Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1958639rwb;
        Sun, 18 Sep 2022 18:40:20 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM4FsREeRypLvQVJIS2GYHl9dn3JP/SyjtTh2hGyNWxZvYo7qb67ds8nTCN7rtAnAlfwm4eH
X-Received: by 2002:a17:907:3ea8:b0:77e:f9a2:6fcf with SMTP id hs40-20020a1709073ea800b0077ef9a26fcfmr11234120ejc.701.1663551620579;
        Sun, 18 Sep 2022 18:40:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1663551620; cv=none;
        d=google.com; s=arc-20160816;
        b=jzPPrsOnrzND5XqskYUNv8DO9mQJLRoV6Y57bGuXwhbiNDlm1mNhFmC9LsnE8odGo2
         JbrdaH3W4rlpiBUpX+2sv6tHl3HGDKT7yTNbeNMRchmiRbwbFoaneoBDY5gbRgj3JESu
         IQmtisC0fA1XfVJrCUp7e/xQncI+8gT6MsPecLcQQBkuy1jg1w+4oTnW/icEiQfRN8VW
         47ul2BmVQBzuM4T4VgFVdjhtRODsPYml005IYOUVPkATwwFAtBAz03FGZxR96gSmaxqp
         VuA1oOOWjejUu0bccYbRrffoFwi/8+jo4WzpMvaZ7o1OfSsqdyunIWpxnnvqjh0iCXRu
         MvDw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=N8eqqewSNmFIl18uGjm9/zwnlUkZ2Q0UubEd4wLISog=;
        b=RcRNLsIGskqYWhn/KDkcGL0d9RTH1CkK57IA29OFLe8nwG5QVugl4jTFnrtX/SojuE
         jnMdVEs6WGDJItfT4LTu3vfeIYdZ7GQldU9Tnx2v0gedvDE4mPmhwXtPKCLhKNaPAh1v
         1EGERQGs0+nBT0RZOE5tIzmVU8YVxfiZQnBUk4CgKfgE+z+zpDKnfe7ZZ0wcHYednMqO
         RLX7ZYPEm71vkY8kY1C8py5FCDwGyXimA7PGEgPiV/ljHDmQPirC+LS3BZGiYA+VBtlQ
         UejpJph4P2muVyg2p9FoEu2C4HlIgu5Onug06wwxOgrMfIG/Zoc5o3Q4NAF4JrKYUfkg
         9zLQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b="VwTS/iD3";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id xj9-20020a170906db0900b0077ba25b488csi25543695ejb.62.2022.09.18.18.39.55;
        Sun, 18 Sep 2022 18:40:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b="VwTS/iD3";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229655AbiISBfR (ORCPT <rfc822;andreqb@gmail.com> + 99 others);
        Sun, 18 Sep 2022 21:35:17 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37842 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229483AbiISBfP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 18 Sep 2022 21:35:15 -0400
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5387CE089
        for <linux-kernel@vger.kernel.org>; Sun, 18 Sep 2022 18:35:12 -0700 (PDT)
Received: by mail-pj1-x1030.google.com with SMTP id go6so22120720pjb.2
        for <linux-kernel@vger.kernel.org>; Sun, 18 Sep 2022 18:35:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date:from:to:cc:subject:date;
        bh=N8eqqewSNmFIl18uGjm9/zwnlUkZ2Q0UubEd4wLISog=;
        b=VwTS/iD32l18B+pXNDm5P9ZD7eMFp3vlJSuYaDdUPeMCzLhQhs/JW2ONtw3Q1opXD+
         I40OrHfOKTnrKAUE1loXBWZO+JGcdVA7OmXCKEimDHHimhVvAVyB9Yl+kECFQgRxyf7g
         SGINgLLmK8IMTm/lCy30VpdNramxoJtCwpGevCIujBagUt7koRlyMbu4m8jXTcJCC155
         cESv0n5Wdu6HCyvbfLMk6KhdV6Oh2ZGPnY+oSJV7+Sgs3SrbkGyjq8p0m4POIyJm0w4x
         6up2jG4lOk4Ipm0ofExSwhwmPg88SShlFEiY/H6nfMdyjF6u+JJvFQXd70PjDvBz4TRM
         g3xA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc
         :subject:date;
        bh=N8eqqewSNmFIl18uGjm9/zwnlUkZ2Q0UubEd4wLISog=;
        b=avaZGOrkIBJe7MwdwpIMzbEiN0P2Q1BJdinw/I9FQ19TuPs+nGpOCgBcM2BQyqScty
         DIGwUVZfMqRqllJZNyWSVmTa9LZz3qfEd/NUJsVkveqlkLfgkRCL/ziI7Ie3rJtLIFpu
         duGT5UDvlGrMd9tsAkYydS2lJBuJdcAfJrlLFHGpAXJrz6BK9PGUOszhXFy94oV3NkjQ
         YfvX07bH7FknQKSs8zVYmr5ptYV15om9Y6d/OhayM710fVWoehna9SAEuGyICIyz43+o
         eFQFiXGM0S+2VTL/5tT7TNmuNs5TwtjTbzmFlBG/g09uSIX2tTkaOPHfwA3B8M43k9/u
         DI3A==
X-Gm-Message-State: ACrzQf2WvANXEcCAoDgd6+W3okzFB0qUNBQFoXLehlq4PIkRL96BRkQP
        WGgGoQ33zuU3XbZ6yhaUfMA=
X-Received: by 2002:a17:903:2290:b0:178:48b6:f57c with SMTP id b16-20020a170903229000b0017848b6f57cmr10663601plh.78.1663551311817;
        Sun, 18 Sep 2022 18:35:11 -0700 (PDT)
Received: from localhost ([156.236.96.165])
        by smtp.gmail.com with ESMTPSA id a5-20020aa794a5000000b00543a098a6ffsm15837530pfl.212.2022.09.18.18.35.10
        (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
        Sun, 18 Sep 2022 18:35:11 -0700 (PDT)
Date:   Mon, 19 Sep 2022 09:37:47 +0800
From:   Yue Hu <zbestahu@gmail.com>
To:     Gao Xiang <hsiangkao@linux.alibaba.com>
Cc:     linux-erofs@lists.ozlabs.org,
        syzbot+f966c13b1b4fc0403b19@syzkaller.appspotmail.com,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
        LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] erofs: fix order >= MAX_ORDER warning due to crafted
 nagative i_size
Message-ID: <20220919093747.00005bd6.zbestahu@gmail.com>
In-Reply-To: <20220909023948.28925-1-hsiangkao@linux.alibaba.com>
References: <000000000000ac8efa05e7feaa1f@google.com>
        <20220909023948.28925-1-hsiangkao@linux.alibaba.com>
X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; i686-w64-mingw32)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
        RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri,  9 Sep 2022 10:39:48 +0800
Gao Xiang <hsiangkao@linux.alibaba.com> wrote:

> As syzbot reported [1], the root cause is that i_size field is a
> signed type, and negative i_size is also less than EROFS_BLKSIZ.
> As a consequence, it's handled as fast symlink unexpectedly.
> 
> Let's fall back to the generic path to deal with such unusual i_size.
> 
> [1] https://lore.kernel.org/r/000000000000ac8efa05e7feaa1f@google.com
> Reported-by: syzbot+f966c13b1b4fc0403b19@syzkaller.appspotmail.com
> Fixes: 431339ba9042 ("staging: erofs: add inode operations")
> Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
> ---
>  fs/erofs/inode.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/erofs/inode.c b/fs/erofs/inode.c
> index 95a403720e8c..16cf9a283557 100644
> --- a/fs/erofs/inode.c
> +++ b/fs/erofs/inode.c
> @@ -214,7 +214,7 @@ static int erofs_fill_symlink(struct inode *inode, void *kaddr,
>  
>  	/* if it cannot be handled with fast symlink scheme */
>  	if (vi->datalayout != EROFS_INODE_FLAT_INLINE ||
> -	    inode->i_size >= EROFS_BLKSIZ) {
> +	    inode->i_size >= EROFS_BLKSIZ || inode->i_size < 0) {

Reviewed-by: Yue Hu <huyue2@coolpad.com>

>  		inode->i_op = &erofs_symlink_iops;
>  		return 0;
>  	}