From patchwork Thu Oct 20 22:36:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phillip Lougher X-Patchwork-Id: 6439 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4242:0:0:0:0:0 with SMTP id s2csp353452wrr; Thu, 20 Oct 2022 15:39:03 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4C5GFphk3fgxRsr6aVB/90BCv24/qH2AFireB+eoy6NeuJltAcCakKrEXxVO1+K33AXK7s X-Received: by 2002:a05:6402:35d6:b0:45d:a52f:2d30 with SMTP id z22-20020a05640235d600b0045da52f2d30mr13965591edc.4.1666305543561; Thu, 20 Oct 2022 15:39:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666305543; cv=none; d=google.com; s=arc-20160816; b=amhDyzgXsUrpRVlCGqEb6CJ8t7dcZaCPPsjqnlrZcBaCYev0AjAnD/01nVU9aB2rwR O8gN9QKa5Q7+p50xQevOkiwSyNYgpEXM61BFraGX7hB07SRzXRc/I5kNQBDz5J+TkBqr SOx3AiyQX53uDSCu4QFWNjjCKycJFliE8PtZFWQCsKOh2dRor8pDohB9qBBYtkUmHoCb XP2EkMiTiC1NF8vEJdbuvesdSZpEsFBF5WAj1Pvh5TF2cIv8CM0aVNcxSwpSL7crvJqy SYXG8LboCT/qwdCWZGJ2YDdFL0C0EP+6uOQGqFjdwOKJhQSllLmZonVA9YLF3BOnVwxt 2XUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=Ev0Jaw5kZOOcNvqMCtLEW8Cjg+PriotTuRSIN+1pxvU=; b=AOcXs4AOaCpuAhGcIECI9Xn5O9DQSw5ehWtsYycKoeTF18THVGcz+QyJjrczwSV9OV AmNYHNsuCfbLeSmlFiaAv6ntTTTJyuXs703tsZK2QkJn+JE0nimN2YQ6FZAvhEjDF9YX PNdwiN55gAqJckcgRIfRaXF/UJ9vbDMYSUVktFh334iR1F0/S2dfVwYxDyRwVjdAbrmR 286LA1D+md0YEoHUlFGFfJSnXhXhqOLYlgtCD5v8IebF7kGEx5O9xUbFHld3oo7DpSpH xNQNa9womxL5ZE6imi1969AAGiRq4+P5qdNtqtc7Ck0bNYCdqMuKWog+qxFxCrP773+p KDQQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dt2-20020a170906b78200b00782b2a97827si16564063ejb.242.2022.10.20.15.38.39; Thu, 20 Oct 2022 15:39:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229667AbiJTWgk (ORCPT + 99 others); Thu, 20 Oct 2022 18:36:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47786 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229452AbiJTWgh (ORCPT ); Thu, 20 Oct 2022 18:36:37 -0400 Received: from p3plwbeout15-02.prod.phx3.secureserver.net (p3plsmtp15-02-2.prod.phx3.secureserver.net [173.201.193.36]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E50351C2098 for ; Thu, 20 Oct 2022 15:36:35 -0700 (PDT) Received: from mailex.mailcore.me ([94.136.40.142]) by :WBEOUT: with ESMTP id le9SozUdUgJnvle9ToDIXy; Thu, 20 Oct 2022 15:36:35 -0700 X-CMAE-Analysis: v=2.4 cv=WcXJ12tX c=1 sm=1 tr=0 ts=6351cd73 a=s1hRAmXuQnGNrIj+3lWWVA==:117 a=84ok6UeoqCVsigPHarzEiQ==:17 a=ggZhUymU-5wA:10 a=Qawa6l4ZSaYA:10 a=VwQbUJbxAAAA:8 a=gQ9z1Vi_AAAA:8 a=pGLkceISAAAA:8 a=FXvPX3liAAAA:8 a=LyTzotujRfjnjsB5pxYA:9 a=AjGcO6oz07-iQ99wixmX:22 a=TvPxYD56syJNzSX8U-5E:22 a=UObqyxdv-6Yh2QiB9mM_:22 X-SECURESERVER-ACCT: phillip@squashfs.org.uk X-SID: le9SozUdUgJnv Received: from 82-69-79-175.dsl.in-addr.zen.co.uk ([82.69.79.175] helo=phoenix.fritz.box) by smtp12.mailcore.me with esmtpa (Exim 4.94.2) (envelope-from ) id 1ole9R-0006zQ-Bl; Thu, 20 Oct 2022 23:36:33 +0100 From: Phillip Lougher To: linux-kernel@vger.kernel.org, akpm@linux-foundation.org Cc: hsinyi@chromium.org, regressions@leemhuis.info, regressions@lists.linux.dev, dimitri.ledkov@canonical.com, michael.vogt@canonical.com, phillip.lougher@gmail.com, ogra@ubuntu.com, olivier.tilloy@canonical.com, Phillip Lougher , Mirsad Goran Todorovac , Slade Watkins , Bagas Sanjaya , stable@vger.kernel.org Subject: [PATCH 1/3] squashfs: fix read regression introduced in readahead code Date: Thu, 20 Oct 2022 23:36:14 +0100 Message-Id: <20221020223616.7571-2-phillip@squashfs.org.uk> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20221020223616.7571-1-phillip@squashfs.org.uk> References: <20221020223616.7571-1-phillip@squashfs.org.uk> MIME-Version: 1.0 X-Mailcore-Auth: 439999529 X-Mailcore-Domain: 1394945 X-123-reg-Authenticated: phillip@squashfs.org.uk X-Originating-IP: 82.69.79.175 X-CMAE-Envelope: MS4xfKZBdbxZBAoNqPHqI9NuRzl+GOzyCWZQCO6ZXbv/hiCUtlX8MY+jpDmRVuRF27M6mavTBLBRTrH+BRFIglHVQP7WN7LJlzpoyXcZIOBD9KtAFfC9O1Se 60IbC4/w87Exglg/XTwxVyjasd7T58HLQyS8laZDUAq7aFYbjD+soa5fZvmY7Gd2o8qn8uA8FKkB1DfyfWQKvZC+Hv2kAKCxWA+pt/hkBRVJyMLBaNUreDYX LgQzZT0lUu7qy43yvhMDVQ== X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747248001270492756?= X-GMAIL-MSGID: =?utf-8?q?1747248001270492756?= If a file isn't a whole multiple of the page size, the last page will have trailing bytes unfilled. There was a mistake in the readahead code which did this. In particular it incorrectly assumed that the last page in the readahead page array (page[nr_pages - 1]) will always contain the last page in the block, which if we're at file end, will be the page that needs to be zero filled. But the readahead code may not return the last page in the block, which means it is unmapped and will be skipped by the decompressors (a temporary buffer used). In this case the zero filling code will zero out the wrong page, leading to data corruption. Fix this by by extending the "page actor" to return the last page if present, or NULL if a temporary buffer was used. Fixes: 8fc78b6fe24c ("squashfs: implement readahead") Link: https://lore.kernel.org/lkml/b0c258c3-6dcf-aade-efc4-d62a8b3a1ce2@alu.unizg.hr/ Reported-by: Mirsad Goran Todorovac Tested-by: Mirsad Goran Todorovac Tested-by: Slade Watkins Tested-by: Bagas Sanjaya Cc: Signed-off-by: Phillip Lougher --- fs/squashfs/file.c | 7 ++++--- fs/squashfs/page_actor.c | 3 +++ fs/squashfs/page_actor.h | 6 +++++- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/fs/squashfs/file.c b/fs/squashfs/file.c index e56510964b22..e526eb7a1658 100644 --- a/fs/squashfs/file.c +++ b/fs/squashfs/file.c @@ -557,6 +557,7 @@ static void squashfs_readahead(struct readahead_control *ractl) int res, bsize; u64 block = 0; unsigned int expected; + struct page *last_page; nr_pages = __readahead_batch(ractl, pages, max_pages); if (!nr_pages) @@ -593,15 +594,15 @@ static void squashfs_readahead(struct readahead_control *ractl) res = squashfs_read_data(inode->i_sb, block, bsize, NULL, actor); - squashfs_page_actor_free(actor); + last_page = squashfs_page_actor_free(actor); if (res == expected) { int bytes; /* Last page (if present) may have trailing bytes not filled */ bytes = res % PAGE_SIZE; - if (pages[nr_pages - 1]->index == file_end && bytes) - memzero_page(pages[nr_pages - 1], bytes, + if (index == file_end && bytes && last_page) + memzero_page(last_page, bytes, PAGE_SIZE - bytes); for (i = 0; i < nr_pages; i++) { diff --git a/fs/squashfs/page_actor.c b/fs/squashfs/page_actor.c index 54b93bf4a25c..81af6c4ca115 100644 --- a/fs/squashfs/page_actor.c +++ b/fs/squashfs/page_actor.c @@ -71,11 +71,13 @@ static void *handle_next_page(struct squashfs_page_actor *actor) (actor->next_index != actor->page[actor->next_page]->index)) { actor->next_index++; actor->returned_pages++; + actor->last_page = NULL; return actor->alloc_buffer ? actor->tmp_buffer : ERR_PTR(-ENOMEM); } actor->next_index++; actor->returned_pages++; + actor->last_page = actor->page[actor->next_page]; return actor->pageaddr = kmap_local_page(actor->page[actor->next_page++]); } @@ -125,6 +127,7 @@ struct squashfs_page_actor *squashfs_page_actor_init_special(struct squashfs_sb_ actor->returned_pages = 0; actor->next_index = page[0]->index & ~((1 << (msblk->block_log - PAGE_SHIFT)) - 1); actor->pageaddr = NULL; + actor->last_page = NULL; actor->alloc_buffer = msblk->decompressor->alloc_buffer; actor->squashfs_first_page = direct_first_page; actor->squashfs_next_page = direct_next_page; diff --git a/fs/squashfs/page_actor.h b/fs/squashfs/page_actor.h index 95ffbb543d91..97d4983559b1 100644 --- a/fs/squashfs/page_actor.h +++ b/fs/squashfs/page_actor.h @@ -16,6 +16,7 @@ struct squashfs_page_actor { void *(*squashfs_first_page)(struct squashfs_page_actor *); void *(*squashfs_next_page)(struct squashfs_page_actor *); void (*squashfs_finish_page)(struct squashfs_page_actor *); + struct page *last_page; int pages; int length; int next_page; @@ -29,10 +30,13 @@ extern struct squashfs_page_actor *squashfs_page_actor_init(void **buffer, extern struct squashfs_page_actor *squashfs_page_actor_init_special( struct squashfs_sb_info *msblk, struct page **page, int pages, int length); -static inline void squashfs_page_actor_free(struct squashfs_page_actor *actor) +static inline struct page *squashfs_page_actor_free(struct squashfs_page_actor *actor) { + struct page *last_page = actor->last_page; + kfree(actor->tmp_buffer); kfree(actor); + return last_page; } static inline void *squashfs_first_page(struct squashfs_page_actor *actor) { From patchwork Thu Oct 20 22:36:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phillip Lougher X-Patchwork-Id: 6440 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4242:0:0:0:0:0 with SMTP id s2csp353522wrr; Thu, 20 Oct 2022 15:39:17 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7XfOMLM5ajw2Na3tL0WXoEFed1LeujTie+z9uBLOC067Wq85ekDrvIrdMpxy6v3/gBrz00 X-Received: by 2002:a05:6402:510f:b0:45d:353e:dd37 with SMTP id m15-20020a056402510f00b0045d353edd37mr14446899edd.362.1666305557430; Thu, 20 Oct 2022 15:39:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666305557; cv=none; d=google.com; s=arc-20160816; b=STevHv3s55r+z+WT2ve7g3UkJcNUVNk+gHG0XbKDWHJcta9mRZ7g4vADTRsC9hCrlS PKykNS5AgPNhoKd+wHLGXQkWUwqJaitKRxlJKyg4EO/DGp9UY20ZN4QNL5V6Qqvb9pAm lRfP2bSZeP3L3yp/wdZqZ0kKmprMGHcEWvLdV55hw0xjRsp9tGaKfrEy/yKj0kROk7Rx qa4MU4JreaR5eklAQ9dzIdVk9KbTuA33wYGAkRc5CkN/WiFzYiMQln/DgV71OVaxqD0o nLvbb4I6edKK5CNZQMK9Njn85jCE1XPy65jZ8mGUs0flfDrPQUy4Pezh3moahtL01dhW 27aQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=kphgiqNW7sBh1CYtdd6+sBnhHsfqswAk9T53Cul7rXk=; b=nWYzpYB3HLaYpnLxZ5qQwGKckdJpaQ7k1grbIk4SlQ/8qpbCVDZOKb30SK1U6av3vQ yIrwW/n8ZVJvz+0+0ePkuCY8SEFJ+EuNTE33l8lcF8uDs7HAX9Lq2pG4ESSXpVtT5SQb JoMcxNfrSgvw796ZAgExOTCD6jWaE9bnzA4J0TQTfrBSaGWlDgwS8j/Qyfg3MM4qcKQ/ VtJYag6x4doNeWL/eYHuAIbVYW2XT3sF/xsWeH+fjiWjZwr0T7k2egnMWVYhY7NkxxXu B/wRRDGAL/ORPIwurFJ4YD5I/KJ/q0dubjq++C6oh1FqFRUOAZKhMXEsIfhVZVVh2JCC rRYg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qk36-20020a1709077fa400b007919fc02ce8si7499321ejc.971.2022.10.20.15.38.52; Thu, 20 Oct 2022 15:39:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229714AbiJTWgn (ORCPT + 99 others); Thu, 20 Oct 2022 18:36:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48018 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229697AbiJTWgm (ORCPT ); Thu, 20 Oct 2022 18:36:42 -0400 Received: from p3plwbeout18-05.prod.phx3.secureserver.net (p3plsmtp18-05-2.prod.phx3.secureserver.net [173.201.193.190]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A19FB208828 for ; Thu, 20 Oct 2022 15:36:40 -0700 (PDT) Received: from mailex.mailcore.me ([94.136.40.145]) by :WBEOUT: with ESMTP id le9XojAFew7vale9YoyLo6; Thu, 20 Oct 2022 15:36:40 -0700 X-CMAE-Analysis: v=2.4 cv=f5eNuM+M c=1 sm=1 tr=0 ts=6351cd78 a=7e6w4QD8YWtpVJ/7+iiidw==:117 a=84ok6UeoqCVsigPHarzEiQ==:17 a=ggZhUymU-5wA:10 a=Qawa6l4ZSaYA:10 a=FXvPX3liAAAA:8 a=VwQbUJbxAAAA:8 a=z1XB94rXoAV2oHx9HPIA:9 a=UObqyxdv-6Yh2QiB9mM_:22 a=AjGcO6oz07-iQ99wixmX:22 X-SECURESERVER-ACCT: phillip@squashfs.org.uk X-SID: le9XojAFew7va Received: from 82-69-79-175.dsl.in-addr.zen.co.uk ([82.69.79.175] helo=phoenix.fritz.box) by smtp12.mailcore.me with esmtpa (Exim 4.94.2) (envelope-from ) id 1ole9W-0006zQ-Jd; Thu, 20 Oct 2022 23:36:38 +0100 From: Phillip Lougher To: linux-kernel@vger.kernel.org, akpm@linux-foundation.org Cc: hsinyi@chromium.org, regressions@leemhuis.info, regressions@lists.linux.dev, dimitri.ledkov@canonical.com, michael.vogt@canonical.com, phillip.lougher@gmail.com, ogra@ubuntu.com, olivier.tilloy@canonical.com, Phillip Lougher , stable@vger.kernel.org Subject: [PATCH 2/3] squashfs: fix extending readahead beyond end of file Date: Thu, 20 Oct 2022 23:36:15 +0100 Message-Id: <20221020223616.7571-3-phillip@squashfs.org.uk> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20221020223616.7571-1-phillip@squashfs.org.uk> References: <20221020223616.7571-1-phillip@squashfs.org.uk> MIME-Version: 1.0 X-Mailcore-Auth: 439999529 X-Mailcore-Domain: 1394945 X-123-reg-Authenticated: phillip@squashfs.org.uk X-Originating-IP: 82.69.79.175 X-CMAE-Envelope: MS4xfLVqZTEL6y7WsBl/SilQq+U1I+1q4XI20YGsxlSG6b6FvIDoNoiBLvr05x4IIAc/kR2HNK4sLo6vrmVcrjy5dV+7dIO+qm/RXszzjmVbMt2lTGdGRXkt +S4wdVtVa/HvyQDkUxjhOraK7i8NuQbTctmdMwT7yl5whWtsElFhZ85ctsMi7jMtpt5DLuWxEhqqNakxtLBqZdx1X6f50IyoalsrllYkslRC3u3gzuOKpBsh I9ugfyuiK3q9ok9o873C6A== X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747248016218835661?= X-GMAIL-MSGID: =?utf-8?q?1747248016218835661?= The readahead code will try to extend readahead to the entire size of the Squashfs data block. But, it didn't take into account that the last block at the end of the file may not be a whole block. In this case, the code would extend readahead to beyond the end of the file, leaving trailing pages. Fix this by only requesting the expected number of pages. Fixes: 8fc78b6fe24c ("squashfs: implement readahead") Signed-off-by: Phillip Lougher Cc: --- fs/squashfs/file.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/fs/squashfs/file.c b/fs/squashfs/file.c index e526eb7a1658..f0afd4d6fd30 100644 --- a/fs/squashfs/file.c +++ b/fs/squashfs/file.c @@ -559,6 +559,12 @@ static void squashfs_readahead(struct readahead_control *ractl) unsigned int expected; struct page *last_page; + expected = start >> msblk->block_log == file_end ? + (i_size_read(inode) & (msblk->block_size - 1)) : + msblk->block_size; + + max_pages = (expected + PAGE_SIZE - 1) >> PAGE_SHIFT; + nr_pages = __readahead_batch(ractl, pages, max_pages); if (!nr_pages) break; @@ -567,13 +573,10 @@ static void squashfs_readahead(struct readahead_control *ractl) goto skip_pages; index = pages[0]->index >> shift; + if ((pages[nr_pages - 1]->index >> shift) != index) goto skip_pages; - expected = index == file_end ? - (i_size_read(inode) & (msblk->block_size - 1)) : - msblk->block_size; - if (index == file_end && squashfs_i(inode)->fragment_block != SQUASHFS_INVALID_BLK) { res = squashfs_readahead_fragment(pages, nr_pages, From patchwork Thu Oct 20 22:36:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phillip Lougher X-Patchwork-Id: 6441 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4242:0:0:0:0:0 with SMTP id s2csp353997wrr; Thu, 20 Oct 2022 15:40:36 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4Nn7o0lLn05sbaVqPptc5o8H4Ta+3PF1rwnVSPYbbKbtm5KQikVU6O5m6ZATdXivJ8lJOt X-Received: by 2002:aa7:d80b:0:b0:45f:b9ed:6e3c with SMTP id v11-20020aa7d80b000000b0045fb9ed6e3cmr6396292edq.22.1666305635879; Thu, 20 Oct 2022 15:40:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666305635; cv=none; d=google.com; s=arc-20160816; b=NGNIIIfsaH0zCRYJn2HiubVeF3Cq7fzvilKPvI6xXvkMn3vfwFLtbNn4w6mwhyRa/Z 7ma1lvcda/2XJTuY+Kj8raPcbFEeYaOdUqOdkMyH7h4675k50lXsyp2aheewirm3zBgc 7k50gfGpCuUJY+/PIBgGPrQVzcnTIPTC+pdYjoJ3ICSAHO6T8Nt71ouBI5lZPvk/4SVO 3WkZcsY6aWSDm6x2p9mk8EgCIfEFKlmHeO64WDGlW9eAoK5+Zo6AP1JN3FQCwZZ9RNBs gXDvnjoBkVmpEa67YaH3ZQm9QkaD6JlxMWqRUrEpVF8H9vKgruQcbTKzyxG0ad9mD8D5 A79g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=BxJmjkjRVegxukKBvt1uPidukK20cPDX9PNMrEmJWcw=; b=UJ9YXK3q/2YpdFKWcSX7EPfH3kS5Wqkb+OUsMrYmIOJRg/K1kuu+TuYYsY/c3p+pp5 O4Kmpd+LDS4ZlHxzozrOaGycFYekWzOe0hA4Cf2bsj5rv8nWmpBEhTlPam6ttljjfwIh fKJysJTclcBxIcpppQ0rX9fur+QcX+zYwGoVooMeYwNFl0POnArlzpsv2vY2bDb7eykm WI9T77sGgEou2WSrCrec0QzJw/V+cxFVUHsOodlr9y3kJZsJiVumNDT3Q9PE+VcX/WyI kfbfmkILePVHNJqzodVEuZrBASNhwp0DwnfGfykLaGdhoz4VFibGsJB3EaycIWAOYYt3 xIDw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t11-20020a1709067c0b00b0078a3ef9f092si16176410ejo.998.2022.10.20.15.40.11; Thu, 20 Oct 2022 15:40:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229768AbiJTWgt (ORCPT + 99 others); Thu, 20 Oct 2022 18:36:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48276 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229740AbiJTWgq (ORCPT ); Thu, 20 Oct 2022 18:36:46 -0400 Received: from p3plwbeout22-02.prod.phx3.secureserver.net (p3plsmtp22-02-2.prod.phx3.secureserver.net [68.178.252.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3099C222F1C for ; Thu, 20 Oct 2022 15:36:44 -0700 (PDT) Received: from mailex.mailcore.me ([94.136.40.144]) by :WBEOUT: with ESMTP id le9aojCr1imR6le9bos5ab; Thu, 20 Oct 2022 15:36:43 -0700 X-CMAE-Analysis: v=2.4 cv=U/ZXscnu c=1 sm=1 tr=0 ts=6351cd7b a=wXHyRMViKMYRd//SnbHIqA==:117 a=84ok6UeoqCVsigPHarzEiQ==:17 a=ggZhUymU-5wA:10 a=Qawa6l4ZSaYA:10 a=VwQbUJbxAAAA:8 a=FXvPX3liAAAA:8 a=NzQU21p7aw8KqXuY42AA:9 a=AjGcO6oz07-iQ99wixmX:22 a=UObqyxdv-6Yh2QiB9mM_:22 X-SECURESERVER-ACCT: phillip@squashfs.org.uk X-SID: le9aojCr1imR6 Received: from 82-69-79-175.dsl.in-addr.zen.co.uk ([82.69.79.175] helo=phoenix.fritz.box) by smtp12.mailcore.me with esmtpa (Exim 4.94.2) (envelope-from ) id 1ole9Z-0006zQ-Oa; Thu, 20 Oct 2022 23:36:42 +0100 From: Phillip Lougher To: linux-kernel@vger.kernel.org, akpm@linux-foundation.org Cc: hsinyi@chromium.org, regressions@leemhuis.info, regressions@lists.linux.dev, dimitri.ledkov@canonical.com, michael.vogt@canonical.com, phillip.lougher@gmail.com, ogra@ubuntu.com, olivier.tilloy@canonical.com, Phillip Lougher , stable@vger.kernel.org Subject: [PATCH 3/3] squashfs: fix buffer release race condition in readahead code Date: Thu, 20 Oct 2022 23:36:16 +0100 Message-Id: <20221020223616.7571-4-phillip@squashfs.org.uk> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20221020223616.7571-1-phillip@squashfs.org.uk> References: <20221020223616.7571-1-phillip@squashfs.org.uk> MIME-Version: 1.0 X-Mailcore-Auth: 439999529 X-Mailcore-Domain: 1394945 X-123-reg-Authenticated: phillip@squashfs.org.uk X-Originating-IP: 82.69.79.175 X-CMAE-Envelope: MS4xfAeCv/9N9gGLkcg1ImRY2fUmkVE71wOfuWJmX1a0UkB/ryWiX3y5yIue4/Yy3QtFRpidgVVBo22XNLG+TfnbBSVH3gJLNbtv2eP7vlZRmcpl5Gej0pr+ t7+OhBCF8T08Ib1MYoekZGQEHIEufT3c0Iya0RdaNxWE5uTEpCgSF7zgj8HfU0GeU0ICZLb2Gv+oMq0TDRZ57BXmGYbxUQ3b/FFpLNP/q/bsh7kGsn/mHo0T 3XjQ/9k2IJxEO2w5nvW+zA== X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747248098409264572?= X-GMAIL-MSGID: =?utf-8?q?1747248098409264572?= Fix a buffer release race condition, where the error value was used after release. Fixes: b09a7a036d20 ("squashfs: support reading fragments in readahead call") Cc: Signed-off-by: Phillip Lougher --- fs/squashfs/file.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/squashfs/file.c b/fs/squashfs/file.c index f0afd4d6fd30..8ba8c4c50770 100644 --- a/fs/squashfs/file.c +++ b/fs/squashfs/file.c @@ -506,8 +506,9 @@ static int squashfs_readahead_fragment(struct page **page, squashfs_i(inode)->fragment_size); struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info; unsigned int n, mask = (1 << (msblk->block_log - PAGE_SHIFT)) - 1; + int error = buffer->error; - if (buffer->error) + if (error) goto out; expected += squashfs_i(inode)->fragment_offset; @@ -529,7 +530,7 @@ static int squashfs_readahead_fragment(struct page **page, out: squashfs_cache_put(buffer); - return buffer->error; + return error; } static void squashfs_readahead(struct readahead_control *ractl)