Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1081788rwb; Sun, 6 Nov 2022 19:07:47 -0800 (PST) X-Google-Smtp-Source: AA0mqf65f//BZ03ssoCr4l96FI27xO2TyRgLnbrA/5YOHnctUidM0PIAZFub0IdeeUeypJAtnDZN X-Received: by 2002:a17:906:cd28:b0:7ae:63a8:5310 with SMTP id oz40-20020a170906cd2800b007ae63a85310mr4642887ejb.741.1667790467506; Sun, 06 Nov 2022 19:07:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667790467; cv=none; d=google.com; s=arc-20160816; b=f+3j5YgX22LXF0s0ic3/mQEds4FE+tXJ9FgDKEeC5MzX+2eU6CwD1djbsS/oK6v/hS GDjjMneHoL6NLnmwxGoK3I4mIrCQV4I+ibftuNnvL9rDoQ2LlSPIXQD5IigwC+PfR6T0 LmlDFMaBBNaE82FO0fhXD8cubNET9StHRjh/ec6UIatznIoH0SWgZW0HcvRceTa6wTR0 2RSkOuPXU3jrO9ceIN7GN9eUi2BInN/RM0d5gn4mdxXtNxa68zBtNVcjUgf/y6A+M8rn wGIaZn6MMgkgsv2fm6ibYq4gztYC73r+pIL/At4foQOkq00X9wFTZ1IOp/N8Yixf/yNJ 6OEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=WZkXEMiz7hr3vh0AkK3XJbasXgEZVM4Vev2VqFKsrz4=; b=crTmfQOtXg6WXi2rCay8ytAXhYPWbsNL7fBOiSo05etsU8+Gt88rxHMDMgvDT1CI6K 3YAH8+MCforqt1CsDLNu8SOskPwWjOeJP3PAw02ZFRlUKhenkIkY+qF7iXUaCclb2Ede 54lsR7IqczdBR7RpVmpsWktgFx/7wqPbtYbveee3YOKjdenwvD6PM0lorxkVXwQpzUMG IfCI628VXXFovj76HNrgclaVtsU1e2JI0G6zIeIQuAWW0g7Ypb6q8vGyJ105v3XTb4Z0 n4jBl8z8zff2k/XBku55A7gqPPnw3h0KFQMavhzFSwKtUhVtnw7/qx4f1CsT58bonlOv Y7LQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qf24-20020a1709077f1800b00787d0dfe70csi7812357ejc.981.2022.11.06.19.07.24; Sun, 06 Nov 2022 19:07:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230287AbiKGDEu (ORCPT + 96 others); Sun, 6 Nov 2022 22:04:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59812 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230136AbiKGDEs (ORCPT ); Sun, 6 Nov 2022 22:04:48 -0500 Received: from out30-44.freemail.mail.aliyun.com (out30-44.freemail.mail.aliyun.com [115.124.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D46F660E6 for ; Sun, 6 Nov 2022 19:04:46 -0800 (PST) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R161e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018045176;MF=hsiangkao@linux.alibaba.com;NM=1;PH=DS;RN=9;SR=0;TI=SMTPD_---0VU5LMBj_1667790281; Received: from B-P7TQMD6M-0146.local(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0VU5LMBj_1667790281) by smtp.aliyun-inc.com; Mon, 07 Nov 2022 11:04:43 +0800 Date: Mon, 7 Nov 2022 11:04:40 +0800 From: Gao Xiang To: Yue Hu Cc: xiang@kernel.org, chao@kernel.org, linux-erofs@lists.ozlabs.org, linux-kernel@vger.kernel.org, syzbot+3faecbfd845a895c04cb@syzkaller.appspotmail.com, syzkaller-bugs@googlegroups.com, zhangwen@coolpad.com, Yue Hu Subject: Re: [PATCH v2] erofs: fix general protection fault when reading fragment Message-ID: References: <20221021085325.25788-1-zbestahu@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20221021085325.25788-1-zbestahu@gmail.com> X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, UNPARSEABLE_RELAY,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 21, 2022 at 04:53:25PM +0800, Yue Hu wrote: > From: Yue Hu > > As syzbot reported [1], the fragment feature sb flag is not set, so > packed_inode != NULL needs to be checked in z_erofs_read_fragment(). > > [1] https://lore.kernel.org/all/0000000000002e7a8905eb841ddd@google.com/ > > Reported-by: syzbot+3faecbfd845a895c04cb@syzkaller.appspotmail.com > Fixes: 08a0c9ef3e7e ("erofs: support on-disk compressed fragments data") > Signed-off-by: Yue Hu Reviewed-by: Gao Xiang Thanks, Gao Xiang > --- > v2: fix return value to -EFSCURRUPTED (Xiang) > > fs/erofs/zdata.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c > index cce56dde135c..55c13cd6934b 100644 > --- a/fs/erofs/zdata.c > +++ b/fs/erofs/zdata.c > @@ -659,6 +659,9 @@ static int z_erofs_read_fragment(struct inode *inode, erofs_off_t pos, > u8 *src, *dst; > unsigned int i, cnt; > > + if (!packed_inode) > + return -EFSCORRUPTED; > + > pos += EROFS_I(inode)->z_fragmentoff; > for (i = 0; i < len; i += cnt) { > cnt = min_t(unsigned int, len - i, > -- > 2.17.1