Message ID | 20190819103426.87579-2-gaoxiang25@huawei.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | staging: erofs: first stage of corrupted compressed images | expand |
On 2019-8-19 18:34, Gao Xiang wrote: > As reported by erofs_utils fuzzer, a logical page can belong > to at most 2 compressed clusters, if one compressed cluster > is corrupted, but the other has been ready in submitting chain. > > The chain needs to submit anyway in order to keep the page > working properly (page unlocked with PG_error set, PG_uptodate > not set). > > Let's fix it now. > > Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") > Cc: <stable@vger.kernel.org> # 4.19+ > Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Thanks,
On 2019-8-19 18:34, Gao Xiang wrote: > As reported by erofs_utils fuzzer, a logical page can belong > to at most 2 compressed clusters, if one compressed cluster > is corrupted, but the other has been ready in submitting chain. > > The chain needs to submit anyway in order to keep the page > working properly (page unlocked with PG_error set, PG_uptodate > not set). > > Let's fix it now. > > Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") > Cc: <stable@vger.kernel.org> # 4.19+ > Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Thanks,
diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c index 2d7aaf98f7de..87b0c96caf8f 100644 --- a/drivers/staging/erofs/zdata.c +++ b/drivers/staging/erofs/zdata.c @@ -1307,19 +1307,18 @@ static int z_erofs_vle_normalaccess_readpage(struct file *file, err = z_erofs_do_read_page(&f, page, &pagepool); (void)z_erofs_collector_end(&f.clt); - if (err) { + /* if some compressed cluster ready, need submit them anyway */ + z_erofs_submit_and_unzip(inode->i_sb, &f.clt, &pagepool, true); + + if (err) errln("%s, failed to read, err [%d]", __func__, err); - goto out; - } - z_erofs_submit_and_unzip(inode->i_sb, &f.clt, &pagepool, true); -out: if (f.map.mpage) put_page(f.map.mpage); /* clean up the remaining free pages */ put_pages_list(&pagepool); - return 0; + return err; } static bool should_decompress_synchronously(struct erofs_sb_info *sbi,
As reported by erofs_utils fuzzer, a logical page can belong to at most 2 compressed clusters, if one compressed cluster is corrupted, but the other has been ready in submitting chain. The chain needs to submit anyway in order to keep the page working properly (page unlocked with PG_error set, PG_uptodate not set). Let's fix it now. Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: <stable@vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> --- drivers/staging/erofs/zdata.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-)