Patch "staging: erofs: detect potential multiref due to corrupted images" has been added to the 5.3-stable tree
gregkh at linuxfoundation.org
gregkh at linuxfoundation.org
Thu Oct 10 00:27:07 AEDT 2019
This is a note to let you know that I've just added the patch titled
staging: erofs: detect potential multiref due to corrupted images
to the 5.3-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
staging-erofs-detect-potential-multiref-due-to-corrupted-images.patch
and it can be found in the queue-5.3 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable at vger.kernel.org> know about it.
>From foo at baz Wed 09 Oct 2019 03:24:16 PM CEST
From: Gao Xiang <gaoxiang25 at huawei.com>
Date: Wed, 9 Oct 2019 18:05:54 +0800
Subject: staging: erofs: detect potential multiref due to corrupted images
To: Greg Kroah-Hartman <gregkh at linuxfoundation.org>, <stable at vger.kernel.org>, Chao Yu <yuchao0 at huawei.com>
Cc: <linux-erofs at lists.ozlabs.org>, Miao Xie <miaoxie at huawei.com>, Gao Xiang <gaoxiang25 at huawei.com>
Message-ID: <20191009100554.165048-5-gaoxiang25 at huawei.com>
From: Gao Xiang <gaoxiang25 at huawei.com>
commit e12a0ce2fa69798194f3a8628baf6edfbd5c548f upstream.
As reported by erofs-utils fuzzer, currently, multiref
(ondisk deduplication) hasn't been supported for now,
we should forbid it properly.
Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Cc: <stable at vger.kernel.org> # 4.19+
Signed-off-by: Gao Xiang <gaoxiang25 at huawei.com>
Reviewed-by: Chao Yu <yuchao0 at huawei.com>
Link: https://lore.kernel.org/r/20190821140152.229648-1-gaoxiang25@huawei.com
[ Gao Xiang: Since earlier kernels don't define EFSCORRUPTED,
let's use EIO instead. ]
Signed-off-by: Gao Xiang <gaoxiang25 at huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
---
drivers/staging/erofs/unzip_vle.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
--- a/drivers/staging/erofs/unzip_vle.c
+++ b/drivers/staging/erofs/unzip_vle.c
@@ -943,6 +943,7 @@ repeat:
for (i = 0; i < nr_pages; ++i)
pages[i] = NULL;
+ err = 0;
z_erofs_pagevec_ctor_init(&ctor, Z_EROFS_NR_INLINE_PAGEVECS,
work->pagevec, 0);
@@ -964,8 +965,17 @@ repeat:
pagenr = z_erofs_onlinepage_index(page);
DBG_BUGON(pagenr >= nr_pages);
- DBG_BUGON(pages[pagenr]);
+ /*
+ * currently EROFS doesn't support multiref(dedup),
+ * so here erroring out one multiref page.
+ */
+ if (pages[pagenr]) {
+ DBG_BUGON(1);
+ SetPageError(pages[pagenr]);
+ z_erofs_onlinepage_endio(pages[pagenr]);
+ err = -EIO;
+ }
pages[pagenr] = page;
}
sparsemem_pages = i;
@@ -975,7 +985,6 @@ repeat:
overlapped = false;
compressed_pages = grp->compressed_pages;
- err = 0;
for (i = 0; i < clusterpages; ++i) {
unsigned int pagenr;
@@ -999,7 +1008,12 @@ repeat:
pagenr = z_erofs_onlinepage_index(page);
DBG_BUGON(pagenr >= nr_pages);
- DBG_BUGON(pages[pagenr]);
+ if (pages[pagenr]) {
+ DBG_BUGON(1);
+ SetPageError(pages[pagenr]);
+ z_erofs_onlinepage_endio(pages[pagenr]);
+ err = -EIO;
+ }
++sparsemem_pages;
pages[pagenr] = page;
Patches currently in stable-queue which might be from gaoxiang25 at huawei.com are
queue-5.3/staging-erofs-fix-an-error-handling-in-erofs_readdir.patch
queue-5.3/staging-erofs-detect-potential-multiref-due-to-corrupted-images.patch
queue-5.3/staging-erofs-avoid-endless-loop-of-invalid-lookback-distance-0.patch
queue-5.3/staging-erofs-some-compressed-cluster-should-be-submitted-for-corrupted-images.patch
queue-5.3/staging-erofs-add-two-missing-erofs_workgroup_put-for-corrupted-images.patch
More information about the Linux-erofs
mailing list