Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp35147893rwd; Mon, 10 Jul 2023 03:21:19 -0700 (PDT) X-Google-Smtp-Source: APBJJlFEW7sNW1Fa9ncaunaBd53hHAgFRyTWzy3JEHWv9I/ZB1eiinW3ChfqOTeF/NhGw61RzaGX X-Received: by 2002:a05:6870:8288:b0:18e:cdd6:971a with SMTP id q8-20020a056870828800b0018ecdd6971amr11999343oae.36.1688984479414; Mon, 10 Jul 2023 03:21:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688984479; cv=none; d=google.com; s=arc-20160816; b=T4f5v3x3NGkUCUJqhcKUjw5P0z3yoPA9Y43NZx5l6gwb+YfK28gVhhjzmgNNInfGP2 kV/tNkJ97x7ETj43C9ImGRCEFAWxWwdeQwAgtxAzMtFChFsqTilvP8B/eB5ho6OiVmDV I7INnL1tjTC5jagnMRZnQ6O1toF1xOiX8XYHuzYZ9F9cl9yedilLYw8DcTE9GyD0rpWK xzoDwbZVpuQKmgyI8DUyeqsO28W6Ds6LT3m4ELI+MP2IGyP0TYX08f+myWyIrzwK+SpH nzvmILdOPBXd0dWJfXjS0keIo9tufq9p/iMQlYckYEnCB3HgaFft4bbKW2Uh2ademgn0 c2YQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:subject:user-agent:mime-version:date:message-id; bh=etk411oO0YUlb9MoyCESQ93IVdecBo41vV9QMG9cf5Y=; fh=xmiJG76cttROgINb3JPk5FxVbBmbA8BIBGSWF2HX1uw=; b=p8OhVI9e5iPaT7ovIGFj/swDCAFFfSd1aWifkfD6h1leb2R9nUWPIvwDNX0WQGBwmv nwKwTEaMPDe79MXCtf28DpO8uTm2eNOsYQev3M6A0Z0MuO5cc/dKw3SYLGg9qbiH+XM0 JRhUH1j4El6gwOAJXoFL4YvtMXyyN0or1TkoCYSm4/lVvRvK1A3hwY8OUurBnJL9gjmS b+v4j7Et69p3gFESSAhAJkwwi2YvzURLWurYKCgf2d4NaaTg2FnU1uHHLwtkNKYj/qMy hPp8F1D6dVNpi+Fq4dGpKfmG68fqmLa8lhsRtWv7ywgCx6ntSSjJLPNS+Or5jMbbNsBk 6s/w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bt6-20020a17090af00600b00256a04ff7cbsi7030223pjb.119.2023.07.10.03.21.07; Mon, 10 Jul 2023 03:21:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230194AbjGJJ7P (ORCPT + 99 others); Mon, 10 Jul 2023 05:59:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42092 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229586AbjGJJ64 (ORCPT ); Mon, 10 Jul 2023 05:58:56 -0400 Received: from out30-110.freemail.mail.aliyun.com (out30-110.freemail.mail.aliyun.com [115.124.30.110]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12B59187 for ; Mon, 10 Jul 2023 02:56:47 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R211e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046050;MF=hsiangkao@linux.alibaba.com;NM=1;PH=DS;RN=7;SR=0;TI=SMTPD_---0Vn1LFNN_1688983004; Received: from 30.97.48.247(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0Vn1LFNN_1688983004) by smtp.aliyun-inc.com; Mon, 10 Jul 2023 17:56:44 +0800 Message-ID: Date: Mon, 10 Jul 2023 17:56:43 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH] erofs: fix to avoid infinite loop in z_erofs_do_read_page() when read page beyond EOF To: Chunhai Guo , xiang@kernel.org Cc: chao@kernel.org, huyue2@coolpad.com, jefflexu@linux.alibaba.com, linux-erofs@lists.ozlabs.org, linux-kernel@vger.kernel.org References: <20230710093410.44071-1-guochunhai@vivo.com> From: Gao Xiang In-Reply-To: <20230710093410.44071-1-guochunhai@vivo.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-10.0 required=5.0 tests=BAYES_00, ENV_AND_HDR_SPF_MATCH,NICE_REPLY_A,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2023/7/10 17:34, Chunhai Guo wrote: > z_erofs_do_read_page() may loop infinitely due to the inappropriate > truncation in the below statement. Since the offset is 64 bits and min_t() > truncates the result to 32 bits. The solution is to replace unsigned int > with a 64-bit type, such as erofs_off_t. > cur = end - min_t(unsigned int, offset + end - map->m_la, end); > > - For example: > - offset = 0x400160000 > - end = 0x370 > - map->m_la = 0x160370 > - offset + end - map->m_la = 0x400000000 > - offset + end - map->m_la = 0x00000000 (truncated as unsigned int) > - Expected result: > - cur = 0 > - Actual result: > - cur = 0x370 > > Signed-off-by: Chunhai Guo I'd like to update the subject line manually to: "erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF" since the original one is too long... Otherwise it looks good to me, Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Reviewed-by: Gao Xiang Thanks, Gao Xiang