From nobody Mon Apr 6 18:07:36 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 562BAC433F5 for ; Wed, 5 Oct 2022 01:36:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229707AbiJEBgf (ORCPT ); Tue, 4 Oct 2022 21:36:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40356 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229698AbiJEBgc (ORCPT ); Tue, 4 Oct 2022 21:36:32 -0400 Received: from m12-12.163.com (m12-12.163.com [220.181.12.12]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 666E36F545 for ; Tue, 4 Oct 2022 18:36:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=SHxla DnKLdEJkzD0nfI8r5ojeqLZ2V176ymnKnXKjHI=; b=LrG6uiVKaoKSJF5lRSxBO q2Cfq40t9DRJdxeMg7AWAjHzBFkdJYfaw2bwvD+v8Chn04X4jlgAs6ak6h0cu4hb y/L1c3u7ziogeV0ckDXcVYCVQ5WNdYz4r8+ye2Ds0zhCEBcRHxZjCe/bOwwCoaem da43TwffRR1ZM4ZSVIoREo= Received: from localhost.localdomain (unknown [112.22.168.233]) by smtp8 (Coremail) with SMTP id DMCowAAHjAqE3zxjEBBHew--.16506S2; Wed, 05 Oct 2022 09:36:07 +0800 (CST) From: Yue Hu To: xiang@kernel.org, chao@kernel.org Cc: linux-erofs@lists.ozlabs.org, linux-kernel@vger.kernel.org, zhangwen@coolpad.com, Yue Hu Subject: [PATCH v2] erofs: fix invalid unmapped accesses in z_erofs_fill_inode_lazy() Date: Wed, 5 Oct 2022 09:35:28 +0800 Message-Id: <20221005013528.62977-1-zbestahu@163.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: DMCowAAHjAqE3zxjEBBHew--.16506S2 X-Coremail-Antispam: 1Uf129KBjvJXoWxXryUCr43tF45CF4rur4fuFg_yoW5ur4rpF 429rWSkryrtrn7CrWIkF1jqryakay8Gw4DG34fG34fZas0gw1vgFyrtF9rAFW5G3s5JrZY qF1Iva4DurWIk3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07j3OzsUUUUU= X-Originating-IP: [112.22.168.233] X-CM-SenderInfo: p2eh23xdkxqiywtou0bp/xtbBPRCQEWAZCmC3NgABs- Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Yue Hu Note that we are still accessing 'h_idata_size' and 'h_fragmentoff' after calling erofs_put_metabuf(), that is not correct. Fix it. Fixes: ab92184ff8f1 ("erofs: add on-disk compressed tail-packing inline sup= port") Fixes: b15b2e307c3a ("erofs: support on-disk compressed fragments data") Signed-off-by: Yue Hu Reviewed-by: Chao Yu Reviewed-by: Gao Xiang --- v2: refine the subject, jump label naming, code style (Xiang) fs/erofs/zmap.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/fs/erofs/zmap.c b/fs/erofs/zmap.c index 44c27ef39c43..0bb66927e3d0 100644 --- a/fs/erofs/zmap.c +++ b/fs/erofs/zmap.c @@ -57,8 +57,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) =20 pos =3D ALIGN(iloc(EROFS_SB(sb), vi->nid) + vi->inode_isize + vi->xattr_isize, 8); - kaddr =3D erofs_read_metabuf(&buf, sb, erofs_blknr(pos), - EROFS_KMAP_ATOMIC); + kaddr =3D erofs_read_metabuf(&buf, sb, erofs_blknr(pos), EROFS_KMAP); if (IS_ERR(kaddr)) { err =3D PTR_ERR(kaddr); goto out_unlock; @@ -73,7 +72,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) vi->z_advise =3D Z_EROFS_ADVISE_FRAGMENT_PCLUSTER; vi->z_fragmentoff =3D le64_to_cpu(*(__le64 *)h) ^ (1ULL << 63); vi->z_tailextent_headlcn =3D 0; - goto unmap_done; + goto done; } vi->z_advise =3D le16_to_cpu(h->h_advise); vi->z_algorithmtype[0] =3D h->h_algorithmtype & 15; @@ -85,7 +84,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) erofs_err(sb, "unknown HEAD%u format %u for nid %llu, please upgrade ker= nel", headnr + 1, vi->z_algorithmtype[headnr], vi->nid); err =3D -EOPNOTSUPP; - goto unmap_done; + goto out_put_metabuf; } =20 vi->z_logical_clusterbits =3D LOG_BLOCK_SIZE + (h->h_clusterbits & 7); @@ -95,7 +94,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) erofs_err(sb, "per-inode big pcluster without sb feature for nid %llu", vi->nid); err =3D -EFSCORRUPTED; - goto unmap_done; + goto out_put_metabuf; } if (vi->datalayout =3D=3D EROFS_INODE_FLAT_COMPRESSION && !(vi->z_advise & Z_EROFS_ADVISE_BIG_PCLUSTER_1) ^ @@ -103,12 +102,8 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) erofs_err(sb, "big pcluster head1/2 of compact indexes should be consist= ent for nid %llu", vi->nid); err =3D -EFSCORRUPTED; - goto unmap_done; + goto out_put_metabuf; } -unmap_done: - erofs_put_metabuf(&buf); - if (err) - goto out_unlock; =20 if (vi->z_advise & Z_EROFS_ADVISE_INLINE_PCLUSTER) { struct erofs_map_blocks map =3D { @@ -127,7 +122,7 @@ static int z_erofs_fill_inode_lazy(struct inode *inode) err =3D -EFSCORRUPTED; } if (err < 0) - goto out_unlock; + goto out_put_metabuf; } =20 if (vi->z_advise & Z_EROFS_ADVISE_FRAGMENT_PCLUSTER && @@ -141,11 +136,14 @@ static int z_erofs_fill_inode_lazy(struct inode *inod= e) EROFS_GET_BLOCKS_FINDTAIL); erofs_put_metabuf(&map.buf); if (err < 0) - goto out_unlock; + goto out_put_metabuf; } +done: /* paired with smp_mb() at the beginning of the function */ smp_mb(); set_bit(EROFS_I_Z_INITED_BIT, &vi->flags); +out_put_metabuf: + erofs_put_metabuf(&buf); out_unlock: clear_and_wake_up_bit(EROFS_I_BL_Z_BIT, &vi->flags); return err; --=20 2.25.1