From patchwork Thu Oct 20 22:36:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phillip Lougher X-Patchwork-Id: 6441 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4242:0:0:0:0:0 with SMTP id s2csp353997wrr; Thu, 20 Oct 2022 15:40:36 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4Nn7o0lLn05sbaVqPptc5o8H4Ta+3PF1rwnVSPYbbKbtm5KQikVU6O5m6ZATdXivJ8lJOt X-Received: by 2002:aa7:d80b:0:b0:45f:b9ed:6e3c with SMTP id v11-20020aa7d80b000000b0045fb9ed6e3cmr6396292edq.22.1666305635879; Thu, 20 Oct 2022 15:40:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666305635; cv=none; d=google.com; s=arc-20160816; b=NGNIIIfsaH0zCRYJn2HiubVeF3Cq7fzvilKPvI6xXvkMn3vfwFLtbNn4w6mwhyRa/Z 7ma1lvcda/2XJTuY+Kj8raPcbFEeYaOdUqOdkMyH7h4675k50lXsyp2aheewirm3zBgc 7k50gfGpCuUJY+/PIBgGPrQVzcnTIPTC+pdYjoJ3ICSAHO6T8Nt71ouBI5lZPvk/4SVO 3WkZcsY6aWSDm6x2p9mk8EgCIfEFKlmHeO64WDGlW9eAoK5+Zo6AP1JN3FQCwZZ9RNBs gXDvnjoBkVmpEa67YaH3ZQm9QkaD6JlxMWqRUrEpVF8H9vKgruQcbTKzyxG0ad9mD8D5 A79g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=BxJmjkjRVegxukKBvt1uPidukK20cPDX9PNMrEmJWcw=; b=UJ9YXK3q/2YpdFKWcSX7EPfH3kS5Wqkb+OUsMrYmIOJRg/K1kuu+TuYYsY/c3p+pp5 O4Kmpd+LDS4ZlHxzozrOaGycFYekWzOe0hA4Cf2bsj5rv8nWmpBEhTlPam6ttljjfwIh fKJysJTclcBxIcpppQ0rX9fur+QcX+zYwGoVooMeYwNFl0POnArlzpsv2vY2bDb7eykm WI9T77sGgEou2WSrCrec0QzJw/V+cxFVUHsOodlr9y3kJZsJiVumNDT3Q9PE+VcX/WyI kfbfmkILePVHNJqzodVEuZrBASNhwp0DwnfGfykLaGdhoz4VFibGsJB3EaycIWAOYYt3 xIDw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t11-20020a1709067c0b00b0078a3ef9f092si16176410ejo.998.2022.10.20.15.40.11; Thu, 20 Oct 2022 15:40:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229768AbiJTWgt (ORCPT + 99 others); Thu, 20 Oct 2022 18:36:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48276 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229740AbiJTWgq (ORCPT ); Thu, 20 Oct 2022 18:36:46 -0400 Received: from p3plwbeout22-02.prod.phx3.secureserver.net (p3plsmtp22-02-2.prod.phx3.secureserver.net [68.178.252.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3099C222F1C for ; Thu, 20 Oct 2022 15:36:44 -0700 (PDT) Received: from mailex.mailcore.me ([94.136.40.144]) by :WBEOUT: with ESMTP id le9aojCr1imR6le9bos5ab; Thu, 20 Oct 2022 15:36:43 -0700 X-CMAE-Analysis: v=2.4 cv=U/ZXscnu c=1 sm=1 tr=0 ts=6351cd7b a=wXHyRMViKMYRd//SnbHIqA==:117 a=84ok6UeoqCVsigPHarzEiQ==:17 a=ggZhUymU-5wA:10 a=Qawa6l4ZSaYA:10 a=VwQbUJbxAAAA:8 a=FXvPX3liAAAA:8 a=NzQU21p7aw8KqXuY42AA:9 a=AjGcO6oz07-iQ99wixmX:22 a=UObqyxdv-6Yh2QiB9mM_:22 X-SECURESERVER-ACCT: phillip@squashfs.org.uk X-SID: le9aojCr1imR6 Received: from 82-69-79-175.dsl.in-addr.zen.co.uk ([82.69.79.175] helo=phoenix.fritz.box) by smtp12.mailcore.me with esmtpa (Exim 4.94.2) (envelope-from ) id 1ole9Z-0006zQ-Oa; Thu, 20 Oct 2022 23:36:42 +0100 From: Phillip Lougher To: linux-kernel@vger.kernel.org, akpm@linux-foundation.org Cc: hsinyi@chromium.org, regressions@leemhuis.info, regressions@lists.linux.dev, dimitri.ledkov@canonical.com, michael.vogt@canonical.com, phillip.lougher@gmail.com, ogra@ubuntu.com, olivier.tilloy@canonical.com, Phillip Lougher , stable@vger.kernel.org Subject: [PATCH 3/3] squashfs: fix buffer release race condition in readahead code Date: Thu, 20 Oct 2022 23:36:16 +0100 Message-Id: <20221020223616.7571-4-phillip@squashfs.org.uk> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20221020223616.7571-1-phillip@squashfs.org.uk> References: <20221020223616.7571-1-phillip@squashfs.org.uk> MIME-Version: 1.0 X-Mailcore-Auth: 439999529 X-Mailcore-Domain: 1394945 X-123-reg-Authenticated: phillip@squashfs.org.uk X-Originating-IP: 82.69.79.175 X-CMAE-Envelope: MS4xfAeCv/9N9gGLkcg1ImRY2fUmkVE71wOfuWJmX1a0UkB/ryWiX3y5yIue4/Yy3QtFRpidgVVBo22XNLG+TfnbBSVH3gJLNbtv2eP7vlZRmcpl5Gej0pr+ t7+OhBCF8T08Ib1MYoekZGQEHIEufT3c0Iya0RdaNxWE5uTEpCgSF7zgj8HfU0GeU0ICZLb2Gv+oMq0TDRZ57BXmGYbxUQ3b/FFpLNP/q/bsh7kGsn/mHo0T 3XjQ/9k2IJxEO2w5nvW+zA== X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747248098409264572?= X-GMAIL-MSGID: =?utf-8?q?1747248098409264572?= Fix a buffer release race condition, where the error value was used after release. Fixes: b09a7a036d20 ("squashfs: support reading fragments in readahead call") Cc: Signed-off-by: Phillip Lougher --- fs/squashfs/file.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/squashfs/file.c b/fs/squashfs/file.c index f0afd4d6fd30..8ba8c4c50770 100644 --- a/fs/squashfs/file.c +++ b/fs/squashfs/file.c @@ -506,8 +506,9 @@ static int squashfs_readahead_fragment(struct page **page, squashfs_i(inode)->fragment_size); struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info; unsigned int n, mask = (1 << (msblk->block_log - PAGE_SHIFT)) - 1; + int error = buffer->error; - if (buffer->error) + if (error) goto out; expected += squashfs_i(inode)->fragment_offset; @@ -529,7 +530,7 @@ static int squashfs_readahead_fragment(struct page **page, out: squashfs_cache_put(buffer); - return buffer->error; + return error; } static void squashfs_readahead(struct readahead_control *ractl)