* [merged mm-hotfixes-stable] squashfs-fix-buffer-release-race-condition-in-readahead-code.patch removed from -mm tree
@ 2022-10-28 21:07 Andrew Morton
2022-10-29 11:33 ` Mirsad Goran Todorovac
0 siblings, 1 reply; 2+ messages in thread
From: Andrew Morton @ 2022-10-28 21:07 UTC (permalink / raw)
To: mm-commits, stable, srw, regressions, mirsad.todorovac,
marcmiltenberger, hsinyi, dimitri.ledkov, bagasdotme, phillip,
akpm
The quilt patch titled
Subject: squashfs: fix buffer release race condition in readahead code
has been removed from the -mm tree. Its filename was
squashfs-fix-buffer-release-race-condition-in-readahead-code.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Phillip Lougher <phillip@squashfs.org.uk>
Subject: squashfs: fix buffer release race condition in readahead code
Date: Thu, 20 Oct 2022 23:36:16 +0100
Fix a buffer release race condition, where the error value was used after
release.
Link: https://lkml.kernel.org/r/20221020223616.7571-4-phillip@squashfs.org.uk
Fixes: b09a7a036d20 ("squashfs: support reading fragments in readahead call")
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
Reported-by: Marc Miltenberger <marcmiltenberger@gmail.com>
Cc: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Cc: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Cc: Slade Watkins <srw@sladewatkins.net>
Cc: Thorsten Leemhuis <regressions@leemhuis.info>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
--- a/fs/squashfs/file.c~squashfs-fix-buffer-release-race-condition-in-readahead-code
+++ a/fs/squashfs/file.c
@@ -506,8 +506,9 @@ static int squashfs_readahead_fragment(s
squashfs_i(inode)->fragment_size);
struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info;
unsigned int n, mask = (1 << (msblk->block_log - PAGE_SHIFT)) - 1;
+ int error = buffer->error;
- if (buffer->error)
+ if (error)
goto out;
expected += squashfs_i(inode)->fragment_offset;
@@ -529,7 +530,7 @@ static int squashfs_readahead_fragment(s
out:
squashfs_cache_put(buffer);
- return buffer->error;
+ return error;
}
static void squashfs_readahead(struct readahead_control *ractl)
_
Patches currently in -mm which might be from phillip@squashfs.org.uk are
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [merged mm-hotfixes-stable] squashfs-fix-buffer-release-race-condition-in-readahead-code.patch removed from -mm tree
2022-10-28 21:07 [merged mm-hotfixes-stable] squashfs-fix-buffer-release-race-condition-in-readahead-code.patch removed from -mm tree Andrew Morton
@ 2022-10-29 11:33 ` Mirsad Goran Todorovac
0 siblings, 0 replies; 2+ messages in thread
From: Mirsad Goran Todorovac @ 2022-10-29 11:33 UTC (permalink / raw)
To: Andrew Morton, mm-commits, stable, srw, regressions,
marcmiltenberger, hsinyi, dimitri.ledkov, bagasdotme, phillip
On 28. 10. 2022. 23:07, Andrew Morton wrote:
> The quilt patch titled
> Subject: squashfs: fix buffer release race condition in readahead code
> has been removed from the -mm tree. Its filename was
> squashfs-fix-buffer-release-race-condition-in-readahead-code.patch
>
> This patch was dropped because it was merged into the mm-hotfixes-stable branch
> of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
>
> ------------------------------------------------------
> From: Phillip Lougher <phillip@squashfs.org.uk>
> Subject: squashfs: fix buffer release race condition in readahead code
> Date: Thu, 20 Oct 2022 23:36:16 +0100
>
> Fix a buffer release race condition, where the error value was used after
> release.
>
> Link: https://lkml.kernel.org/r/20221020223616.7571-4-phillip@squashfs.org.uk
> Fixes: b09a7a036d20 ("squashfs: support reading fragments in readahead call")
> Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
> Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
> Reported-by: Marc Miltenberger <marcmiltenberger@gmail.com>
> Cc: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
> Cc: Hsin-Yi Wang <hsinyi@chromium.org>
> Cc: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
> Cc: Slade Watkins <srw@sladewatkins.net>
> Cc: Thorsten Leemhuis <regressions@leemhuis.info>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> ---
Dear Mr. Andrew Morton,
For correctness sake, as you can witness yourself from the archive, it
is Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>, who was the
initial reporter of the bug.
Reference:
https://lore.kernel.org/all/2f0ddb46-d197-558d-4be7-d40506e0a64f@alu.unizg.hr/
Mr. Miltenberger's credit is also important, for he was the first person
to reproduce the bug.
Actually, the LKML archives already represent the correct state, however
someone might want to reproduce additional hypothetical errors in this
segment of code, and probably correct the person(s) who helped bisect
the bug.
I am looking forward to your reply.
The first patch in the series has correct references:
From: Phillip Lougher<phillip@squashfs.org.uk>
Subject: squashfs: fix read regression introduced in readahead code
Date: Thu, 20 Oct 2022 23:36:14 +0100
[...]
Link:https://lkml.kernel.org/r/20221020223616.7571-1-phillip@squashfs.org.uk
Link:https://lkml.kernel.org/r/20221020223616.7571-2-phillip@squashfs.org.uk
Fixes: 8fc78b6fe24c ("squashfs: implement readahead")
Link:https://lore.kernel.org/lkml/b0c258c3-6dcf-aade-efc4-d62a8b3a1ce2@alu.unizg.hr/
Signed-off-by: Phillip Lougher<phillip@squashfs.org.uk>
Reported-by: Mirsad Goran Todorovac<mirsad.todorovac@alu.unizg.hr>
Tested-by: Mirsad Goran Todorovac<mirsad.todorovac@alu.unizg.hr>
Tested-by: Slade Watkins<srw@sladewatkins.net>
Tested-by: Bagas Sanjaya<bagasdotme@gmail.com>
Reported-by: Marc Miltenberger<marcmiltenberger@gmail.com>
Cc: Dimitri John Ledkov<dimitri.ledkov@canonical.com>
Cc: Hsin-Yi Wang<hsinyi@chromium.org>
Cc: Thorsten Leemhuis<regressions@leemhuis.info>
Cc:<stable@vger.kernel.org>
Signed-off-by: Andrew Morton<akpm@linux-foundation.org>
Thank you very much.
Mirsad
> --- a/fs/squashfs/file.c~squashfs-fix-buffer-release-race-condition-in-readahead-code
> +++ a/fs/squashfs/file.c
> @@ -506,8 +506,9 @@ static int squashfs_readahead_fragment(s
> squashfs_i(inode)->fragment_size);
> struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info;
> unsigned int n, mask = (1 << (msblk->block_log - PAGE_SHIFT)) - 1;
> + int error = buffer->error;
>
> - if (buffer->error)
> + if (error)
> goto out;
>
> expected += squashfs_i(inode)->fragment_offset;
> @@ -529,7 +530,7 @@ static int squashfs_readahead_fragment(s
>
> out:
> squashfs_cache_put(buffer);
> - return buffer->error;
> + return error;
> }
>
> static void squashfs_readahead(struct readahead_control *ractl)
> _
>
> Patches currently in -mm which might be from phillip@squashfs.org.uk are
>
--
Mirsad Goran Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
The European Union
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-10-29 11:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-10-28 21:07 [merged mm-hotfixes-stable] squashfs-fix-buffer-release-race-condition-in-readahead-code.patch removed from -mm tree Andrew Morton
2022-10-29 11:33 ` Mirsad Goran Todorovac
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox