019-08-19 5:52 ` Gao Xiang
2019-08-19 5:47 ` Joe Perches
2019-08-19 5:47 ` Joe Perches
2019-08-19 6:08 ` Gao Xiang
2019-08-19 6:08 ` Gao Xiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190821140152.229648-1-gaoxiang25@huawei.com \
--to=gaoxiang25@huawei.com \
--cc=chao@kernel.org \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-erofs@lists.ozlabs.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miaoxie@huawei.com \
--cc=stable@vger.kernel.org \
--cc=weidu.du@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.