Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1162571ybt; Wed, 24 Jun 2020 22:23:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxFqtU1P2HLYoWshbYH/QvSbeUSm9xa4vpD/QOfca6W8TP2LeEMfvCFXMWEmdRf2Cn0hPil X-Received: by 2002:aa7:c682:: with SMTP id n2mr29515506edq.18.1593062624810; Wed, 24 Jun 2020 22:23:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593062624; cv=none; d=google.com; s=arc-20160816; b=dZ84YueywOuL4/qCWNqNmgGrowcYI+xaFoVbQ12iEgEBAyOAZ8cYhPbWaEzJlJ+lJI IQRf9iT9df4RRbKM30TyrY0dDit2485gAY0Xr7fL6sg8KQC4O/VIOfKhfqvNNnhyOhU1 wtEEmzizI9PKa1ciV3lafhaaro81BLNGOHTITxLVA9IEOhCCcxAJ1zklZ/UgHHdO2AAI Z9ZIcuIOw88BBhh4RWkd+YJ7c9ZX6CR2NvaQhGJIYsjXrc0iJzJCHhUi4JYpiWhq17Pt 74REI7JZ451/YKKbI/DpI9wK27pNBqvEdEpoFm/rc9Pj8WMBamo0auANfvJ5ihtwFGD3 uRXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=nNbuaihPm9AroQRBhAhelCSNPjnrx2O1HLOA95a0Tpc=; b=qOiSBSOckIrt1KgEkPYF+RWNqUer1ENtw2vApbW828ZP7qs1DHjsiiAf5mz038G1WB 57W4Hm5L1aPnkP1cNvUT0ahWPehVF3DaNWYfryV5jjnDICiJbImEBKReo/WY6RzJvCQo gb39dd1bbjjf5ATjCBK9eqNnf6Rl8tmCkL8b6g01ZPRLwmdx+SeN4ghS+YOqfEJQDMZq x5JoeWLFfJqmCJR6DYNnTsJF3TaaHC5SeKQ6Ox0dL7vey2bIYcdF0SotA0A7qi2kbQGP SYgwm+pUdZQMy9PLdRI+nDftlUtNTIZk+2lXHBTuI0OaJwrlMftInNd/BHYhbl+EX2ke THKw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@aol.com header.s=a2048 header.b=JZLYbqBt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=aol.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g22si14565842eds.26.2020.06.24.22.23.19; Wed, 24 Jun 2020 22:23:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@aol.com header.s=a2048 header.b=JZLYbqBt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=aol.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389753AbgFYFT7 (ORCPT + 99 others); Thu, 25 Jun 2020 01:19:59 -0400 Received: from sonic313-21.consmr.mail.gq1.yahoo.com ([98.137.65.84]:35698 "EHLO sonic313-21.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389705AbgFYFT7 (ORCPT ); Thu, 25 Jun 2020 01:19:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aol.com; s=a2048; t=1593062398; bh=nNbuaihPm9AroQRBhAhelCSNPjnrx2O1HLOA95a0Tpc=; h=From:To:Cc:Subject:Date:References:From:Subject; b=JZLYbqBtckbSqh99naE4PZDvlo/BBokQhph46/oaqGM5Fi6OACDHIs0q0yMmhPvrOrxOi8EvHKHxusufvhHfjg2rSXgdyjwyuOlwhzmLPcVDu9W/fNdYBVqgaCjP4/GJNsVEmblhS1SFqG0BeG7yIptPdix8ukt+F+eyy/Af3YBvQpPqE+/1diaeIO3W+oCYecVoPK9drKmkchMkjccjDzN5NIxniFu8iSaYTpFqXN8FS+L69k3Olw2lWHsIQDKl+nRc9o5Rpu0YPMurxASTZSQCECTYdTmaFFRK8WsieSieHv2l9yRgg7bFtpW8JspxfPA8iXDoI9wzJYBUEo6btw== X-YMail-OSG: G2xB2kwVM1lGJZBr8SL9gjGkCVNgX1RfQcr10RSUT8npVu5HiA0byqQCBnG90EJ 0A3MG0mqWo41.N8N_tK9z5uIe73bu5.1SOuq7gmDfGaAQkek5IvU2csHcqyGgwcSWVnQxJNBqxoB n7XF._gqnGj3PUdmlDzjdVyFNQC89TP0cstcYDhwaQCNAIZWqynq7hxjCfi8Yq0XzT4It.8YnREo awBE6K4rw9HCPj9Mrl.TYYgbwwcA9gKLoC5YL87M7Qb_zReGmbqnLwZv_jPC5DjbFkJtZYPlQl16 fgfWq6zmVxhmy7AsgaLJdHp1naiPZkkcmQH071oFOzCpPKK4n6dnQrn5R5LrEGp_W6YbPexCuaqo MMTg7tkyPX1wglob.hh8KDV5SjDePuXFMyZBzLwkCuheXc_KOkcSKc.03z1aCP0CdExYCH891GdW AjqSRzIpfdmxoDVAb_mVNmhxznBlhteVIu1iefj8NqJyd3L3oum0NIY2Zl2_ekIlLg4mIKiXWboO GZwK9KnXHo8MT18KQ1gBfHcgxAZphiUCdOgBO3tYZ_kJcCuTDYPSnrrYydhWbXMyKDsLVbIAj33m iED6POCONZtI7cHfT1h26NW2Quf5IChtf.0pjaOBUUjx7TC79hqTlD979aVHade9hfkR8hLdWmZt F4LAp8cymGbQz1rLFWEnkzgIaBXvj3mU.a2glVRpBj_TXoNrJAQvQSwhAZm6rOu6RAEOM04uDXiC .ltP8AiVbntejVMZrqhi6w04IZKwSjIR_z4OR6i3gY3JjHOHt3WkuoT7GNPKfwvAEZ8dwxByAJSk J8.pS.HPMA9CK9ZCUnW8B7B85JzBTsNRI3HyW6FLoZfq3n5_BMF0EGjSn.UIkszKIrgu5lhKPeWh EA_5.1FSBbVJvLi47PDg5SQ1xNfeOlnOLlLkA_DLVyIbC4lLMvCUdU1KgQWMDHqqQDyyDgxB8N4p px4uzgNtEsuAiVpEeyTKhzKxbA4obf93CPQGD1IdSVhxkjYF__A9Nii6Yz6EKendnJ5ciUGa3xAw bJDYuL1xuKHWlLAN.CynwLXHn8TE6qEhfQOUVw6MzJa4BgswUwmCSn9ZSyMvWBAZv7aZoHxNuxL. .yWcA6jie.6yGcGdcf7RfKT5EYjNFbBacjvNbglhvVNGhNTP0MULavaa9xb8jBFruBme5igP2_F1 JxYFkHqAMU7VBCqcWpJlVl2yzugsb9zBz0S_qdfmB.z_ZaWb8oEPtRHG3uDsJl5lPO7iCtXQdCLL zklMiUNBTGoQYWRCuPYlQL.SC_swGtv.1XclY3kVpKqqPfUL7s.pHucmQOw0EZ_C3WdcBBS_51hs mthXSfzxgGQC3sRhn3N8zWD5vyGZjtrvr_oN91ovJDkvwOOWvsP7XA1TECXNLc3QyQuBx8J06ETX BWaifbZ1yhAOfbkKnJ6zp.pq3R9x0 Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.gq1.yahoo.com with HTTP; Thu, 25 Jun 2020 05:19:58 +0000 Received: by smtp420.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 168749c4308c8b7d943811892a3c5e51; Thu, 25 Jun 2020 05:19:57 +0000 (UTC) From: Gao Xiang To: stable@vger.kernel.org, Greg Kroah-Hartman Cc: linux-erofs@lists.ozlabs.org, LKML , Gao Xiang , Hongyu Jin , Chao Yu Subject: [PATCH 4.19.y] erofs: fix partially uninitialized misuse in z_erofs_onlinepage_fixup Date: Thu, 25 Jun 2020 13:19:39 +0800 Message-Id: <20200625051939.32454-1-hsiangkao@aol.com> X-Mailer: git-send-email 2.24.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit References: <20200625051939.32454-1-hsiangkao.ref@aol.com> Content-Length: 2381 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Gao Xiang commit 3c597282887fd55181578996dca52ce697d985a5 upstream. Hongyu reported "id != index" in z_erofs_onlinepage_fixup() with specific aarch64 environment easily, which wasn't shown before. After digging into that, I found that high 32 bits of page->private was set to 0xaaaaaaaa rather than 0 (due to z_erofs_onlinepage_init behavior with specific compiler options). Actually we only use low 32 bits to keep the page information since page->private is only 4 bytes on most 32-bit platforms. However z_erofs_onlinepage_fixup() uses the upper 32 bits by mistake. Let's fix it now. Reported-and-tested-by: Hongyu Jin Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: # 4.19+ Reviewed-by: Chao Yu Link: https://lore.kernel.org/r/20200618234349.22553-1-hsiangkao@aol.com Signed-off-by: Gao Xiang --- This fix has been merged into Linus's tree just now (today). Since the patch could not directly be applied to 4.19, manually handle this. drivers/staging/erofs/unzip_vle.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/staging/erofs/unzip_vle.h b/drivers/staging/erofs/unzip_vle.h index 684ff06fc7bf..630fd1f4f123 100644 --- a/drivers/staging/erofs/unzip_vle.h +++ b/drivers/staging/erofs/unzip_vle.h @@ -169,22 +169,22 @@ static inline void z_erofs_onlinepage_init(struct page *page) static inline void z_erofs_onlinepage_fixup(struct page *page, uintptr_t index, bool down) { - unsigned long *p, o, v, id; -repeat: - p = &page_private(page); - o = READ_ONCE(*p); + union z_erofs_onlinepage_converter u = { .v = &page_private(page) }; + int orig, orig_index, val; - id = o >> Z_EROFS_ONLINEPAGE_INDEX_SHIFT; - if (id) { +repeat: + orig = atomic_read(u.o); + orig_index = orig >> Z_EROFS_ONLINEPAGE_INDEX_SHIFT; + if (orig_index) { if (!index) return; - BUG_ON(id != index); + DBG_BUGON(orig_index != index); } - v = (index << Z_EROFS_ONLINEPAGE_INDEX_SHIFT) | - ((o & Z_EROFS_ONLINEPAGE_COUNT_MASK) + (unsigned)down); - if (cmpxchg(p, o, v) != o) + val = (index << Z_EROFS_ONLINEPAGE_INDEX_SHIFT) | + ((orig & Z_EROFS_ONLINEPAGE_COUNT_MASK) + (unsigned int)down); + if (atomic_cmpxchg(u.o, orig, val) != orig) goto repeat; } -- 2.24.0