Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp589343rwb;
        Tue, 4 Oct 2022 08:04:22 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM5RIl848cPRcro2g4R0VDEckPtq8scJdroFwBJ2sB9UkYfPy7cEQfyInQNxXMhwJcuq2NiM
X-Received: by 2002:a17:907:1dd9:b0:77a:341b:88cb with SMTP id og25-20020a1709071dd900b0077a341b88cbmr19785169ejc.753.1664895862032;
        Tue, 04 Oct 2022 08:04:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1664895862; cv=none;
        d=google.com; s=arc-20160816;
        b=JRfs6OduvHvl5S+/V4Mf0sfbf4qrP7Q7uhFlHoax/tyBWff6ffg9vkhTsWaTZis9DH
         PrXmupFwWb9XiP2RAFLOIbtyVaXjP2sJFMIha1JcVWni+DMDSlTyKxw6DPi4xoktxWEF
         mBbVpdbl2c2modCK0iGzg+CGzXEOkB3R9GeuskrVky9JnureJesIvxF9Z/7QbfHEM8jg
         XeIfrzrU+4eTj8Fj/WzOUDndD43SyK7nJycmEuYyJtYz2zlXir3ERMjWcF5TQ1ptue6X
         xQcpEaAbPxSwbs1pyPTx49Q0MNZKgNs52o6Ush7Eb4JgvYQ57WCt4uwTjSS+j6pQ86x+
         55bw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=FiGiWuqNMxRYmMEJen9U4DdoTiKrvBlJbml9qjjwVXc=;
        b=IJpw/+eZR2ZxwI/ItEeJcSBfaNLKEzdUYypjPnEVv+VRhsB3dVtw/FSr5liv+mXo9W
         Snp+qlVaMZO+JD2goyjwWAZQ3ry2euFi9xCt1H00wdBrbBkS5Uniq2X/cac2EEsCucUY
         n0Tb2RE7LiUYK9dAiXZvYlYuUYHl78fEgUsT6frK3l0mZqWLRmxQd7n5PWZS52kBzshX
         3lh8lquvU7ovajRXR5Cd49bIdst96I8GHWQWc4DmJRGAGoa05Fn7bcZiSb8qRlX7myjT
         DvIuSrviVc15fNCHVgUZ0iTpeY30eX3ZQ6vpc56nhVVp4ID1lNaPY/GrP6wPQ9/RYf5j
         HyzA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=leFOk6Ki;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id hq36-20020a1709073f2400b0072afc15af40si13774806ejc.39.2022.10.04.08.03.46;
        Tue, 04 Oct 2022 08:04:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=leFOk6Ki;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229853AbiJDOun (ORCPT <rfc822;anenbupt@gmail.com> + 99 others);
        Tue, 4 Oct 2022 10:50:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33354 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229712AbiJDOul (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 4 Oct 2022 10:50:41 -0400
Received: from m12-16.163.com (m12-16.163.com [220.181.12.16])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 5AA6061B1A
        for <linux-kernel@vger.kernel.org>; Tue,  4 Oct 2022 07:50:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
        s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=FiGiW
        uqNMxRYmMEJen9U4DdoTiKrvBlJbml9qjjwVXc=; b=leFOk6Ki2fQv6j7ISe0yI
        RzwUAPTjLxp6gYyKMfLcIWHVQiQGCN+3AhbtoyKJjr5acde9vRPTKNEpdJ91Ta+6
        Kz5maqXSM1cfcivBUqIKn780FA8hXGOwtqbEFKjVLC+A1X9Lp23Hyt5J6DvGSWBB
        /4q7GR4b44cI8YzFhUUVO4=
Received: from localhost.localdomain (unknown [112.22.168.89])
        by smtp12 (Coremail) with SMTP id EMCowACno3UQSDxjXwxPBw--.264S2;
        Tue, 04 Oct 2022 22:49:58 +0800 (CST)
From:   Yue Hu <zbestahu@163.com>
To:     xiang@kernel.org, chao@kernel.org
Cc:     linux-erofs@lists.ozlabs.org, linux-kernel@vger.kernel.org,
        zhangwen@coolpad.com, Yue Hu <huyue2@coolpad.com>
Subject: [PATCH] erofs: fix the unmapped access in z_erofs_fill_inode_lazy()
Date:   Tue,  4 Oct 2022 22:49:51 +0800
Message-Id: <20221004144951.31075-1-zbestahu@163.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-CM-TRANSID: EMCowACno3UQSDxjXwxPBw--.264S2
X-Coremail-Antispam: 1Uf129KBjvJXoW7AFyfGFyxZF4rtw4rtw4rGrg_yoW8tw47pF
        42krWSyryrJrn7ZrWI9F18Xry3Kay8Jw4DGw13G34rZ3Z0g3ZagFy8tF9xJF45GrWrZr4F
        qF1jva4rurWxG3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
        9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07j3OzsUUUUU=
X-Originating-IP: [112.22.168.89]
X-CM-SenderInfo: p2eh23xdkxqiywtou0bp/xtbBoRaQEWI0VBeiqAAAsp
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
        RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Yue Hu <huyue2@coolpad.com>

Note that we are still accessing 'h_idata_size' and 'h_fragmentoff'
after calling erofs_put_metabuf(), that is not correct. Fix it.

Fixes: ab92184ff8f1 ("add on-disk compressed tail-packing inline support")
Fixes: b15b2e307c3a ("support on-disk compressed fragments data")
Signed-off-by: Yue Hu <huyue2@coolpad.com>
---
 fs/erofs/zmap.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/fs/erofs/zmap.c b/fs/erofs/zmap.c
index 44c27ef39c43..1a15bbf18ba3 100644
--- a/fs/erofs/zmap.c
+++ b/fs/erofs/zmap.c
@@ -58,7 +58,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode)
 	pos = ALIGN(iloc(EROFS_SB(sb), vi->nid) + vi->inode_isize +
 		    vi->xattr_isize, 8);
 	kaddr = erofs_read_metabuf(&buf, sb, erofs_blknr(pos),
-				   EROFS_KMAP_ATOMIC);
+				   EROFS_KMAP);
 	if (IS_ERR(kaddr)) {
 		err = PTR_ERR(kaddr);
 		goto out_unlock;
@@ -73,7 +73,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode)
 		vi->z_advise = Z_EROFS_ADVISE_FRAGMENT_PCLUSTER;
 		vi->z_fragmentoff = le64_to_cpu(*(__le64 *)h) ^ (1ULL << 63);
 		vi->z_tailextent_headlcn = 0;
-		goto unmap_done;
+		goto init_done;
 	}
 	vi->z_advise = le16_to_cpu(h->h_advise);
 	vi->z_algorithmtype[0] = h->h_algorithmtype & 15;
@@ -105,10 +105,6 @@ static int z_erofs_fill_inode_lazy(struct inode *inode)
 		err = -EFSCORRUPTED;
 		goto unmap_done;
 	}
-unmap_done:
-	erofs_put_metabuf(&buf);
-	if (err)
-		goto out_unlock;
 
 	if (vi->z_advise & Z_EROFS_ADVISE_INLINE_PCLUSTER) {
 		struct erofs_map_blocks map = {
@@ -127,7 +123,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode)
 			err = -EFSCORRUPTED;
 		}
 		if (err < 0)
-			goto out_unlock;
+			goto unmap_done;
 	}
 
 	if (vi->z_advise & Z_EROFS_ADVISE_FRAGMENT_PCLUSTER &&
@@ -141,11 +137,14 @@ static int z_erofs_fill_inode_lazy(struct inode *inode)
 					    EROFS_GET_BLOCKS_FINDTAIL);
 		erofs_put_metabuf(&map.buf);
 		if (err < 0)
-			goto out_unlock;
+			goto unmap_done;
 	}
+init_done:
 	/* paired with smp_mb() at the beginning of the function */
 	smp_mb();
 	set_bit(EROFS_I_Z_INITED_BIT, &vi->flags);
+unmap_done:
+	erofs_put_metabuf(&buf);
 out_unlock:
 	clear_and_wake_up_bit(EROFS_I_BL_Z_BIT, &vi->flags);
 	return err;
-- 
2.25.1