Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1081788rwb;
        Sun, 6 Nov 2022 19:07:47 -0800 (PST)
X-Google-Smtp-Source: AA0mqf65f//BZ03ssoCr4l96FI27xO2TyRgLnbrA/5YOHnctUidM0PIAZFub0IdeeUeypJAtnDZN
X-Received: by 2002:a17:906:cd28:b0:7ae:63a8:5310 with SMTP id oz40-20020a170906cd2800b007ae63a85310mr4642887ejb.741.1667790467506;
        Sun, 06 Nov 2022 19:07:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1667790467; cv=none;
        d=google.com; s=arc-20160816;
        b=f+3j5YgX22LXF0s0ic3/mQEds4FE+tXJ9FgDKEeC5MzX+2eU6CwD1djbsS/oK6v/hS
         GDjjMneHoL6NLnmwxGoK3I4mIrCQV4I+ibftuNnvL9rDoQ2LlSPIXQD5IigwC+PfR6T0
         LmlDFMaBBNaE82FO0fhXD8cubNET9StHRjh/ec6UIatznIoH0SWgZW0HcvRceTa6wTR0
         2RSkOuPXU3jrO9ceIN7GN9eUi2BInN/RM0d5gn4mdxXtNxa68zBtNVcjUgf/y6A+M8rn
         wGIaZn6MMgkgsv2fm6ibYq4gztYC73r+pIL/At4foQOkq00X9wFTZ1IOp/N8Yixf/yNJ
         6OEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=WZkXEMiz7hr3vh0AkK3XJbasXgEZVM4Vev2VqFKsrz4=;
        b=crTmfQOtXg6WXi2rCay8ytAXhYPWbsNL7fBOiSo05etsU8+Gt88rxHMDMgvDT1CI6K
         3YAH8+MCforqt1CsDLNu8SOskPwWjOeJP3PAw02ZFRlUKhenkIkY+qF7iXUaCclb2Ede
         54lsR7IqczdBR7RpVmpsWktgFx/7wqPbtYbveee3YOKjdenwvD6PM0lorxkVXwQpzUMG
         IfCI628VXXFovj76HNrgclaVtsU1e2JI0G6zIeIQuAWW0g7Ypb6q8vGyJ105v3XTb4Z0
         n4jBl8z8zff2k/XBku55A7gqPPnw3h0KFQMavhzFSwKtUhVtnw7/qx4f1CsT58bonlOv
         Y7LQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id qf24-20020a1709077f1800b00787d0dfe70csi7812357ejc.981.2022.11.06.19.07.24;
        Sun, 06 Nov 2022 19:07:47 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230287AbiKGDEu (ORCPT <rfc822;sshegde.linux@gmail.com>
        + 96 others); Sun, 6 Nov 2022 22:04:50 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59812 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230136AbiKGDEs (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 6 Nov 2022 22:04:48 -0500
Received: from out30-44.freemail.mail.aliyun.com (out30-44.freemail.mail.aliyun.com [115.124.30.44])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D46F660E6
        for <linux-kernel@vger.kernel.org>; Sun,  6 Nov 2022 19:04:46 -0800 (PST)
X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R161e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018045176;MF=hsiangkao@linux.alibaba.com;NM=1;PH=DS;RN=9;SR=0;TI=SMTPD_---0VU5LMBj_1667790281;
Received: from B-P7TQMD6M-0146.local(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0VU5LMBj_1667790281)
          by smtp.aliyun-inc.com;
          Mon, 07 Nov 2022 11:04:43 +0800
Date:   Mon, 7 Nov 2022 11:04:40 +0800
From:   Gao Xiang <hsiangkao@linux.alibaba.com>
To:     Yue Hu <zbestahu@gmail.com>
Cc:     xiang@kernel.org, chao@kernel.org, linux-erofs@lists.ozlabs.org,
        linux-kernel@vger.kernel.org,
        syzbot+3faecbfd845a895c04cb@syzkaller.appspotmail.com,
        syzkaller-bugs@googlegroups.com, zhangwen@coolpad.com,
        Yue Hu <huyue2@coolpad.com>
Subject: Re: [PATCH v2] erofs: fix general protection fault when reading
 fragment
Message-ID: <Y2h1yAXZhoWHBF7M@B-P7TQMD6M-0146.local>
References: <20221021085325.25788-1-zbestahu@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20221021085325.25788-1-zbestahu@gmail.com>
X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00,
        ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,
        UNPARSEABLE_RELAY,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Oct 21, 2022 at 04:53:25PM +0800, Yue Hu wrote:
> From: Yue Hu <huyue2@coolpad.com>
> 
> As syzbot reported [1], the fragment feature sb flag is not set, so
> packed_inode != NULL needs to be checked in z_erofs_read_fragment().
> 
> [1] https://lore.kernel.org/all/0000000000002e7a8905eb841ddd@google.com/
> 
> Reported-by: syzbot+3faecbfd845a895c04cb@syzkaller.appspotmail.com
> Fixes: 08a0c9ef3e7e ("erofs: support on-disk compressed fragments data")
> Signed-off-by: Yue Hu <huyue2@coolpad.com>

Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>

Thanks,
Gao Xiang

> ---
> v2: fix return value to -EFSCURRUPTED (Xiang)
> 
>  fs/erofs/zdata.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c
> index cce56dde135c..55c13cd6934b 100644
> --- a/fs/erofs/zdata.c
> +++ b/fs/erofs/zdata.c
> @@ -659,6 +659,9 @@ static int z_erofs_read_fragment(struct inode *inode, erofs_off_t pos,
>  	u8 *src, *dst;
>  	unsigned int i, cnt;
>  
> +	if (!packed_inode)
> +		return -EFSCORRUPTED;
> +
>  	pos += EROFS_I(inode)->z_fragmentoff;
>  	for (i = 0; i < len; i += cnt) {
>  		cnt = min_t(unsigned int, len - i,
> -- 
> 2.17.1