From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8AA93C001DC for ; Thu, 20 Jul 2023 01:23:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229685AbjGTBXi (ORCPT ); Wed, 19 Jul 2023 21:23:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229525AbjGTBXh (ORCPT ); Wed, 19 Jul 2023 21:23:37 -0400 Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34A752101; Wed, 19 Jul 2023 18:23:36 -0700 (PDT) Received: from kwepemm600013.china.huawei.com (unknown [172.30.72.53]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4R5vyn1WCBzLnrV; Thu, 20 Jul 2023 09:21:05 +0800 (CST) Received: from [10.174.178.46] (10.174.178.46) by kwepemm600013.china.huawei.com (7.193.23.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Thu, 20 Jul 2023 09:23:31 +0800 Subject: Re: [RFC PATCH 05/21] ubifs: Pass worst-case buffer size to compression routines To: Ard Biesheuvel CC: Eric Biggers , , Herbert Xu , Kees Cook , Haren Myneni , Nick Terrell , Minchan Kim , Sergey Senozhatsky , Jens Axboe , Giovanni Cabiddu , Richard Weinberger , David Ahern , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Steffen Klassert , , , , , , References: <20230718125847.3869700-1-ardb@kernel.org> <20230718125847.3869700-6-ardb@kernel.org> <20230718223813.GC1005@sol.localdomain> <3330004f-acac-81b4-e382-a17221a0a128@huawei.com> From: Zhihao Cheng Message-ID: <4fc9930e-152b-1de1-9532-d1eefa6c277c@huawei.com> Date: Thu, 20 Jul 2023 09:23:31 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.178.46] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To kwepemm600013.china.huawei.com (7.193.23.68) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org 在 2023/7/19 22:38, Ard Biesheuvel 写道: > On Wed, 19 Jul 2023 at 16:23, Zhihao Cheng wrote: >> >> 在 2023/7/19 16:33, Ard Biesheuvel 写道: >>> On Wed, 19 Jul 2023 at 00:38, Eric Biggers wrote: >>>> >>>> On Tue, Jul 18, 2023 at 02:58:31PM +0200, Ard Biesheuvel wrote: >>>>> Currently, the ubifs code allocates a worst case buffer size to >>>>> recompress a data node, but does not pass the size of that buffer to the >>>>> compression code. This means that the compression code will never use >> >> I think you mean the 'out_len' which describes the lengh of 'buf' is >> passed into ubifs_decompress, which effects the result of >> decompressor(eg. lz4 uses length to calculate the buffer end pos). >> So, we should pass the real lenghth of 'buf'. >> > > Yes, that is what I meant. > > But Eric makes a good point, and looking a bit more closely, there is > really no need for the multiplication here: we know the size of the > decompressed data, so we don't need the additional space. > Right, we get 'out_len' from 'dn->size' which is the length of uncompressed data. ubifs_compress makes sure the compressed length is smaller than original length. > I intend to drop this patch, and replace it with the following: > > ----------------8<-------------- > > Currently, when truncating a data node, a decompression buffer is > allocated that is twice the size of the data node's uncompressed size. > However, the fact that this space is available is not communicated to > the compression routines, as out_len itself is not updated. > > The additional space is not needed even in the theoretical worst case > where compression might lead to inadvertent expansion: first of all, > increasing the size of the input buffer does not help mitigate that > issue. And given the truncation of the data node and the fact that the > original data compressed well enough to pass the UBIFS_MIN_COMPRESS_DIFF > test, there is no way on this particular code path that compression > could result in expansion beyond the original decompressed size, and so > no mitigation is necessary to begin with. > > So let's just drop WORST_COMPR_FACTOR here. > > Signed-off-by: Ard Biesheuvel > > diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c > index dc52ac0f4a345f30..0b55cbfe0c30505e 100644 > --- a/fs/ubifs/journal.c > +++ b/fs/ubifs/journal.c > @@ -1489,7 +1489,7 @@ static int truncate_data_node(const struct > ubifs_info *c, const struct inode *in > int err, dlen, compr_type, out_len, data_size; > > out_len = le32_to_cpu(dn->size); > - buf = kmalloc_array(out_len, WORST_COMPR_FACTOR, GFP_NOFS); > + buf = kmalloc(out_len, GFP_NOFS); > if (!buf) > return -ENOMEM; > . > This version looks better. Reviewed-by: Zhihao Cheng