Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp2303458rwi;
        Fri, 21 Oct 2022 02:10:55 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM5K+LJdpLodfj2s7zvfm0NBT3SGoalRVDYe7lLPlvnMQ/VhMHiPNZMMKBvfnsaDCR6aQA8/
X-Received: by 2002:a17:902:690a:b0:17a:32d:7acc with SMTP id j10-20020a170902690a00b0017a032d7accmr18361734plk.18.1666343455209;
        Fri, 21 Oct 2022 02:10:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1666343455; cv=none;
        d=google.com; s=arc-20160816;
        b=aWUV+4gdJqFbXFO2KI4HnSVwQ7k2bCOW60qI8qRqJ0hn9oegYu7aMRoik+0fC1VAJT
         Bgz1kxRgoAOQxBRpeEQ5aXbJuigyeM9ht7Ogisjsa5fp1U16dP2OLE22Dpmx/XitkP6g
         wCXRKk8BW3qjQy3YXbOo3Kw1ZbdEdF/xQGn+EPZM4VU0Y69CsUWL3OhBFu15Smet/4td
         kureSTvMRYcrAt2756fVJWqMf2EhzrjZfE+XaMSxPaHIUM+HFAfk4KasARaG4rMMAlip
         skVmnOet9Vx7qh+a1HDOu8SMDaC7yA1bYwUusytRKJIrOIOjlFD0gOma6QdNLGC11bBV
         iBnQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=dN/CtpawKfs6ThqbNfuMI9XwWproxAb+fjcVPSO1YBw=;
        b=q9gOtqsUHR+9/Cy4iWdVlvHBaGkjeSKCKcZr199IlAUuUmuhsEXxUkxaBFL/k3xanp
         Huz/2mdsMTB1qrvdkKH1h32GyXNMc8e1fyWOfo0nl/Xv/trIrL+bwf87PmrhmG2wBj3L
         8Qjio+VVnBacPaKkxlXwRWTIcO1l2Ml7lfvEWXp2l5g49ZBYoYMfrCCGKY0bmS4YAS6V
         O0F/Pq4KKrH63DGYH/gRGBe98nW//IUw2PsVKgz4CvIZ5vi4PrJgiDHkFLGkNE9h/wLw
         kVfFvCgixUJ+qF0gP0bOu8jlz//8Kdgl3u1kdDLjG8PKxbvnYMcZX2xK4DEtzrMhT+UW
         6mjA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id x26-20020a634a1a000000b004493c7cfb5csi23968050pga.447.2022.10.21.02.10.43;
        Fri, 21 Oct 2022 02:10:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230321AbiJUIsM (ORCPT <rfc822;arvinlake4755@gmail.com>
        + 99 others); Fri, 21 Oct 2022 04:48:12 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52748 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230298AbiJUIsD (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 21 Oct 2022 04:48:03 -0400
Received: from out30-44.freemail.mail.aliyun.com (out30-44.freemail.mail.aliyun.com [115.124.30.44])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75408253BDE
        for <linux-kernel@vger.kernel.org>; Fri, 21 Oct 2022 01:47:57 -0700 (PDT)
X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R141e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046050;MF=hsiangkao@linux.alibaba.com;NM=1;PH=DS;RN=9;SR=0;TI=SMTPD_---0VSijGYI_1666342072;
Received: from B-P7TQMD6M-0146.local(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0VSijGYI_1666342072)
          by smtp.aliyun-inc.com;
          Fri, 21 Oct 2022 16:47:54 +0800
Date:   Fri, 21 Oct 2022 16:47:51 +0800
From:   Gao Xiang <hsiangkao@linux.alibaba.com>
To:     Yue Hu <zbestahu@gmail.com>
Cc:     xiang@kernel.org, chao@kernel.org, linux-erofs@lists.ozlabs.org,
        linux-kernel@vger.kernel.org,
        syzbot+3faecbfd845a895c04cb@syzkaller.appspotmail.com,
        syzkaller-bugs@googlegroups.com, zhangwen@coolpad.com,
        Yue Hu <huyue2@coolpad.com>
Subject: Re: [PATCH] erofs: fix general protection fault when reading fragment
Message-ID: <Y1Jct+8SnhawtIqJ@B-P7TQMD6M-0146.local>
References: <20221021083116.20048-1-zbestahu@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20221021083116.20048-1-zbestahu@gmail.com>
X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00,
        ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,
        UNPARSEABLE_RELAY,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Oct 21, 2022 at 04:31:16PM +0800, Yue Hu wrote:
> From: Yue Hu <huyue2@coolpad.com>
> 
> As syzbot reported [1], the fragment feature sb flag is not set, so
> packed_inode != NULL needs to be checked in z_erofs_read_fragment().
> 
> [1] https://lore.kernel.org/all/0000000000002e7a8905eb841ddd@google.com/
> 
> Reported-by: syzbot+3faecbfd845a895c04cb@syzkaller.appspotmail.com
> Fixes: 08a0c9ef3e7e ("erofs: support on-disk compressed fragments data")
> Signed-off-by: Yue Hu <huyue2@coolpad.com>
> ---
>  fs/erofs/zdata.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c
> index cce56dde135c..310f6916787a 100644
> --- a/fs/erofs/zdata.c
> +++ b/fs/erofs/zdata.c
> @@ -659,6 +659,9 @@ static int z_erofs_read_fragment(struct inode *inode, erofs_off_t pos,
>  	u8 *src, *dst;
>  	unsigned int i, cnt;
>  
> +	if (!packed_inode)
> +		return -EFAULT;

You should use -EFSCURRUPTED; here.

Thanks,
Gao Xiang

> +
>  	pos += EROFS_I(inode)->z_fragmentoff;
>  	for (i = 0; i < len; i += cnt) {
>  		cnt = min_t(unsigned int, len - i,
> -- 
> 2.17.1