Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1257148rwb; Tue, 4 Oct 2022 18:38:37 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4XsXzql6E3MTpY9MOV0nOlhu7j6v5snZ+0cnKJIZaobtsIzHNHkg/iBRttPqbYz3BwMoZD X-Received: by 2002:a17:90b:3e87:b0:203:19a9:e534 with SMTP id rj7-20020a17090b3e8700b0020319a9e534mr2517272pjb.222.1664933917311; Tue, 04 Oct 2022 18:38:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664933917; cv=none; d=google.com; s=arc-20160816; b=UbZTngKFGgZRiCLyZhl6eXiFkNUriOsiR0WIkHj7A447sjF1MqI8NcvNFwVFN0Wehn xyHHzlo7wiJSwGEflKvrAITwQl9Yh7P1JwzEOz6g63hGA+mKZyhabpPSh239+4dn1Lz/ RUjuS31KNgEba32I4uwj6T5lUhp3pLAMjNz8dHBtqI2uv2vknew9f3U8vOIZ64HUCNY7 D+tfunp8gwLmxQTOt/2w6yDcuUObfUzaJdIXYYmTgcfRTqhQN41ys8BV9miCHItO1aaR XsJCPrJTHa8v8P7TecungcXFWtQpG/d/U95TDIyNHkLE93m8oIY66/WkVcjlRCjoCn86 BaTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=SHxlaDnKLdEJkzD0nfI8r5ojeqLZ2V176ymnKnXKjHI=; b=FO1/7Ou/mIqohfh7J9tkGZwJCrJlrMHu0Z8tbRx6fbxmsJdlKL5lutM3aIQnMxhCpg zDS698+mQXYz2RWWgGhw3E1GjC27FhKh8uIy4ya7E2hwzB9QLDfhBFdXFwqMP1aRm7Nf 9l/CwyQbwWzpuh5DV/2kvn9hEY7Euv+3h6krO9iuBGU8nqYcKFZ0+kEJByZgji00+68p qY/ohLoM8BzYPhkFQfYFLiRNp4ooq4mEdRjdCclyObms5Yd6mnoerCWglZw5X1R7cVV2 y+sdqts489giLYa49IebrsI9ZNxomSyphtnanMcd+0mZ5Y3m2tZ7YdxwLIs17sk321At Wsag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@163.com header.s=s110527 header.b=LrG6uiVK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q10-20020a056a00088a00b0054096da12b1si14777317pfj.39.2022.10.04.18.38.17; Tue, 04 Oct 2022 18:38:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@163.com header.s=s110527 header.b=LrG6uiVK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229703AbiJEBgf (ORCPT + 99 others); Tue, 4 Oct 2022 21:36:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40356 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229698AbiJEBgc (ORCPT ); Tue, 4 Oct 2022 21:36:32 -0400 Received: from m12-12.163.com (m12-12.163.com [220.181.12.12]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 666E36F545 for ; Tue, 4 Oct 2022 18:36:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=SHxla DnKLdEJkzD0nfI8r5ojeqLZ2V176ymnKnXKjHI=; b=LrG6uiVKaoKSJF5lRSxBO q2Cfq40t9DRJdxeMg7AWAjHzBFkdJYfaw2bwvD+v8Chn04X4jlgAs6ak6h0cu4hb y/L1c3u7ziogeV0ckDXcVYCVQ5WNdYz4r8+ye2Ds0zhCEBcRHxZjCe/bOwwCoaem da43TwffRR1ZM4ZSVIoREo= Received: from localhost.localdomain (unknown [112.22.168.233]) by smtp8 (Coremail) with SMTP id DMCowAAHjAqE3zxjEBBHew--.16506S2; Wed, 05 Oct 2022 09:36:07 +0800 (CST) From: Yue Hu To: xiang@kernel.org, chao@kernel.org Cc: linux-erofs@lists.ozlabs.org, linux-kernel@vger.kernel.org, zhangwen@coolpad.com, Yue Hu Subject: [PATCH v2] erofs: fix invalid unmapped accesses in z_erofs_fill_inode_lazy() Date: Wed, 5 Oct 2022 09:35:28 +0800 Message-Id: <20221005013528.62977-1-zbestahu@163.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID: DMCowAAHjAqE3zxjEBBHew--.16506S2 X-Coremail-Antispam: 1Uf129KBjvJXoWxXryUCr43tF45CF4rur4fuFg_yoW5ur4rpF 429rWSkryrtrn7CrWIkF1jqryakay8Gw4DG34fG34fZas0gw1vgFyrtF9rAFW5G3s5JrZY qF1Iva4DurWIk3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07j3OzsUUUUU= X-Originating-IP: [112.22.168.233] X-CM-SenderInfo: p2eh23xdkxqiywtou0bp/xtbBPRCQEWAZCmC3NgABs- X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Yue Hu Note that we are still accessing 'h_idata_size' and 'h_fragmentoff' after calling erofs_put_metabuf(), that is not correct. Fix it. Fixes: ab92184ff8f1 ("erofs: add on-disk compressed tail-packing inline support") Fixes: b15b2e307c3a ("erofs: support on-disk compressed fragments data") Signed-off-by: Yue Hu --- v2: refine the subject, jump label naming, code style (Xiang) fs/erofs/zmap.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/fs/erofs/zmap.c b/fs/erofs/zmap.c index 44c27ef39c43..0bb66927e3d0 100644 --- a/fs/erofs/zmap.c +++ b/fs/erofs/zmap.c @@ -57,8 +57,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) pos = ALIGN(iloc(EROFS_SB(sb), vi->nid) + vi->inode_isize + vi->xattr_isize, 8); - kaddr = erofs_read_metabuf(&buf, sb, erofs_blknr(pos), - EROFS_KMAP_ATOMIC); + kaddr = erofs_read_metabuf(&buf, sb, erofs_blknr(pos), EROFS_KMAP); if (IS_ERR(kaddr)) { err = PTR_ERR(kaddr); goto out_unlock; @@ -73,7 +72,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) vi->z_advise = Z_EROFS_ADVISE_FRAGMENT_PCLUSTER; vi->z_fragmentoff = le64_to_cpu(*(__le64 *)h) ^ (1ULL << 63); vi->z_tailextent_headlcn = 0; - goto unmap_done; + goto done; } vi->z_advise = le16_to_cpu(h->h_advise); vi->z_algorithmtype[0] = h->h_algorithmtype & 15; @@ -85,7 +84,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) erofs_err(sb, "unknown HEAD%u format %u for nid %llu, please upgrade kernel", headnr + 1, vi->z_algorithmtype[headnr], vi->nid); err = -EOPNOTSUPP; - goto unmap_done; + goto out_put_metabuf; } vi->z_logical_clusterbits = LOG_BLOCK_SIZE + (h->h_clusterbits & 7); @@ -95,7 +94,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) erofs_err(sb, "per-inode big pcluster without sb feature for nid %llu", vi->nid); err = -EFSCORRUPTED; - goto unmap_done; + goto out_put_metabuf; } if (vi->datalayout == EROFS_INODE_FLAT_COMPRESSION && !(vi->z_advise & Z_EROFS_ADVISE_BIG_PCLUSTER_1) ^ @@ -103,12 +102,8 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) erofs_err(sb, "big pcluster head1/2 of compact indexes should be consistent for nid %llu", vi->nid); err = -EFSCORRUPTED; - goto unmap_done; + goto out_put_metabuf; } -unmap_done: - erofs_put_metabuf(&buf); - if (err) - goto out_unlock; if (vi->z_advise & Z_EROFS_ADVISE_INLINE_PCLUSTER) { struct erofs_map_blocks map = { @@ -127,7 +122,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) err = -EFSCORRUPTED; } if (err < 0) - goto out_unlock; + goto out_put_metabuf; } if (vi->z_advise & Z_EROFS_ADVISE_FRAGMENT_PCLUSTER && @@ -141,11 +136,14 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) EROFS_GET_BLOCKS_FINDTAIL); erofs_put_metabuf(&map.buf); if (err < 0) - goto out_unlock; + goto out_put_metabuf; } +done: /* paired with smp_mb() at the beginning of the function */ smp_mb(); set_bit(EROFS_I_Z_INITED_BIT, &vi->flags); +out_put_metabuf: + erofs_put_metabuf(&buf); out_unlock: clear_and_wake_up_bit(EROFS_I_BL_Z_BIT, &vi->flags); return err; -- 2.25.1