Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp7887175rwp; Wed, 19 Jul 2023 01:40:42 -0700 (PDT) X-Google-Smtp-Source: APBJJlFRGfchrBwfuMFkKwvCoTO9tlzVi/IBgt5UwlPBv08pFgqoBzZfcCUXC2Zxkai6rIifB0vN X-Received: by 2002:a2e:b019:0:b0:2b9:20fe:4bcc with SMTP id y25-20020a2eb019000000b002b920fe4bccmr8872903ljk.21.1689756042371; Wed, 19 Jul 2023 01:40:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689756042; cv=none; d=google.com; s=arc-20160816; b=lSIbEJ6yXCT+IvzmKYACI1YKOytBWfceucpy41VpoCztyOeVqsq0OGSvsECibbsVwN 49HTderLPco7JTZHel3zEPcrwoe1rBdIA0Rbg8T7u0ez43Si7V5bod+VMjXB4P3KT73m 3CPIyLyS7+BOUqajM58M0w6KV3yH6hVRYe8non9AF4p5vz0NabRRB8+OWUMNYYMIXliq NpQz+LEzCYwZE2SjYgG1jTeMcssGyMUwQgNftFfq7vA9FR/jxq+xcVkQqmADqrxQaciQ XNRjvFDBMa3+G0mwsjloFct43wVjCnRJBZq4tUck3t3pvs5OmpPm6KvmDhslCtZkX+/h fgbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=cvWh7MCnwnyLWS6H4IZraomeL0saFPNehe+oNNDJoCg=; fh=1bpFwyOsB1q8L2F+8oE0TCo5PaYZR3xAGKO0+SCqPdo=; b=gkvHAwWrhqHJQ6+op7Gj9TePjbbTjnMWsgup76pt98IFKvojfNobzCqFvlZT+A9Zuu dXQYxlMwms19pBojVOkGbACMpEQpgtfBgSGKQHuX7KqLWPDeExOfGvhgtxWi88OkDYSm Zj1Q7e0Mz3SDB7XFNDK69y3Tu2PDcQxxzBFmgEkIBho1owcIh/oBa6OZXfpN5X+iD2iJ 6wJZ4waJThoePcw+Q6KG+jUebXDVpFxsYtDLPsXte3e9iA1ObRXXPfzCJyxA1c1lSz+j J+MLLvBmxlOlarymWwfkhn4cu5LRhPNqx8+WabwZ5cOx31G7tvTj2xh6at7/jzlUurAt PTmA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=npivonAo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ce8-20020a170906b24800b009930d9d6b4csi2531208ejb.888.2023.07.19.01.40.16; Wed, 19 Jul 2023 01:40:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=npivonAo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230268AbjGSIeM (ORCPT + 99 others); Wed, 19 Jul 2023 04:34:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36666 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229461AbjGSIeL (ORCPT ); Wed, 19 Jul 2023 04:34:11 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 476B4171D; Wed, 19 Jul 2023 01:34:10 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D48B56130B; Wed, 19 Jul 2023 08:34:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2E0F4C433A9; Wed, 19 Jul 2023 08:34:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689755649; bh=WMX//Zd4vQHTl2wSNqngG3i/KSedW7bESZCEVdywQQg=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=npivonAoU/JLz34y+sU/NQYHPvNpLVQT+U0/+j+878TThXUt2K/EknBClxtbnhFJS GgrvtoIgMqCqeZGw7UEkZRjZzrsr5BhPFx3T8EdDuxBipmyDyGB+J1ClvT1lOAsDgr l5rDJbQBqAualqYJ7CgBqQKBilcA8larUuWgBBWmi4RO7OMatAn8VPgF7/bNLiAq9E S5HIMsTnGT0sdXVOVV1YkwWJl72Whv/nA8r38/EWZNq9VEjelxvff1tKjzTSSewPmh yorAW1NVYQIVtHiKYhZZKK8eyOcxMZhZfC43m6ucmTjEhDqTWGtIEiLMM7Q9gcFSrC bEYx1FSSR02sQ== Received: by mail-lf1-f52.google.com with SMTP id 2adb3069b0e04-4fbb281eec6so10747014e87.1; Wed, 19 Jul 2023 01:34:08 -0700 (PDT) X-Gm-Message-State: ABy/qLZQxaAo2aRTG1tPmJJrznKOb0zoMb9tC5ONuZ5Bd0FnPWdk5VlO 3hehMzVw/e4Vv9DdPYaYR2gv9J8DQtDGcIHsAWA= X-Received: by 2002:ac2:4db2:0:b0:4fd:c8dc:2f55 with SMTP id h18-20020ac24db2000000b004fdc8dc2f55mr3519001lfe.66.1689755647078; Wed, 19 Jul 2023 01:34:07 -0700 (PDT) MIME-Version: 1.0 References: <20230718125847.3869700-1-ardb@kernel.org> <20230718125847.3869700-6-ardb@kernel.org> <20230718223813.GC1005@sol.localdomain> In-Reply-To: <20230718223813.GC1005@sol.localdomain> From: Ard Biesheuvel Date: Wed, 19 Jul 2023 10:33:55 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH 05/21] ubifs: Pass worst-case buffer size to compression routines To: Eric Biggers Cc: linux-crypto@vger.kernel.org, Herbert Xu , Kees Cook , Haren Myneni , Nick Terrell , Minchan Kim , Sergey Senozhatsky , Jens Axboe , Giovanni Cabiddu , Richard Weinberger , David Ahern , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Steffen Klassert , linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, qat-linux@intel.com, linuxppc-dev@lists.ozlabs.org, linux-mtd@lists.infradead.org, netdev@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 19 Jul 2023 at 00:38, Eric Biggers wrote: > > On Tue, Jul 18, 2023 at 02:58:31PM +0200, Ard Biesheuvel wrote: > > Currently, the ubifs code allocates a worst case buffer size to > > recompress a data node, but does not pass the size of that buffer to the > > compression code. This means that the compression code will never use > > the additional space, and might fail spuriously due to lack of space. > > > > So let's multiply out_len by WORST_COMPR_FACTOR after allocating the > > buffer. Doing so is guaranteed not to overflow, given that the preceding > > kmalloc_array() call would have failed otherwise. > > > > Signed-off-by: Ard Biesheuvel > > --- > > fs/ubifs/journal.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c > > index dc52ac0f4a345f30..4e5961878f336033 100644 > > --- a/fs/ubifs/journal.c > > +++ b/fs/ubifs/journal.c > > @@ -1493,6 +1493,8 @@ static int truncate_data_node(const struct ubifs_info *c, const struct inode *in > > if (!buf) > > return -ENOMEM; > > > > + out_len *= WORST_COMPR_FACTOR; > > + > > dlen = le32_to_cpu(dn->ch.len) - UBIFS_DATA_NODE_SZ; > > data_size = dn_size - UBIFS_DATA_NODE_SZ; > > compr_type = le16_to_cpu(dn->compr_type); > > This looks like another case where data that would be expanded by compression > should just be stored uncompressed instead. > > In fact, it seems that UBIFS does that already. ubifs_compress() has this: > > /* > * If the data compressed only slightly, it is better to leave it > * uncompressed to improve read speed. > */ > if (in_len - *out_len < UBIFS_MIN_COMPRESS_DIFF) > goto no_compr; > > So it's unclear why the WORST_COMPR_FACTOR thing is needed at all. > It is not. The buffer is used for decompression in the truncation path, so none of this logic even matters. Even if the subsequent recompression of the truncated data node could result in expansion beyond the uncompressed size of the original data (which seems impossible to me), increasing the size of this buffer would not help as it is the input buffer for the compression not the output buffer.