From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ABD48ECE58D for ; Wed, 9 Oct 2019 13:36:53 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5E2A6218DE for ; Wed, 9 Oct 2019 13:36:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="M1C3Y7SJ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5E2A6218DE Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linuxfoundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-erofs-bounces+linux-erofs=archiver.kernel.org@lists.ozlabs.org Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 46pFcg0C7hzDqQV for ; Thu, 10 Oct 2019 00:36:51 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=linuxfoundation.org (client-ip=198.145.29.99; helo=mail.kernel.org; envelope-from=gregkh@linuxfoundation.org; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linuxfoundation.org Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="M1C3Y7SJ"; dkim-atps=neutral Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 46pFcR2hlMzDqKr for ; Thu, 10 Oct 2019 00:36:39 +1100 (AEDT) Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3340A20B7C; Wed, 9 Oct 2019 13:36:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570628197; bh=Jos7BMuf5iHUJu5RIqQxpBwAd8fisPJSzAa4MMIi9jw=; h=Subject:To:Cc:From:Date:In-Reply-To:From; b=M1C3Y7SJQSlrLhrqWcuczS9DmfroWqMX6FkVZ/k2kyr3mzOM7L6eGrNGBgpQCHwnp SOIE+fGb+fezSH16R/TZPHMfKgQcmedD/zWiTgiPxzHnrQ7HVRRIZ9UqiPtV8txnj7 7tzisZ02aYYwM0B5a1LMxccun/NsCWZNgsKPM7lQ= Subject: Patch "staging: erofs: detect potential multiref due to corrupted images" has been added to the 4.19-stable tree To: 20190821140152.229648-1-gaoxiang25@huawei.com, gaoxiang25@huawei.com, gregkh@linuxfoundation.org, linux-erofs@lists.ozlabs.org, miaoxie@huawei.com, yuchao0@huawei.com From: Date: Wed, 09 Oct 2019 15:36:22 +0200 In-Reply-To: <20191009101239.195587-4-gaoxiang25@huawei.com> Message-ID: <157062818228179@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit X-stable: commit X-Patchwork-Hint: ignore X-BeenThere: linux-erofs@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development of Linux EROFS file system List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: stable-commits@vger.kernel.org Errors-To: linux-erofs-bounces+linux-erofs=archiver.kernel.org@lists.ozlabs.org Sender: "Linux-erofs" This is a note to let you know that I've just added the patch titled staging: erofs: detect potential multiref due to corrupted images to the 4.19-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: staging-erofs-detect-potential-multiref-due-to-corrupted-images.patch and it can be found in the queue-4.19 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From foo@baz Wed 09 Oct 2019 03:26:06 PM CEST From: Gao Xiang Date: Wed, 9 Oct 2019 18:12:39 +0800 Subject: staging: erofs: detect potential multiref due to corrupted images To: Greg Kroah-Hartman , , Chao Yu Cc: , Miao Xie , Gao Xiang Message-ID: <20191009101239.195587-4-gaoxiang25@huawei.com> From: Gao Xiang commit e12a0ce2fa69798194f3a8628baf6edfbd5c548f upstream. As reported by erofs-utils fuzzer, currently, multiref (ondisk deduplication) hasn't been supported for now, we should forbid it properly. Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: # 4.19+ Signed-off-by: Gao Xiang Reviewed-by: Chao Yu Link: https://lore.kernel.org/r/20190821140152.229648-1-gaoxiang25@huawei.com [ Gao Xiang: Since earlier kernels don't define EFSCORRUPTED, let's use EIO instead. ] Signed-off-by: Gao Xiang Signed-off-by: Greg Kroah-Hartman --- drivers/staging/erofs/unzip_vle.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) --- a/drivers/staging/erofs/unzip_vle.c +++ b/drivers/staging/erofs/unzip_vle.c @@ -857,6 +857,7 @@ repeat: for (i = 0; i < nr_pages; ++i) pages[i] = NULL; + err = 0; z_erofs_pagevec_ctor_init(&ctor, Z_EROFS_VLE_INLINE_PAGEVECS, work->pagevec, 0); @@ -878,8 +879,17 @@ repeat: pagenr = z_erofs_onlinepage_index(page); DBG_BUGON(pagenr >= nr_pages); - DBG_BUGON(pages[pagenr]); + /* + * currently EROFS doesn't support multiref(dedup), + * so here erroring out one multiref page. + */ + if (pages[pagenr]) { + DBG_BUGON(1); + SetPageError(pages[pagenr]); + z_erofs_onlinepage_endio(pages[pagenr]); + err = -EIO; + } pages[pagenr] = page; } sparsemem_pages = i; @@ -889,7 +899,6 @@ repeat: overlapped = false; compressed_pages = grp->compressed_pages; - err = 0; for (i = 0; i < clusterpages; ++i) { unsigned pagenr; @@ -915,7 +924,12 @@ repeat: pagenr = z_erofs_onlinepage_index(page); DBG_BUGON(pagenr >= nr_pages); - DBG_BUGON(pages[pagenr]); + if (pages[pagenr]) { + DBG_BUGON(1); + SetPageError(pages[pagenr]); + z_erofs_onlinepage_endio(pages[pagenr]); + err = -EIO; + } ++sparsemem_pages; pages[pagenr] = page; Patches currently in stable-queue which might be from gaoxiang25@huawei.com are queue-4.19/staging-erofs-fix-an-error-handling-in-erofs_readdir.patch queue-4.19/staging-erofs-detect-potential-multiref-due-to-corrupted-images.patch queue-4.19/staging-erofs-some-compressed-cluster-should-be-submitted-for-corrupted-images.patch queue-4.19/staging-erofs-add-two-missing-erofs_workgroup_put-for-corrupted-images.patch