commit 131897c65e2b86cf14bec7379f44aa8fbb407526 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

erofs: fix invalid algorithm for encoded extents

The current algorithm sanity checks do not properly apply to new
encoded extents.

Unify the algorithm check with Z_EROFS_COMPRESSION(_RUNTIME)_MAX
and ensure consistency with sbi->available_compr_algs.

Reported-and-tested-by: syzbot+5a398eb460ddaa6f242f@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/r/68a8bd20.050a0220.37038e.005a.GAE@google.com
Fixes: 1d191b4ca51d ("erofs: implement encoded extent metadata")
Thanks-to: Edward Adam Davis <eadavis@qq.com>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>

Gao Xiang 4 months ago 131897c6 c17b750b

+37 -30

1 changed file

expand all

unified split

erofs

zmap.c

+37 -30

fs/erofs/zmap.c

··· 394 394 .map = map, 395 395 .in_mbox = erofs_inode_in_metabox(inode), 396 396 }; 397 - int err = 0; 398 - unsigned int endoff, afmt; 397 + unsigned int endoff; 399 398 unsigned long initial_lcn; 400 399 unsigned long long ofs, end; 400 + int err; 401 401 402 402 ofs = flags & EROFS_GET_BLOCKS_FINDTAIL ? inode->i_size - 1 : map->m_la; 403 403 if (fragment && !(flags & EROFS_GET_BLOCKS_FINDTAIL) && ··· 482 482 err = -EFSCORRUPTED; 483 483 goto unmap_out; 484 484 } 485 - afmt = vi->z_advise & Z_EROFS_ADVISE_INTERLACED_PCLUSTER ? 486 - Z_EROFS_COMPRESSION_INTERLACED : 487 - Z_EROFS_COMPRESSION_SHIFTED; 485 + if (vi->z_advise & Z_EROFS_ADVISE_INTERLACED_PCLUSTER) 486 + map->m_algorithmformat = Z_EROFS_COMPRESSION_INTERLACED; 487 + else 488 + map->m_algorithmformat = Z_EROFS_COMPRESSION_SHIFTED; 489 + } else if (m.headtype == Z_EROFS_LCLUSTER_TYPE_HEAD2) { 490 + map->m_algorithmformat = vi->z_algorithmtype[1]; 488 491 } else { 489 - afmt = m.headtype == Z_EROFS_LCLUSTER_TYPE_HEAD2 ? 490 - vi->z_algorithmtype[1] : vi->z_algorithmtype[0]; 491 - if (!(EROFS_I_SB(inode)->available_compr_algs & (1 << afmt))) { 492 - erofs_err(sb, "inconsistent algorithmtype %u for nid %llu", 493 - afmt, vi->nid); 494 - err = -EFSCORRUPTED; 495 - goto unmap_out; 496 - } 492 + map->m_algorithmformat = vi->z_algorithmtype[0]; 497 493 } 498 - map->m_algorithmformat = afmt; 499 494 500 495 if ((flags & EROFS_GET_BLOCKS_FIEMAP) || 501 496 ((flags & EROFS_GET_BLOCKS_READMORE) && ··· 621 626 { 622 627 struct erofs_inode *const vi = EROFS_I(inode); 623 628 struct super_block *const sb = inode->i_sb; 624 - int err, headnr; 625 - erofs_off_t pos; 626 629 struct z_erofs_map_header *h; 630 + erofs_off_t pos; 631 + int err = 0; 627 632 628 633 if (test_bit(EROFS_I_Z_INITED_BIT, &vi->flags)) { 629 634 /* ··· 637 642 if (wait_on_bit_lock(&vi->flags, EROFS_I_BL_Z_BIT, TASK_KILLABLE)) 638 643 return -ERESTARTSYS; 639 644 640 - err = 0; 641 645 if (test_bit(EROFS_I_Z_INITED_BIT, &vi->flags)) 642 646 goto out_unlock; 643 647 ··· 672 678 vi->z_fragmentoff = le32_to_cpu(h->h_fragmentoff); 673 679 else if (vi->z_advise & Z_EROFS_ADVISE_INLINE_PCLUSTER) 674 680 vi->z_idata_size = le16_to_cpu(h->h_idata_size); 675 - 676 - headnr = 0; 677 - if (vi->z_algorithmtype[0] >= Z_EROFS_COMPRESSION_MAX || 678 - vi->z_algorithmtype[++headnr] >= Z_EROFS_COMPRESSION_MAX) { 679 - erofs_err(sb, "unknown HEAD%u format %u for nid %llu, please upgrade kernel", 680 - headnr + 1, vi->z_algorithmtype[headnr], vi->nid); 681 - err = -EOPNOTSUPP; 682 - goto out_unlock; 683 - } 684 681 685 682 if (!erofs_sb_has_big_pcluster(EROFS_SB(sb)) && 686 683 vi->z_advise & (Z_EROFS_ADVISE_BIG_PCLUSTER_1 | ··· 711 726 return err; 712 727 } 713 728 729 + static int z_erofs_map_sanity_check(struct inode *inode, 730 + struct erofs_map_blocks *map) 731 + { 732 + struct erofs_sb_info *sbi = EROFS_I_SB(inode); 733 + 734 + if (!(map->m_flags & EROFS_MAP_ENCODED)) 735 + return 0; 736 + if (unlikely(map->m_algorithmformat >= Z_EROFS_COMPRESSION_RUNTIME_MAX)) { 737 + erofs_err(inode->i_sb, "unknown algorithm %d @ pos %llu for nid %llu, please upgrade kernel", 738 + map->m_algorithmformat, map->m_la, EROFS_I(inode)->nid); 739 + return -EOPNOTSUPP; 740 + } 741 + if (unlikely(map->m_algorithmformat < Z_EROFS_COMPRESSION_MAX && 742 + !(sbi->available_compr_algs & (1 << map->m_algorithmformat)))) { 743 + erofs_err(inode->i_sb, "inconsistent algorithmtype %u for nid %llu", 744 + map->m_algorithmformat, EROFS_I(inode)->nid); 745 + return -EFSCORRUPTED; 746 + } 747 + if (unlikely(map->m_plen > Z_EROFS_PCLUSTER_MAX_SIZE || 748 + map->m_llen > Z_EROFS_PCLUSTER_MAX_DSIZE)) 749 + return -EOPNOTSUPP; 750 + return 0; 751 + } 752 + 714 753 int z_erofs_map_blocks_iter(struct inode *inode, struct erofs_map_blocks *map, 715 754 int flags) 716 755 { ··· 755 746 else 756 747 err = z_erofs_map_blocks_fo(inode, map, flags); 757 748 } 758 - if (!err && (map->m_flags & EROFS_MAP_ENCODED) && 759 - unlikely(map->m_plen > Z_EROFS_PCLUSTER_MAX_SIZE || 760 - map->m_llen > Z_EROFS_PCLUSTER_MAX_DSIZE)) 761 - err = -EOPNOTSUPP; 749 + if (!err) 750 + err = z_erofs_map_sanity_check(inode, map); 762 751 if (err) 763 752 map->m_llen = 0; 764 753 }