From patchwork Mon Nov 14 12:03:49 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Siddh Raman Pant <code@siddh.me>
X-Patchwork-Id: 19778
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp2111631wru;
        Mon, 14 Nov 2022 04:22:04 -0800 (PST)
X-Google-Smtp-Source: 
 AA0mqf6/tMwj+jjUemltKXBlAVhuPvVHteLJKIIAdIBcT0Hi6yf8dSYoi7754jqtyUgBOlMkzi+d
X-Received: by 2002:a17:907:6090:b0:7ae:fdcd:8198 with SMTP id
 ht16-20020a170907609000b007aefdcd8198mr3392666ejc.475.1668428524360;
        Mon, 14 Nov 2022 04:22:04 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1668428524; cv=pass;
        d=google.com; s=arc-20160816;
        b=EZFKOQW9n6ny7RCBAz5vA6sOPkYvFFtQHwiXZPT0w4/ZkBSS81EZRV7eN3iGXJoyxN
         GKBlIbJhf0AyL3S3wZVdsOjA0j0440JwN08RqZmcJcyfr41eOeTSmh+qBhYC3r6nfIdW
         HUAKg9Ae3IVPEIQmojVhwTt+67C2089dYKISyJi/FhVpEGcQOcdQ1AuG4zZAmYQmR+qS
         YfzbWYV+L+m+Erq4/KwHHBVVFJH1uHbToel0ouZ4dTVJSYsiaksI5ZhSr2LHPDLEo8Pm
         uQrTt0hRLBQol/Y0Dcr+Ud7T2FuL2ZK4cRYgDOV0OHQ84WZFYUoMP+Cud1IJkOCUshgJ
         aYFQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version:date
         :subject:message-id:cc:to:from:dkim-signature;
        bh=IggqRsG6zyyiJTsuHTvPfu+aryWmvQ8Thb531wDkz4U=;
        b=R8GIy+VUfeuzKyEkWj+3fXxGMxM+/sh+Y+cHiH4EJDhCEH1GHt/wUfAJ4Nnet8GWqe
         2wojX4cYgTC4k3zhooSh8M0r1K/hpCSMt/jMvpuB6UpQPbVr8ou3rhIVuGwRabaiptHV
         Fehk0+m1Do6CCFvSeefiWv0ZUS2yhib9Qos2tMD6oVgIxNwdroJhF6SMkJCRskIwL5m+
         4RQgPcddbkkxo3KW+xwfFlqSlFu0/3bekWMIA+uQI+PbTn4z25dCmRtGu86Nml/rwz1J
         z0yiiO0UD02q+wxyFU3LRycPPkYtcSntgFrAA6vip35otfZGZoTr+YdndxIhWmhmwnau
         XzVw==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@siddh.me header.s=zmail header.b=JPHUw5BK;
       arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me
 dmarc=pass fromdomain=siddh.me>);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siddh.me
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 he42-20020a1709073daa00b00781132a4ca6si9307062ejc.850.2022.11.14.04.21.40;
        Mon, 14 Nov 2022 04:22:04 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@siddh.me header.s=zmail header.b=JPHUw5BK;
       arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me
 dmarc=pass fromdomain=siddh.me>);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siddh.me
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236658AbiKNMHp (ORCPT <rfc822;winker.wchi@gmail.com>
        + 99 others); Mon, 14 Nov 2022 07:07:45 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40138 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236732AbiKNMHi (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 14 Nov 2022 07:07:38 -0500
Received: from sender-of-o50.zoho.in (sender-of-o50.zoho.in [103.117.158.50])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 02642CE25;
        Mon, 14 Nov 2022 04:07:28 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668427448; cv=none;
        d=zohomail.in; s=zohoarc;
        b=ZRzORh6m8nEovh7z5LC9xoKhnIYR2azpervtA+NTZV0P0nNZh7GDcun/d8lEJ5dKKUvlJOV0juJkvf64ZDm2QmtEBe9D+wyi3xwfqoARpgojzTNxCroQklWyjC98A6YUe85aK45FM/dR8dXq22FKXTj5dHcS3jYjdw2VZRiBMDU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.in;
 s=zohoarc;
        t=1668427448;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:MIME-Version:Message-ID:Subject:To;
        bh=IggqRsG6zyyiJTsuHTvPfu+aryWmvQ8Thb531wDkz4U=;
        b=cjE7oDUZx0sspDXdnM0tglLm97e4Yn4ueJQ1AFaM0KfOke1ao0TZabJosM+BupogR2DiVjOp35fGiw2KER0k6hD6NVw0jhhis6I5V85iCqRoTtxxdhsINbnGOJonbwjfM+LrByHGppbMRXU0Mo0ao5W4jOluz0Tc4VkSwly+Wwg=
ARC-Authentication-Results: i=1; mx.zohomail.in;
        dkim=pass  header.i=siddh.me;
        spf=pass  smtp.mailfrom=code@siddh.me;
        dmarc=pass header.from=<code@siddh.me>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1668427448;
        s=zmail; d=siddh.me; i=code@siddh.me;
        h=From:From:To:To:Cc:Cc:Message-ID:Subject:Subject:Date:Date:MIME-Version:Content-Transfer-Encoding:Content-Type:Message-Id:Reply-To;
        bh=IggqRsG6zyyiJTsuHTvPfu+aryWmvQ8Thb531wDkz4U=;
        b=JPHUw5BKVBPw3sHMXH8/wSDflLkTjwonv4Ieetj6JC0dExLm3SXDFwVrBen2LESy
        SFrX4lQQS7qrTxtZBAiYBtW36SgM8oKzXrlBQ8oQxKccp7WRutSn+49BmQIe8nvItP3
        mMHWwBpP9nxtXYKZXcWeQXPzIP4dmeVYALG+VOOc=
Received: from kampyooter.. (110.226.30.173 [110.226.30.173]) by mx.zoho.in
        with SMTPS id 1668427447485815.8405388936613;
 Mon, 14 Nov 2022 17:34:07 +0530 (IST)
From: Siddh Raman Pant <code@siddh.me>
To: Gao Xiang <xiang@kernel.org>, Chao Yu <chao@kernel.org>,
        Yue Hu <huyue2@coolpad.com>,
        Jeffle Xu <jefflexu@linux.alibaba.com>
Cc: linux-erofs <linux-erofs@lists.ozlabs.org>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        linux-kernel <linux-kernel@vger.kernel.org>
Message-ID: <20221114120349.472418-1-code@siddh.me>
Subject: [RFC PATCH] erofs/zmap.c: Bail out when no further region remains
Date: Mon, 14 Nov 2022 17:33:49 +0530
X-Mailer: git-send-email 2.35.1
MIME-Version: 1.0
X-ZohoMailClient: External
X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,URIBL_BLACK autolearn=no autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1749474108277982751?=
X-GMAIL-MSGID: =?utf-8?q?1749474108277982751?=

The following calculation of iomap->length on line 798 in
z_erofs_iomap_begin_report() can yield 0:
	if (iomap->offset >= inode->i_size)
		iomap->length = length + map.m_la - offset;

This triggers a WARN_ON in iomap_iter_done() (see line 34 of
fs/iomap/iter.c).

Hence, return error when this scenario is encountered.

============================================================

This was reported as a crash by syzbot under an issue about
warning encountered in iomap_iter_done(), but unrelated to
erofs. Hence, not adding issue hash in Reported-by line.

C reproducer: https://syzkaller.appspot.com/text?tag=ReproC&x=1037a6b2880000
Kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=e2021a61197ebe02
Dashboard link: https://syzkaller.appspot.com/bug?extid=a8e049cd3abd342936b6

Reported-by: syzbot@syzkaller.appspotmail.com
Signed-off-by: Siddh Raman Pant <code@siddh.me>
---
 fs/erofs/zmap.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/erofs/zmap.c b/fs/erofs/zmap.c
index 0bb66927e3d0..bad852983eb9 100644
--- a/fs/erofs/zmap.c
+++ b/fs/erofs/zmap.c
@@ -796,6 +796,9 @@ static int z_erofs_iomap_begin_report(struct inode *inode, loff_t offset,
 		 */
 		if (iomap->offset >= inode->i_size)
 			iomap->length = length + map.m_la - offset;
+
+		if (iomap->length == 0)
+			return -EINVAL;
 	}
 	iomap->flags = 0;
 	return 0;