Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp589343rwb; Tue, 4 Oct 2022 08:04:22 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5RIl848cPRcro2g4R0VDEckPtq8scJdroFwBJ2sB9UkYfPy7cEQfyInQNxXMhwJcuq2NiM X-Received: by 2002:a17:907:1dd9:b0:77a:341b:88cb with SMTP id og25-20020a1709071dd900b0077a341b88cbmr19785169ejc.753.1664895862032; Tue, 04 Oct 2022 08:04:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664895862; cv=none; d=google.com; s=arc-20160816; b=JRfs6OduvHvl5S+/V4Mf0sfbf4qrP7Q7uhFlHoax/tyBWff6ffg9vkhTsWaTZis9DH PrXmupFwWb9XiP2RAFLOIbtyVaXjP2sJFMIha1JcVWni+DMDSlTyKxw6DPi4xoktxWEF mBbVpdbl2c2modCK0iGzg+CGzXEOkB3R9GeuskrVky9JnureJesIvxF9Z/7QbfHEM8jg XeIfrzrU+4eTj8Fj/WzOUDndD43SyK7nJycmEuYyJtYz2zlXir3ERMjWcF5TQ1ptue6X xQcpEaAbPxSwbs1pyPTx49Q0MNZKgNs52o6Ush7Eb4JgvYQ57WCt4uwTjSS+j6pQ86x+ 55bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=FiGiWuqNMxRYmMEJen9U4DdoTiKrvBlJbml9qjjwVXc=; b=IJpw/+eZR2ZxwI/ItEeJcSBfaNLKEzdUYypjPnEVv+VRhsB3dVtw/FSr5liv+mXo9W Snp+qlVaMZO+JD2goyjwWAZQ3ry2euFi9xCt1H00wdBrbBkS5Uniq2X/cac2EEsCucUY n0Tb2RE7LiUYK9dAiXZvYlYuUYHl78fEgUsT6frK3l0mZqWLRmxQd7n5PWZS52kBzshX 3lh8lquvU7ovajRXR5Cd49bIdst96I8GHWQWc4DmJRGAGoa05Fn7bcZiSb8qRlX7myjT DvIuSrviVc15fNCHVgUZ0iTpeY30eX3ZQ6vpc56nhVVp4ID1lNaPY/GrP6wPQ9/RYf5j HyzA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@163.com header.s=s110527 header.b=leFOk6Ki; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hq36-20020a1709073f2400b0072afc15af40si13774806ejc.39.2022.10.04.08.03.46; Tue, 04 Oct 2022 08:04:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@163.com header.s=s110527 header.b=leFOk6Ki; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229853AbiJDOun (ORCPT + 99 others); Tue, 4 Oct 2022 10:50:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33354 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229712AbiJDOul (ORCPT ); Tue, 4 Oct 2022 10:50:41 -0400 Received: from m12-16.163.com (m12-16.163.com [220.181.12.16]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 5AA6061B1A for ; Tue, 4 Oct 2022 07:50:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=FiGiW uqNMxRYmMEJen9U4DdoTiKrvBlJbml9qjjwVXc=; b=leFOk6Ki2fQv6j7ISe0yI RzwUAPTjLxp6gYyKMfLcIWHVQiQGCN+3AhbtoyKJjr5acde9vRPTKNEpdJ91Ta+6 Kz5maqXSM1cfcivBUqIKn780FA8hXGOwtqbEFKjVLC+A1X9Lp23Hyt5J6DvGSWBB /4q7GR4b44cI8YzFhUUVO4= Received: from localhost.localdomain (unknown [112.22.168.89]) by smtp12 (Coremail) with SMTP id EMCowACno3UQSDxjXwxPBw--.264S2; Tue, 04 Oct 2022 22:49:58 +0800 (CST) From: Yue Hu To: xiang@kernel.org, chao@kernel.org Cc: linux-erofs@lists.ozlabs.org, linux-kernel@vger.kernel.org, zhangwen@coolpad.com, Yue Hu Subject: [PATCH] erofs: fix the unmapped access in z_erofs_fill_inode_lazy() Date: Tue, 4 Oct 2022 22:49:51 +0800 Message-Id: <20221004144951.31075-1-zbestahu@163.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID: EMCowACno3UQSDxjXwxPBw--.264S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7AFyfGFyxZF4rtw4rtw4rGrg_yoW8tw47pF 42krWSyryrJrn7ZrWI9F18Xry3Kay8Jw4DGw13G34rZ3Z0g3ZagFy8tF9xJF45GrWrZr4F qF1jva4rurWxG3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07j3OzsUUUUU= X-Originating-IP: [112.22.168.89] X-CM-SenderInfo: p2eh23xdkxqiywtou0bp/xtbBoRaQEWI0VBeiqAAAsp X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Yue Hu Note that we are still accessing 'h_idata_size' and 'h_fragmentoff' after calling erofs_put_metabuf(), that is not correct. Fix it. Fixes: ab92184ff8f1 ("add on-disk compressed tail-packing inline support") Fixes: b15b2e307c3a ("support on-disk compressed fragments data") Signed-off-by: Yue Hu --- fs/erofs/zmap.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/fs/erofs/zmap.c b/fs/erofs/zmap.c index 44c27ef39c43..1a15bbf18ba3 100644 --- a/fs/erofs/zmap.c +++ b/fs/erofs/zmap.c @@ -58,7 +58,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) pos = ALIGN(iloc(EROFS_SB(sb), vi->nid) + vi->inode_isize + vi->xattr_isize, 8); kaddr = erofs_read_metabuf(&buf, sb, erofs_blknr(pos), - EROFS_KMAP_ATOMIC); + EROFS_KMAP); if (IS_ERR(kaddr)) { err = PTR_ERR(kaddr); goto out_unlock; @@ -73,7 +73,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) vi->z_advise = Z_EROFS_ADVISE_FRAGMENT_PCLUSTER; vi->z_fragmentoff = le64_to_cpu(*(__le64 *)h) ^ (1ULL << 63); vi->z_tailextent_headlcn = 0; - goto unmap_done; + goto init_done; } vi->z_advise = le16_to_cpu(h->h_advise); vi->z_algorithmtype[0] = h->h_algorithmtype & 15; @@ -105,10 +105,6 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) err = -EFSCORRUPTED; goto unmap_done; } -unmap_done: - erofs_put_metabuf(&buf); - if (err) - goto out_unlock; if (vi->z_advise & Z_EROFS_ADVISE_INLINE_PCLUSTER) { struct erofs_map_blocks map = { @@ -127,7 +123,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) err = -EFSCORRUPTED; } if (err < 0) - goto out_unlock; + goto unmap_done; } if (vi->z_advise & Z_EROFS_ADVISE_FRAGMENT_PCLUSTER && @@ -141,11 +137,14 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) EROFS_GET_BLOCKS_FINDTAIL); erofs_put_metabuf(&map.buf); if (err < 0) - goto out_unlock; + goto unmap_done; } +init_done: /* paired with smp_mb() at the beginning of the function */ smp_mb(); set_bit(EROFS_I_Z_INITED_BIT, &vi->flags); +unmap_done: + erofs_put_metabuf(&buf); out_unlock: clear_and_wake_up_bit(EROFS_I_BL_Z_BIT, &vi->flags); return err; -- 2.25.1