Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp2303458rwi; Fri, 21 Oct 2022 02:10:55 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5K+LJdpLodfj2s7zvfm0NBT3SGoalRVDYe7lLPlvnMQ/VhMHiPNZMMKBvfnsaDCR6aQA8/ X-Received: by 2002:a17:902:690a:b0:17a:32d:7acc with SMTP id j10-20020a170902690a00b0017a032d7accmr18361734plk.18.1666343455209; Fri, 21 Oct 2022 02:10:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666343455; cv=none; d=google.com; s=arc-20160816; b=aWUV+4gdJqFbXFO2KI4HnSVwQ7k2bCOW60qI8qRqJ0hn9oegYu7aMRoik+0fC1VAJT Bgz1kxRgoAOQxBRpeEQ5aXbJuigyeM9ht7Ogisjsa5fp1U16dP2OLE22Dpmx/XitkP6g wCXRKk8BW3qjQy3YXbOo3Kw1ZbdEdF/xQGn+EPZM4VU0Y69CsUWL3OhBFu15Smet/4td kureSTvMRYcrAt2756fVJWqMf2EhzrjZfE+XaMSxPaHIUM+HFAfk4KasARaG4rMMAlip skVmnOet9Vx7qh+a1HDOu8SMDaC7yA1bYwUusytRKJIrOIOjlFD0gOma6QdNLGC11bBV iBnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=dN/CtpawKfs6ThqbNfuMI9XwWproxAb+fjcVPSO1YBw=; b=q9gOtqsUHR+9/Cy4iWdVlvHBaGkjeSKCKcZr199IlAUuUmuhsEXxUkxaBFL/k3xanp Huz/2mdsMTB1qrvdkKH1h32GyXNMc8e1fyWOfo0nl/Xv/trIrL+bwf87PmrhmG2wBj3L 8Qjio+VVnBacPaKkxlXwRWTIcO1l2Ml7lfvEWXp2l5g49ZBYoYMfrCCGKY0bmS4YAS6V O0F/Pq4KKrH63DGYH/gRGBe98nW//IUw2PsVKgz4CvIZ5vi4PrJgiDHkFLGkNE9h/wLw kVfFvCgixUJ+qF0gP0bOu8jlz//8Kdgl3u1kdDLjG8PKxbvnYMcZX2xK4DEtzrMhT+UW 6mjA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x26-20020a634a1a000000b004493c7cfb5csi23968050pga.447.2022.10.21.02.10.43; Fri, 21 Oct 2022 02:10:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230321AbiJUIsM (ORCPT + 99 others); Fri, 21 Oct 2022 04:48:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52748 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230298AbiJUIsD (ORCPT ); Fri, 21 Oct 2022 04:48:03 -0400 Received: from out30-44.freemail.mail.aliyun.com (out30-44.freemail.mail.aliyun.com [115.124.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75408253BDE for ; Fri, 21 Oct 2022 01:47:57 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R141e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046050;MF=hsiangkao@linux.alibaba.com;NM=1;PH=DS;RN=9;SR=0;TI=SMTPD_---0VSijGYI_1666342072; Received: from B-P7TQMD6M-0146.local(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0VSijGYI_1666342072) by smtp.aliyun-inc.com; Fri, 21 Oct 2022 16:47:54 +0800 Date: Fri, 21 Oct 2022 16:47:51 +0800 From: Gao Xiang To: Yue Hu Cc: xiang@kernel.org, chao@kernel.org, linux-erofs@lists.ozlabs.org, linux-kernel@vger.kernel.org, syzbot+3faecbfd845a895c04cb@syzkaller.appspotmail.com, syzkaller-bugs@googlegroups.com, zhangwen@coolpad.com, Yue Hu Subject: Re: [PATCH] erofs: fix general protection fault when reading fragment Message-ID: References: <20221021083116.20048-1-zbestahu@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20221021083116.20048-1-zbestahu@gmail.com> X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, UNPARSEABLE_RELAY,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 21, 2022 at 04:31:16PM +0800, Yue Hu wrote: > From: Yue Hu > > As syzbot reported [1], the fragment feature sb flag is not set, so > packed_inode != NULL needs to be checked in z_erofs_read_fragment(). > > [1] https://lore.kernel.org/all/0000000000002e7a8905eb841ddd@google.com/ > > Reported-by: syzbot+3faecbfd845a895c04cb@syzkaller.appspotmail.com > Fixes: 08a0c9ef3e7e ("erofs: support on-disk compressed fragments data") > Signed-off-by: Yue Hu > --- > fs/erofs/zdata.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c > index cce56dde135c..310f6916787a 100644 > --- a/fs/erofs/zdata.c > +++ b/fs/erofs/zdata.c > @@ -659,6 +659,9 @@ static int z_erofs_read_fragment(struct inode *inode, erofs_off_t pos, > u8 *src, *dst; > unsigned int i, cnt; > > + if (!packed_inode) > + return -EFAULT; You should use -EFSCURRUPTED; here. Thanks, Gao Xiang > + > pos += EROFS_I(inode)->z_fragmentoff; > for (i = 0; i < len; i += cnt) { > cnt = min_t(unsigned int, len - i, > -- > 2.17.1