Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-01 02:33:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

erofs: handle NONHEAD !delta[1] lclusters gracefully

Browse Source 
syzbot reported a WARNING in iomap_iter_done:
 iomap_fiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80
 ioctl_fiemap fs/ioctl.c:220 [inline]

Generally, NONHEAD lclusters won't have delta[1]==0, except for crafted
images and filesystems created by pre-1.0 mkfs versions.

Previously, it would immediately bail out if delta[1]==0, which led to
inadequate decompressed lengths (thus FIEMAP is impacted).  Treat it as
delta[1]=1 to work around these legacy mkfs versions.

`lclusterbits > 14` is illegal for compact indexes, error out too.

Reported-by: syzbot+6c0b301317aa0156f9eb@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/r/67373c0c.050a0220.2a2fcc.0079.GAE@google.com
Tested-by: syzbot+6c0b301317aa0156f9eb@syzkaller.appspotmail.com
Fixes: d95ae5e253 ("erofs: add support for the full decompressed length")
Fixes: 001b8ccd06 ("erofs: fix compact 4B support for 16k block size")
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Link: https://lore.kernel.org/r/20241115173651.3339514-1-hsiangkao@linux.alibaba.com
This commit is contained in:
Gao Xiang 2024-11-16 01:36:51 +08:00
parent b49c0215b1
commit 0bc8061ffc
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
fs/erofs/zmap.c
View File

@ -219,7 +219,7 @@ static int z_erofs_load_compact_lcluster(struct z_erofs_maprecorder *m,
unsigned int amortizedshift; unsigned int amortizedshift;
erofs_off_t pos; erofs_off_t pos;
if (lcn >= totalidx) if (lcn >= totalidx || vi->z_logical_clusterbits > 14)
return -EINVAL; return -EINVAL;
m->lcn = lcn; m->lcn = lcn;
@ -390,7 +390,7 @@ static int z_erofs_get_extent_decompressedlen(struct z_erofs_maprecorder *m)
u64 lcn = m->lcn, headlcn = map->m_la >> lclusterbits; u64 lcn = m->lcn, headlcn = map->m_la >> lclusterbits;
int err; int err;
do { while (1) {
/* handle the last EOF pcluster (no next HEAD lcluster) */ /* handle the last EOF pcluster (no next HEAD lcluster) */
if ((lcn << lclusterbits) >= inode->i_size) { if ((lcn << lclusterbits) >= inode->i_size) {
map->m_llen = inode->i_size - map->m_la; map->m_llen = inode->i_size - map->m_la;
@ -402,14 +402,16 @@ static int z_erofs_get_extent_decompressedlen(struct z_erofs_maprecorder *m)
return err; return err;
if (m->type == Z_EROFS_LCLUSTER_TYPE_NONHEAD) { if (m->type == Z_EROFS_LCLUSTER_TYPE_NONHEAD) {
DBG_BUGON(!m->delta[1] && /* work around invalid d1 generated by pre-1.0 mkfs */
m->clusterofs != 1 << lclusterbits); if (unlikely(!m->delta[1])) {
m->delta[1] = 1;
DBG_BUGON(1);
}
} else if (m->type == Z_EROFS_LCLUSTER_TYPE_PLAIN || } else if (m->type == Z_EROFS_LCLUSTER_TYPE_PLAIN ||
m->type == Z_EROFS_LCLUSTER_TYPE_HEAD1 || m->type == Z_EROFS_LCLUSTER_TYPE_HEAD1 ||
m->type == Z_EROFS_LCLUSTER_TYPE_HEAD2) { m->type == Z_EROFS_LCLUSTER_TYPE_HEAD2) {
/* go on until the next HEAD lcluster */
if (lcn != headlcn) if (lcn != headlcn)
break; break; /* ends at the next HEAD lcluster */
m->delta[1] = 1; m->delta[1] = 1;
} else { } else {
erofs_err(inode->i_sb, "unknown type %u @ lcn %llu of nid %llu", erofs_err(inode->i_sb, "unknown type %u @ lcn %llu of nid %llu",
@ -418,8 +420,7 @@ static int z_erofs_get_extent_decompressedlen(struct z_erofs_maprecorder *m)
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }
lcn += m->delta[1]; lcn += m->delta[1];
} while (m->delta[1]); }
map->m_llen = (lcn << lclusterbits) + m->clusterofs - map->m_la; map->m_llen = (lcn << lclusterbits) + m->clusterofs - map->m_la;
return 0; return 0;
} }