Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
erofs: fix invalid algorithm for encoded extents
The current algorithm sanity checks do not properly apply to new
encoded extents.
Unify the algorithm check with Z_EROFS_COMPRESSION(_RUNTIME)_MAX
and ensure consistency with sbi->available_compr_algs.
Reported-and-tested-by: syzbot+5a398eb460ddaa6f242f@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/r/68a8bd20.050a0220.37038e.005a.GAE@google.com
Fixes: 1d191b4ca51d ("erofs: implement encoded extent metadata")
Thanks-to: Edward Adam Davis <eadavis@qq.com>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
+37
-30
fs/erofs/zmap.c
+37
-30
fs/erofs/zmap.c
···
394
.map = map,
395
.in_mbox = erofs_inode_in_metabox(inode),
396
};
397
-
int err = 0;
398
-
unsigned int endoff, afmt;
399
unsigned long initial_lcn;
400
unsigned long long ofs, end;
401
402
ofs = flags & EROFS_GET_BLOCKS_FINDTAIL ? inode->i_size - 1 : map->m_la;
403
if (fragment && !(flags & EROFS_GET_BLOCKS_FINDTAIL) &&
···
482
err = -EFSCORRUPTED;
483
goto unmap_out;
484
}
485
-
afmt = vi->z_advise & Z_EROFS_ADVISE_INTERLACED_PCLUSTER ?
486
-
Z_EROFS_COMPRESSION_INTERLACED :
487
-
Z_EROFS_COMPRESSION_SHIFTED;
488
} else {
489
-
afmt = m.headtype == Z_EROFS_LCLUSTER_TYPE_HEAD2 ?
490
-
vi->z_algorithmtype[1] : vi->z_algorithmtype[0];
491
-
if (!(EROFS_I_SB(inode)->available_compr_algs & (1 << afmt))) {
492
-
erofs_err(sb, "inconsistent algorithmtype %u for nid %llu",
493
-
afmt, vi->nid);
494
-
err = -EFSCORRUPTED;
495
-
goto unmap_out;
496
-
}
497
}
498
-
map->m_algorithmformat = afmt;
499
500
if ((flags & EROFS_GET_BLOCKS_FIEMAP) ||
501
((flags & EROFS_GET_BLOCKS_READMORE) &&
···
621
{
622
struct erofs_inode *const vi = EROFS_I(inode);
623
struct super_block *const sb = inode->i_sb;
624
-
int err, headnr;
625
-
erofs_off_t pos;
626
struct z_erofs_map_header *h;
627
628
if (test_bit(EROFS_I_Z_INITED_BIT, &vi->flags)) {
629
/*
···
637
if (wait_on_bit_lock(&vi->flags, EROFS_I_BL_Z_BIT, TASK_KILLABLE))
638
return -ERESTARTSYS;
639
640
-
err = 0;
641
if (test_bit(EROFS_I_Z_INITED_BIT, &vi->flags))
642
goto out_unlock;
643
···
672
vi->z_fragmentoff = le32_to_cpu(h->h_fragmentoff);
673
else if (vi->z_advise & Z_EROFS_ADVISE_INLINE_PCLUSTER)
674
vi->z_idata_size = le16_to_cpu(h->h_idata_size);
675
-
676
-
headnr = 0;
677
-
if (vi->z_algorithmtype[0] >= Z_EROFS_COMPRESSION_MAX ||
678
-
vi->z_algorithmtype[++headnr] >= Z_EROFS_COMPRESSION_MAX) {
679
-
erofs_err(sb, "unknown HEAD%u format %u for nid %llu, please upgrade kernel",
680
-
headnr + 1, vi->z_algorithmtype[headnr], vi->nid);
681
-
err = -EOPNOTSUPP;
682
-
goto out_unlock;
683
-
}
684
685
if (!erofs_sb_has_big_pcluster(EROFS_SB(sb)) &&
686
vi->z_advise & (Z_EROFS_ADVISE_BIG_PCLUSTER_1 |
···
711
return err;
712
}
713
714
int z_erofs_map_blocks_iter(struct inode *inode, struct erofs_map_blocks *map,
715
int flags)
716
{
···
755
else
756
err = z_erofs_map_blocks_fo(inode, map, flags);
757
}
758
-
if (!err && (map->m_flags & EROFS_MAP_ENCODED) &&
759
-
unlikely(map->m_plen > Z_EROFS_PCLUSTER_MAX_SIZE ||
760
-
map->m_llen > Z_EROFS_PCLUSTER_MAX_DSIZE))
761
-
err = -EOPNOTSUPP;
762
if (err)
763
map->m_llen = 0;
764
}
···
394
.map = map,
395
.in_mbox = erofs_inode_in_metabox(inode),
396
};
397
+
unsigned int endoff;
398
unsigned long initial_lcn;
399
unsigned long long ofs, end;
400
+
int err;
401
402
ofs = flags & EROFS_GET_BLOCKS_FINDTAIL ? inode->i_size - 1 : map->m_la;
403
if (fragment && !(flags & EROFS_GET_BLOCKS_FINDTAIL) &&
···
482
err = -EFSCORRUPTED;
483
goto unmap_out;
484
}
485
+
if (vi->z_advise & Z_EROFS_ADVISE_INTERLACED_PCLUSTER)
486
+
map->m_algorithmformat = Z_EROFS_COMPRESSION_INTERLACED;
487
+
else
488
+
map->m_algorithmformat = Z_EROFS_COMPRESSION_SHIFTED;
489
+
} else if (m.headtype == Z_EROFS_LCLUSTER_TYPE_HEAD2) {
490
+
map->m_algorithmformat = vi->z_algorithmtype[1];
491
} else {
492
+
map->m_algorithmformat = vi->z_algorithmtype[0];
493
}
494
495
if ((flags & EROFS_GET_BLOCKS_FIEMAP) ||
496
((flags & EROFS_GET_BLOCKS_READMORE) &&
···
626
{
627
struct erofs_inode *const vi = EROFS_I(inode);
628
struct super_block *const sb = inode->i_sb;
629
struct z_erofs_map_header *h;
630
+
erofs_off_t pos;
631
+
int err = 0;
632
633
if (test_bit(EROFS_I_Z_INITED_BIT, &vi->flags)) {
634
/*
···
642
if (wait_on_bit_lock(&vi->flags, EROFS_I_BL_Z_BIT, TASK_KILLABLE))
643
return -ERESTARTSYS;
644
645
if (test_bit(EROFS_I_Z_INITED_BIT, &vi->flags))
646
goto out_unlock;
647
···
678
vi->z_fragmentoff = le32_to_cpu(h->h_fragmentoff);
679
else if (vi->z_advise & Z_EROFS_ADVISE_INLINE_PCLUSTER)
680
vi->z_idata_size = le16_to_cpu(h->h_idata_size);
681
682
if (!erofs_sb_has_big_pcluster(EROFS_SB(sb)) &&
683
vi->z_advise & (Z_EROFS_ADVISE_BIG_PCLUSTER_1 |
···
726
return err;
727
}
728
729
+
static int z_erofs_map_sanity_check(struct inode *inode,
730
+
struct erofs_map_blocks *map)
731
+
{
732
+
struct erofs_sb_info *sbi = EROFS_I_SB(inode);
733
+
734
+
if (!(map->m_flags & EROFS_MAP_ENCODED))
735
+
return 0;
736
+
if (unlikely(map->m_algorithmformat >= Z_EROFS_COMPRESSION_RUNTIME_MAX)) {
737
+
erofs_err(inode->i_sb, "unknown algorithm %d @ pos %llu for nid %llu, please upgrade kernel",
738
+
map->m_algorithmformat, map->m_la, EROFS_I(inode)->nid);
739
+
return -EOPNOTSUPP;
740
+
}
741
+
if (unlikely(map->m_algorithmformat < Z_EROFS_COMPRESSION_MAX &&
742
+
!(sbi->available_compr_algs & (1 << map->m_algorithmformat)))) {
743
+
erofs_err(inode->i_sb, "inconsistent algorithmtype %u for nid %llu",
744
+
map->m_algorithmformat, EROFS_I(inode)->nid);
745
+
return -EFSCORRUPTED;
746
+
}
747
+
if (unlikely(map->m_plen > Z_EROFS_PCLUSTER_MAX_SIZE ||
748
+
map->m_llen > Z_EROFS_PCLUSTER_MAX_DSIZE))
749
+
return -EOPNOTSUPP;
750
+
return 0;
751
+
}
752
+
753
int z_erofs_map_blocks_iter(struct inode *inode, struct erofs_map_blocks *map,
754
int flags)
755
{
···
746
else
747
err = z_erofs_map_blocks_fo(inode, map, flags);
748
}
749
+
if (!err)
750
+
err = z_erofs_map_sanity_check(inode, map);
751
if (err)
752
map->m_llen = 0;
753
}