* [PATCH 1/6] staging: erofs: some compressed cluster should be submitted for corrupted images
[not found] ` <20190819103426.87579-1-gaoxiang25@huawei.com>
@ 2019-08-19 10:34 ` Gao Xiang
2019-08-19 14:36 ` Chao Yu
2019-08-19 14:39 ` Chao Yu
2019-08-19 10:34 ` [PATCH 2/6] staging: erofs: cannot set EROFS_V_Z_INITED_BIT if fill_inode_lazy fails Gao Xiang
` (3 subsequent siblings)
4 siblings, 2 replies; 14+ messages in thread
From: Gao Xiang @ 2019-08-19 10:34 UTC (permalink / raw)
To: Chao Yu, Greg Kroah-Hartman, devel, linux-fsdevel
Cc: LKML, linux-erofs, Chao Yu, Miao Xie, weidu.du, Fang Wei,
Gao Xiang, stable
As reported by erofs_utils fuzzer, a logical page can belong
to at most 2 compressed clusters, if one compressed cluster
is corrupted, but the other has been ready in submitting chain.
The chain needs to submit anyway in order to keep the page
working properly (page unlocked with PG_error set, PG_uptodate
not set).
Let's fix it now.
Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Cc: <stable@vger.kernel.org> # 4.19+
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
---
drivers/staging/erofs/zdata.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c
index 2d7aaf98f7de..87b0c96caf8f 100644
--- a/drivers/staging/erofs/zdata.c
+++ b/drivers/staging/erofs/zdata.c
@@ -1307,19 +1307,18 @@ static int z_erofs_vle_normalaccess_readpage(struct file *file,
err = z_erofs_do_read_page(&f, page, &pagepool);
(void)z_erofs_collector_end(&f.clt);
- if (err) {
+ /* if some compressed cluster ready, need submit them anyway */
+ z_erofs_submit_and_unzip(inode->i_sb, &f.clt, &pagepool, true);
+
+ if (err)
errln("%s, failed to read, err [%d]", __func__, err);
- goto out;
- }
- z_erofs_submit_and_unzip(inode->i_sb, &f.clt, &pagepool, true);
-out:
if (f.map.mpage)
put_page(f.map.mpage);
/* clean up the remaining free pages */
put_pages_list(&pagepool);
- return 0;
+ return err;
}
static bool should_decompress_synchronously(struct erofs_sb_info *sbi,
--
2.17.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 2/6] staging: erofs: cannot set EROFS_V_Z_INITED_BIT if fill_inode_lazy fails
[not found] ` <20190819103426.87579-1-gaoxiang25@huawei.com>
2019-08-19 10:34 ` [PATCH 1/6] staging: erofs: some compressed cluster should be submitted for corrupted images Gao Xiang
@ 2019-08-19 10:34 ` Gao Xiang
2019-08-19 14:43 ` Chao Yu
2019-08-19 10:34 ` [PATCH 3/6] staging: erofs: add two missing erofs_workgroup_put for corrupted images Gao Xiang
` (2 subsequent siblings)
4 siblings, 1 reply; 14+ messages in thread
From: Gao Xiang @ 2019-08-19 10:34 UTC (permalink / raw)
To: Chao Yu, Greg Kroah-Hartman, devel, linux-fsdevel
Cc: LKML, linux-erofs, Chao Yu, Miao Xie, weidu.du, Fang Wei,
Gao Xiang, stable
As reported by erofs-utils fuzzer, unsupported compressed
clustersize will make fill_inode_lazy fail, for such case
we cannot set EROFS_V_Z_INITED_BIT since we need return
failure for each z_erofs_map_blocks_iter().
Fixes: 152a333a5895 ("staging: erofs: add compacted compression indexes support")
Cc: <stable@vger.kernel.org> # 5.3+
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
---
drivers/staging/erofs/zmap.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/staging/erofs/zmap.c b/drivers/staging/erofs/zmap.c
index b61b9b5950ac..7408e86823a4 100644
--- a/drivers/staging/erofs/zmap.c
+++ b/drivers/staging/erofs/zmap.c
@@ -85,12 +85,11 @@ static int fill_inode_lazy(struct inode *inode)
vi->z_physical_clusterbits[1] = vi->z_logical_clusterbits +
((h->h_clusterbits >> 5) & 7);
+ set_bit(EROFS_V_Z_INITED_BIT, &vi->flags);
unmap_done:
kunmap_atomic(kaddr);
unlock_page(page);
put_page(page);
-
- set_bit(EROFS_V_Z_INITED_BIT, &vi->flags);
out_unlock:
clear_and_wake_up_bit(EROFS_V_BL_Z_BIT, &vi->flags);
return err;
--
2.17.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 3/6] staging: erofs: add two missing erofs_workgroup_put for corrupted images
[not found] ` <20190819103426.87579-1-gaoxiang25@huawei.com>
2019-08-19 10:34 ` [PATCH 1/6] staging: erofs: some compressed cluster should be submitted for corrupted images Gao Xiang
2019-08-19 10:34 ` [PATCH 2/6] staging: erofs: cannot set EROFS_V_Z_INITED_BIT if fill_inode_lazy fails Gao Xiang
@ 2019-08-19 10:34 ` Gao Xiang
2019-08-19 14:40 ` Chao Yu
2019-08-19 10:34 ` [PATCH 5/6] staging: erofs: detect potential multiref due to " Gao Xiang
2019-08-19 10:34 ` [PATCH 6/6] staging: erofs: avoid endless loop of invalid lookback distance 0 Gao Xiang
4 siblings, 1 reply; 14+ messages in thread
From: Gao Xiang @ 2019-08-19 10:34 UTC (permalink / raw)
To: Chao Yu, Greg Kroah-Hartman, devel, linux-fsdevel
Cc: LKML, linux-erofs, Chao Yu, Miao Xie, weidu.du, Fang Wei,
Gao Xiang, stable
As reported by erofs-utils fuzzer, these error handling
path will be entered to handle corrupted images.
Lack of erofs_workgroup_puts will cause unmounting
unsuccessfully.
Fix these return values to EFSCORRUPTED as well.
Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Cc: <stable@vger.kernel.org> # 4.19+
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
---
drivers/staging/erofs/zdata.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c
index 87b0c96caf8f..23283c97fd3b 100644
--- a/drivers/staging/erofs/zdata.c
+++ b/drivers/staging/erofs/zdata.c
@@ -357,14 +357,16 @@ static struct z_erofs_collection *cllookup(struct z_erofs_collector *clt,
cl = z_erofs_primarycollection(pcl);
if (unlikely(cl->pageofs != (map->m_la & ~PAGE_MASK))) {
DBG_BUGON(1);
- return ERR_PTR(-EIO);
+ erofs_workgroup_put(grp);
+ return ERR_PTR(-EFSCORRUPTED);
}
length = READ_ONCE(pcl->length);
if (length & Z_EROFS_PCLUSTER_FULL_LENGTH) {
if ((map->m_llen << Z_EROFS_PCLUSTER_LENGTH_BIT) > length) {
DBG_BUGON(1);
- return ERR_PTR(-EIO);
+ erofs_workgroup_put(grp);
+ return ERR_PTR(-EFSCORRUPTED);
}
} else {
unsigned int llen = map->m_llen << Z_EROFS_PCLUSTER_LENGTH_BIT;
--
2.17.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 5/6] staging: erofs: detect potential multiref due to corrupted images
[not found] ` <20190819103426.87579-1-gaoxiang25@huawei.com>
` (2 preceding siblings ...)
2019-08-19 10:34 ` [PATCH 3/6] staging: erofs: add two missing erofs_workgroup_put for corrupted images Gao Xiang
@ 2019-08-19 10:34 ` Gao Xiang
2019-08-19 14:57 ` Chao Yu
2019-08-19 10:34 ` [PATCH 6/6] staging: erofs: avoid endless loop of invalid lookback distance 0 Gao Xiang
4 siblings, 1 reply; 14+ messages in thread
From: Gao Xiang @ 2019-08-19 10:34 UTC (permalink / raw)
To: Chao Yu, Greg Kroah-Hartman, devel, linux-fsdevel
Cc: LKML, linux-erofs, Chao Yu, Miao Xie, weidu.du, Fang Wei,
Gao Xiang, stable
As reported by erofs-utils fuzzer, currently, multiref
(ondisk deduplication) hasn't been supported for now,
we should forbid it properly.
Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Cc: <stable@vger.kernel.org> # 4.19+
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
---
drivers/staging/erofs/zdata.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c
index aae2f2b8353f..5b6fef5181af 100644
--- a/drivers/staging/erofs/zdata.c
+++ b/drivers/staging/erofs/zdata.c
@@ -816,8 +816,16 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
pagenr = z_erofs_onlinepage_index(page);
DBG_BUGON(pagenr >= nr_pages);
- DBG_BUGON(pages[pagenr]);
+ /*
+ * currently EROFS doesn't support multiref(dedup),
+ * so here erroring out one multiref page.
+ */
+ if (unlikely(pages[pagenr])) {
+ DBG_BUGON(1);
+ SetPageError(pages[pagenr]);
+ z_erofs_onlinepage_endio(pages[pagenr]);
+ }
pages[pagenr] = page;
}
z_erofs_pagevec_ctor_exit(&ctor, true);
@@ -849,7 +857,11 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
pagenr = z_erofs_onlinepage_index(page);
DBG_BUGON(pagenr >= nr_pages);
- DBG_BUGON(pages[pagenr]);
+ if (unlikely(pages[pagenr])) {
+ DBG_BUGON(1);
+ SetPageError(pages[pagenr]);
+ z_erofs_onlinepage_endio(pages[pagenr]);
+ }
pages[pagenr] = page;
overlapped = true;
--
2.17.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 6/6] staging: erofs: avoid endless loop of invalid lookback distance 0
[not found] ` <20190819103426.87579-1-gaoxiang25@huawei.com>
` (3 preceding siblings ...)
2019-08-19 10:34 ` [PATCH 5/6] staging: erofs: detect potential multiref due to " Gao Xiang
@ 2019-08-19 10:34 ` Gao Xiang
2019-08-19 14:58 ` Chao Yu
4 siblings, 1 reply; 14+ messages in thread
From: Gao Xiang @ 2019-08-19 10:34 UTC (permalink / raw)
To: Chao Yu, Greg Kroah-Hartman, devel, linux-fsdevel
Cc: LKML, linux-erofs, Chao Yu, Miao Xie, weidu.du, Fang Wei,
Gao Xiang, stable
As reported by erofs-utils fuzzer, Lookback distance should
be a positive number, so it should be actually looked back
rather than spinning.
Fixes: 02827e1796b3 ("staging: erofs: add erofs_map_blocks_iter")
Cc: <stable@vger.kernel.org> # 4.19+
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
---
drivers/staging/erofs/zmap.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/staging/erofs/zmap.c b/drivers/staging/erofs/zmap.c
index 7408e86823a4..774dacbc5b32 100644
--- a/drivers/staging/erofs/zmap.c
+++ b/drivers/staging/erofs/zmap.c
@@ -350,6 +350,12 @@ static int vle_extent_lookback(struct z_erofs_maprecorder *m,
switch (m->type) {
case Z_EROFS_VLE_CLUSTER_TYPE_NONHEAD:
+ if (unlikely(!m->delta[0])) {
+ errln("invalid lookback distance 0 at nid %llu",
+ vi->nid);
+ DBG_BUGON(1);
+ return -EFSCORRUPTED;
+ }
return vle_extent_lookback(m, m->delta[0]);
case Z_EROFS_VLE_CLUSTER_TYPE_PLAIN:
map->m_flags &= ~EROFS_MAP_ZIPPED;
--
2.17.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH 1/6] staging: erofs: some compressed cluster should be submitted for corrupted images
2019-08-19 10:34 ` [PATCH 1/6] staging: erofs: some compressed cluster should be submitted for corrupted images Gao Xiang
@ 2019-08-19 14:36 ` Chao Yu
2019-08-19 14:39 ` Chao Yu
1 sibling, 0 replies; 14+ messages in thread
From: Chao Yu @ 2019-08-19 14:36 UTC (permalink / raw)
To: Gao Xiang, Chao Yu, Greg Kroah-Hartman, devel, linux-fsdevel
Cc: LKML, linux-erofs, Miao Xie, weidu.du, Fang Wei, stable
On 2019-8-19 18:34, Gao Xiang wrote:
> As reported by erofs_utils fuzzer, a logical page can belong
> to at most 2 compressed clusters, if one compressed cluster
> is corrupted, but the other has been ready in submitting chain.
>
> The chain needs to submit anyway in order to keep the page
> working properly (page unlocked with PG_error set, PG_uptodate
> not set).
>
> Let's fix it now.
>
> Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
> Cc: <stable@vger.kernel.org> # 4.19+
> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Thanks,
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 1/6] staging: erofs: some compressed cluster should be submitted for corrupted images
2019-08-19 10:34 ` [PATCH 1/6] staging: erofs: some compressed cluster should be submitted for corrupted images Gao Xiang
2019-08-19 14:36 ` Chao Yu
@ 2019-08-19 14:39 ` Chao Yu
1 sibling, 0 replies; 14+ messages in thread
From: Chao Yu @ 2019-08-19 14:39 UTC (permalink / raw)
To: Gao Xiang, Chao Yu, Greg Kroah-Hartman, devel, linux-fsdevel
Cc: LKML, linux-erofs, Miao Xie, weidu.du, Fang Wei, stable
On 2019-8-19 18:34, Gao Xiang wrote:
> As reported by erofs_utils fuzzer, a logical page can belong
> to at most 2 compressed clusters, if one compressed cluster
> is corrupted, but the other has been ready in submitting chain.
>
> The chain needs to submit anyway in order to keep the page
> working properly (page unlocked with PG_error set, PG_uptodate
> not set).
>
> Let's fix it now.
>
> Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
> Cc: <stable@vger.kernel.org> # 4.19+
> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Thanks,
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 3/6] staging: erofs: add two missing erofs_workgroup_put for corrupted images
2019-08-19 10:34 ` [PATCH 3/6] staging: erofs: add two missing erofs_workgroup_put for corrupted images Gao Xiang
@ 2019-08-19 14:40 ` Chao Yu
0 siblings, 0 replies; 14+ messages in thread
From: Chao Yu @ 2019-08-19 14:40 UTC (permalink / raw)
To: Gao Xiang, Chao Yu, Greg Kroah-Hartman, devel, linux-fsdevel
Cc: LKML, linux-erofs, Miao Xie, weidu.du, Fang Wei, stable
On 2019-8-19 18:34, Gao Xiang wrote:
> As reported by erofs-utils fuzzer, these error handling
> path will be entered to handle corrupted images.
>
> Lack of erofs_workgroup_puts will cause unmounting
> unsuccessfully.
>
> Fix these return values to EFSCORRUPTED as well.
>
> Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
> Cc: <stable@vger.kernel.org> # 4.19+
> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Thanks,
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 2/6] staging: erofs: cannot set EROFS_V_Z_INITED_BIT if fill_inode_lazy fails
2019-08-19 10:34 ` [PATCH 2/6] staging: erofs: cannot set EROFS_V_Z_INITED_BIT if fill_inode_lazy fails Gao Xiang
@ 2019-08-19 14:43 ` Chao Yu
0 siblings, 0 replies; 14+ messages in thread
From: Chao Yu @ 2019-08-19 14:43 UTC (permalink / raw)
To: Gao Xiang, Chao Yu, Greg Kroah-Hartman, devel, linux-fsdevel
Cc: LKML, linux-erofs, Miao Xie, weidu.du, Fang Wei, stable
On 2019-8-19 18:34, Gao Xiang wrote:
> As reported by erofs-utils fuzzer, unsupported compressed
> clustersize will make fill_inode_lazy fail, for such case
> we cannot set EROFS_V_Z_INITED_BIT since we need return
> failure for each z_erofs_map_blocks_iter().
>
> Fixes: 152a333a5895 ("staging: erofs: add compacted compression indexes support")
> Cc: <stable@vger.kernel.org> # 5.3+
> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Thanks,
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 5/6] staging: erofs: detect potential multiref due to corrupted images
2019-08-19 10:34 ` [PATCH 5/6] staging: erofs: detect potential multiref due to " Gao Xiang
@ 2019-08-19 14:57 ` Chao Yu
2019-08-21 2:19 ` Greg Kroah-Hartman
0 siblings, 1 reply; 14+ messages in thread
From: Chao Yu @ 2019-08-19 14:57 UTC (permalink / raw)
To: Gao Xiang, Chao Yu, Greg Kroah-Hartman, devel, linux-fsdevel
Cc: LKML, linux-erofs, Miao Xie, weidu.du, Fang Wei, stable
On 2019-8-19 18:34, Gao Xiang wrote:
> As reported by erofs-utils fuzzer, currently, multiref
> (ondisk deduplication) hasn't been supported for now,
> we should forbid it properly.
>
> Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
> Cc: <stable@vger.kernel.org> # 4.19+
> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
> ---
> drivers/staging/erofs/zdata.c | 16 ++++++++++++++--
> 1 file changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c
> index aae2f2b8353f..5b6fef5181af 100644
> --- a/drivers/staging/erofs/zdata.c
> +++ b/drivers/staging/erofs/zdata.c
> @@ -816,8 +816,16 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
> pagenr = z_erofs_onlinepage_index(page);
>
> DBG_BUGON(pagenr >= nr_pages);
> - DBG_BUGON(pages[pagenr]);
>
> + /*
> + * currently EROFS doesn't support multiref(dedup),
> + * so here erroring out one multiref page.
> + */
> + if (unlikely(pages[pagenr])) {
> + DBG_BUGON(1);
> + SetPageError(pages[pagenr]);
> + z_erofs_onlinepage_endio(pages[pagenr]);
Should set err meanwhile?
> + }
> pages[pagenr] = page;
> }
> z_erofs_pagevec_ctor_exit(&ctor, true);
> @@ -849,7 +857,11 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
> pagenr = z_erofs_onlinepage_index(page);
>
> DBG_BUGON(pagenr >= nr_pages);
> - DBG_BUGON(pages[pagenr]);
> + if (unlikely(pages[pagenr])) {
> + DBG_BUGON(1);
> + SetPageError(pages[pagenr]);
> + z_erofs_onlinepage_endio(pages[pagenr]);
> + }
> pages[pagenr] = page;
>
> overlapped = true;
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 6/6] staging: erofs: avoid endless loop of invalid lookback distance 0
2019-08-19 10:34 ` [PATCH 6/6] staging: erofs: avoid endless loop of invalid lookback distance 0 Gao Xiang
@ 2019-08-19 14:58 ` Chao Yu
0 siblings, 0 replies; 14+ messages in thread
From: Chao Yu @ 2019-08-19 14:58 UTC (permalink / raw)
To: Gao Xiang, Chao Yu, Greg Kroah-Hartman, devel, linux-fsdevel
Cc: LKML, linux-erofs, Miao Xie, weidu.du, Fang Wei, stable
On 2019-8-19 18:34, Gao Xiang wrote:
> As reported by erofs-utils fuzzer, Lookback distance should
> be a positive number, so it should be actually looked back
> rather than spinning.
>
> Fixes: 02827e1796b3 ("staging: erofs: add erofs_map_blocks_iter")
> Cc: <stable@vger.kernel.org> # 4.19+
> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Thanks,
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 5/6] staging: erofs: detect potential multiref due to corrupted images
2019-08-19 14:57 ` Chao Yu
@ 2019-08-21 2:19 ` Greg Kroah-Hartman
2019-08-21 14:01 ` [PATCH v2 " Gao Xiang
0 siblings, 1 reply; 14+ messages in thread
From: Greg Kroah-Hartman @ 2019-08-21 2:19 UTC (permalink / raw)
To: Chao Yu
Cc: Gao Xiang, Chao Yu, devel, linux-fsdevel, LKML, linux-erofs,
Miao Xie, weidu.du, Fang Wei, stable
On Mon, Aug 19, 2019 at 10:57:42PM +0800, Chao Yu wrote:
> On 2019-8-19 18:34, Gao Xiang wrote:
> > As reported by erofs-utils fuzzer, currently, multiref
> > (ondisk deduplication) hasn't been supported for now,
> > we should forbid it properly.
> >
> > Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
> > Cc: <stable@vger.kernel.org> # 4.19+
> > Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
> > ---
> > drivers/staging/erofs/zdata.c | 16 ++++++++++++++--
> > 1 file changed, 14 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c
> > index aae2f2b8353f..5b6fef5181af 100644
> > --- a/drivers/staging/erofs/zdata.c
> > +++ b/drivers/staging/erofs/zdata.c
> > @@ -816,8 +816,16 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
> > pagenr = z_erofs_onlinepage_index(page);
> >
> > DBG_BUGON(pagenr >= nr_pages);
> > - DBG_BUGON(pages[pagenr]);
> >
> > + /*
> > + * currently EROFS doesn't support multiref(dedup),
> > + * so here erroring out one multiref page.
> > + */
> > + if (unlikely(pages[pagenr])) {
> > + DBG_BUGON(1);
> > + SetPageError(pages[pagenr]);
> > + z_erofs_onlinepage_endio(pages[pagenr]);
>
> Should set err meanwhile?
I've skipped this patch in this series for now, and applied the rest.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH v2 5/6] staging: erofs: detect potential multiref due to corrupted images
2019-08-21 2:19 ` Greg Kroah-Hartman
@ 2019-08-21 14:01 ` Gao Xiang
2019-08-21 14:24 ` Chao Yu
0 siblings, 1 reply; 14+ messages in thread
From: Gao Xiang @ 2019-08-21 14:01 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Chao Yu, devel, Miao Xie, LKML, weidu.du, linux-fsdevel,
linux-erofs, Gao Xiang, stable
As reported by erofs-utils fuzzer, currently, multiref
(ondisk deduplication) hasn't been supported for now,
we should forbid it properly.
Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Cc: <stable@vger.kernel.org> # 4.19+
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
---
changelog from v1:
- change err = -EFSCORRUPTED as well as Chao suggested;
[ the difference between adding err or not to [PATCH 5/6] is just whether
we error out the whole compressed cluster or partial of them (since some
pages could be decompressed successfully), it's an undefined behavior
for these corrupted compressed images... ]
Hi Chao,
Could you kindly review it again? Thanks!
Hi Greg,
This is [PATCH 5/6] of the original patchset, and I fix as what Chao suggested...
But I'm not sure whether it should be merged right now, it is up to you. :)
Thanks,
Gao Xiang
drivers/staging/erofs/zdata.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c
index 4d6faaab04f5..60d7c20db87d 100644
--- a/drivers/staging/erofs/zdata.c
+++ b/drivers/staging/erofs/zdata.c
@@ -798,6 +798,7 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
for (i = 0; i < nr_pages; ++i)
pages[i] = NULL;
+ err = 0;
z_erofs_pagevec_ctor_init(&ctor, Z_EROFS_NR_INLINE_PAGEVECS,
cl->pagevec, 0);
@@ -819,8 +820,17 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
pagenr = z_erofs_onlinepage_index(page);
DBG_BUGON(pagenr >= nr_pages);
- DBG_BUGON(pages[pagenr]);
+ /*
+ * currently EROFS doesn't support multiref(dedup),
+ * so here erroring out one multiref page.
+ */
+ if (unlikely(pages[pagenr])) {
+ DBG_BUGON(1);
+ SetPageError(pages[pagenr]);
+ z_erofs_onlinepage_endio(pages[pagenr]);
+ err = -EFSCORRUPTED;
+ }
pages[pagenr] = page;
}
z_erofs_pagevec_ctor_exit(&ctor, true);
@@ -828,7 +838,6 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
overlapped = false;
compressed_pages = pcl->compressed_pages;
- err = 0;
for (i = 0; i < clusterpages; ++i) {
unsigned int pagenr;
@@ -852,7 +861,12 @@ static int z_erofs_decompress_pcluster(struct super_block *sb,
pagenr = z_erofs_onlinepage_index(page);
DBG_BUGON(pagenr >= nr_pages);
- DBG_BUGON(pages[pagenr]);
+ if (unlikely(pages[pagenr])) {
+ DBG_BUGON(1);
+ SetPageError(pages[pagenr]);
+ z_erofs_onlinepage_endio(pages[pagenr]);
+ err = -EFSCORRUPTED;
+ }
pages[pagenr] = page;
overlapped = true;
--
2.17.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH v2 5/6] staging: erofs: detect potential multiref due to corrupted images
2019-08-21 14:01 ` [PATCH v2 " Gao Xiang
@ 2019-08-21 14:24 ` Chao Yu
0 siblings, 0 replies; 14+ messages in thread
From: Chao Yu @ 2019-08-21 14:24 UTC (permalink / raw)
To: Gao Xiang, Greg Kroah-Hartman
Cc: devel, Miao Xie, LKML, weidu.du, linux-fsdevel, linux-erofs, stable
On 2019-8-21 22:01, Gao Xiang wrote:
> As reported by erofs-utils fuzzer, currently, multiref
> (ondisk deduplication) hasn't been supported for now,
> we should forbid it properly.
>
> Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
> Cc: <stable@vger.kernel.org> # 4.19+
> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Thanks,
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2019-08-21 14:24 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20190819080218.GA42231@138>
[not found] ` <20190819103426.87579-1-gaoxiang25@huawei.com>
2019-08-19 10:34 ` [PATCH 1/6] staging: erofs: some compressed cluster should be submitted for corrupted images Gao Xiang
2019-08-19 14:36 ` Chao Yu
2019-08-19 14:39 ` Chao Yu
2019-08-19 10:34 ` [PATCH 2/6] staging: erofs: cannot set EROFS_V_Z_INITED_BIT if fill_inode_lazy fails Gao Xiang
2019-08-19 14:43 ` Chao Yu
2019-08-19 10:34 ` [PATCH 3/6] staging: erofs: add two missing erofs_workgroup_put for corrupted images Gao Xiang
2019-08-19 14:40 ` Chao Yu
2019-08-19 10:34 ` [PATCH 5/6] staging: erofs: detect potential multiref due to " Gao Xiang
2019-08-19 14:57 ` Chao Yu
2019-08-21 2:19 ` Greg Kroah-Hartman
2019-08-21 14:01 ` [PATCH v2 " Gao Xiang
2019-08-21 14:24 ` Chao Yu
2019-08-19 10:34 ` [PATCH 6/6] staging: erofs: avoid endless loop of invalid lookback distance 0 Gao Xiang
2019-08-19 14:58 ` Chao Yu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).