October 2019 - Linux-stable-mirror

FAILED: patch "[PATCH] Revert "arm64: Remove unnecessary ISBs from" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d0b7a302d58abe24ed0f32a0672dd4c356bb73db Mon Sep 17 00:00:00 2001 From: Will Deacon <will(a)kernel.org> Date: Thu, 22 Aug 2019 14:58:37 +0100 Subject: [PATCH] Revert "arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}" This reverts commit 24fe1b0efad4fcdd32ce46cffeab297f22581707. Commit 24fe1b0efad4fcdd ("arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}") removed ISB instructions immediately following updates to the page table, on the grounds that they are not required by the architecture and a DSB alone is sufficient to ensure that subsequent data accesses use the new translation: DDI0487E_a, B2-128: | ... no instruction that appears in program order after the DSB | instruction can alter any state of the system or perform any part of | its functionality until the DSB completes other than: | | * Being fetched from memory and decoded | * Reading the general-purpose, SIMD and floating-point, | Special-purpose, or System registers that are directly or indirectly | read without causing side-effects. However, the same document also states the following: DDI0487E_a, B2-125: | DMB and DSB instructions affect reads and writes to the memory system | generated by Load/Store instructions and data or unified cache | maintenance instructions being executed by the PE. Instruction fetches | or accesses caused by a hardware translation table access are not | explicit accesses. which appears to claim that the DSB alone is insufficient. Unfortunately, some CPU designers have followed the second clause above, whereas in Linux we've been relying on the first. This means that our mapping sequence: MOV X0, <valid pte> STR X0, [Xptep] // Store new PTE to page table DSB ISHST LDR X1, [X2] // Translates using the new PTE can actually raise a translation fault on the load instruction because the translation can be performed speculatively before the page table update and then marked as "faulting" by the CPU. For user PTEs, this is ok because we can handle the spurious fault, but for kernel PTEs and intermediate table entries this results in a panic(). Revert the offending commit to reintroduce the missing barriers. Cc: <stable(a)vger.kernel.org> Fixes: 24fe1b0efad4fcdd ("arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}") Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h index 5fdcfe237338..feda7294320c 100644 --- a/arch/arm64/include/asm/pgtable.h +++ b/arch/arm64/include/asm/pgtable.h @@ -220,8 +220,10 @@ static inline void set_pte(pte_t *ptep, pte_t pte) * Only if the new pte is valid and kernel, otherwise TLB maintenance * or update_mmu_cache() have the necessary barriers. */ - if (pte_valid_not_user(pte)) + if (pte_valid_not_user(pte)) { dsb(ishst); + isb(); + } } extern void __sync_icache_dcache(pte_t pteval); @@ -481,8 +483,10 @@ static inline void set_pmd(pmd_t *pmdp, pmd_t pmd) WRITE_ONCE(*pmdp, pmd); - if (pmd_valid(pmd)) + if (pmd_valid(pmd)) { dsb(ishst); + isb(); + } } static inline void pmd_clear(pmd_t *pmdp) @@ -540,8 +544,10 @@ static inline void set_pud(pud_t *pudp, pud_t pud) WRITE_ONCE(*pudp, pud); - if (pud_valid(pud)) + if (pud_valid(pud)) { dsb(ishst); + isb(); + } } static inline void pud_clear(pud_t *pudp)

5 years, 2 months

3
2
0 0

FAILED: patch "[PATCH] staging: erofs: detect potential multiref due to corrupted" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e12a0ce2fa69798194f3a8628baf6edfbd5c548f Mon Sep 17 00:00:00 2001 From: Gao Xiang <gaoxiang25(a)huawei.com> Date: Wed, 21 Aug 2019 22:01:52 +0800 Subject: [PATCH] staging: erofs: detect potential multiref due to corrupted images As reported by erofs-utils fuzzer, currently, multiref (ondisk deduplication) hasn't been supported for now, we should forbid it properly. Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: <stable(a)vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25(a)huawei.com> Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Link: https://lore.kernel.org/r/20190821140152.229648-1-gaoxiang25@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c index 4d6faaab04f5..60d7c20db87d 100644 --- a/drivers/staging/erofs/zdata.c +++ b/drivers/staging/erofs/zdata.c @@ -798,6 +798,7 @@ static int z_erofs_decompress_pcluster(struct super_block *sb, for (i = 0; i < nr_pages; ++i) pages[i] = NULL; + err = 0; z_erofs_pagevec_ctor_init(&ctor, Z_EROFS_NR_INLINE_PAGEVECS, cl->pagevec, 0); @@ -819,8 +820,17 @@ static int z_erofs_decompress_pcluster(struct super_block *sb, pagenr = z_erofs_onlinepage_index(page); DBG_BUGON(pagenr >= nr_pages); - DBG_BUGON(pages[pagenr]); + /* + * currently EROFS doesn't support multiref(dedup), + * so here erroring out one multiref page. + */ + if (unlikely(pages[pagenr])) { + DBG_BUGON(1); + SetPageError(pages[pagenr]); + z_erofs_onlinepage_endio(pages[pagenr]); + err = -EFSCORRUPTED; + } pages[pagenr] = page; } z_erofs_pagevec_ctor_exit(&ctor, true); @@ -828,7 +838,6 @@ static int z_erofs_decompress_pcluster(struct super_block *sb, overlapped = false; compressed_pages = pcl->compressed_pages; - err = 0; for (i = 0; i < clusterpages; ++i) { unsigned int pagenr; @@ -852,7 +861,12 @@ static int z_erofs_decompress_pcluster(struct super_block *sb, pagenr = z_erofs_onlinepage_index(page); DBG_BUGON(pagenr >= nr_pages); - DBG_BUGON(pages[pagenr]); + if (unlikely(pages[pagenr])) { + DBG_BUGON(1); + SetPageError(pages[pagenr]); + z_erofs_onlinepage_endio(pages[pagenr]); + err = -EFSCORRUPTED; + } pages[pagenr] = page; overlapped = true;

5 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] staging: erofs: detect potential multiref due to corrupted" failed to apply to 5.2-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.2-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e12a0ce2fa69798194f3a8628baf6edfbd5c548f Mon Sep 17 00:00:00 2001 From: Gao Xiang <gaoxiang25(a)huawei.com> Date: Wed, 21 Aug 2019 22:01:52 +0800 Subject: [PATCH] staging: erofs: detect potential multiref due to corrupted images As reported by erofs-utils fuzzer, currently, multiref (ondisk deduplication) hasn't been supported for now, we should forbid it properly. Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: <stable(a)vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25(a)huawei.com> Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Link: https://lore.kernel.org/r/20190821140152.229648-1-gaoxiang25@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c index 4d6faaab04f5..60d7c20db87d 100644 --- a/drivers/staging/erofs/zdata.c +++ b/drivers/staging/erofs/zdata.c @@ -798,6 +798,7 @@ static int z_erofs_decompress_pcluster(struct super_block *sb, for (i = 0; i < nr_pages; ++i) pages[i] = NULL; + err = 0; z_erofs_pagevec_ctor_init(&ctor, Z_EROFS_NR_INLINE_PAGEVECS, cl->pagevec, 0); @@ -819,8 +820,17 @@ static int z_erofs_decompress_pcluster(struct super_block *sb, pagenr = z_erofs_onlinepage_index(page); DBG_BUGON(pagenr >= nr_pages); - DBG_BUGON(pages[pagenr]); + /* + * currently EROFS doesn't support multiref(dedup), + * so here erroring out one multiref page. + */ + if (unlikely(pages[pagenr])) { + DBG_BUGON(1); + SetPageError(pages[pagenr]); + z_erofs_onlinepage_endio(pages[pagenr]); + err = -EFSCORRUPTED; + } pages[pagenr] = page; } z_erofs_pagevec_ctor_exit(&ctor, true); @@ -828,7 +838,6 @@ static int z_erofs_decompress_pcluster(struct super_block *sb, overlapped = false; compressed_pages = pcl->compressed_pages; - err = 0; for (i = 0; i < clusterpages; ++i) { unsigned int pagenr; @@ -852,7 +861,12 @@ static int z_erofs_decompress_pcluster(struct super_block *sb, pagenr = z_erofs_onlinepage_index(page); DBG_BUGON(pagenr >= nr_pages); - DBG_BUGON(pages[pagenr]); + if (unlikely(pages[pagenr])) { + DBG_BUGON(1); + SetPageError(pages[pagenr]); + z_erofs_onlinepage_endio(pages[pagenr]); + err = -EFSCORRUPTED; + } pages[pagenr] = page; overlapped = true;

5 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] staging: erofs: detect potential multiref due to corrupted" failed to apply to 5.3-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.3-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e12a0ce2fa69798194f3a8628baf6edfbd5c548f Mon Sep 17 00:00:00 2001 From: Gao Xiang <gaoxiang25(a)huawei.com> Date: Wed, 21 Aug 2019 22:01:52 +0800 Subject: [PATCH] staging: erofs: detect potential multiref due to corrupted images As reported by erofs-utils fuzzer, currently, multiref (ondisk deduplication) hasn't been supported for now, we should forbid it properly. Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: <stable(a)vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25(a)huawei.com> Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Link: https://lore.kernel.org/r/20190821140152.229648-1-gaoxiang25@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c index 4d6faaab04f5..60d7c20db87d 100644 --- a/drivers/staging/erofs/zdata.c +++ b/drivers/staging/erofs/zdata.c @@ -798,6 +798,7 @@ static int z_erofs_decompress_pcluster(struct super_block *sb, for (i = 0; i < nr_pages; ++i) pages[i] = NULL; + err = 0; z_erofs_pagevec_ctor_init(&ctor, Z_EROFS_NR_INLINE_PAGEVECS, cl->pagevec, 0); @@ -819,8 +820,17 @@ static int z_erofs_decompress_pcluster(struct super_block *sb, pagenr = z_erofs_onlinepage_index(page); DBG_BUGON(pagenr >= nr_pages); - DBG_BUGON(pages[pagenr]); + /* + * currently EROFS doesn't support multiref(dedup), + * so here erroring out one multiref page. + */ + if (unlikely(pages[pagenr])) { + DBG_BUGON(1); + SetPageError(pages[pagenr]); + z_erofs_onlinepage_endio(pages[pagenr]); + err = -EFSCORRUPTED; + } pages[pagenr] = page; } z_erofs_pagevec_ctor_exit(&ctor, true); @@ -828,7 +838,6 @@ static int z_erofs_decompress_pcluster(struct super_block *sb, overlapped = false; compressed_pages = pcl->compressed_pages; - err = 0; for (i = 0; i < clusterpages; ++i) { unsigned int pagenr; @@ -852,7 +861,12 @@ static int z_erofs_decompress_pcluster(struct super_block *sb, pagenr = z_erofs_onlinepage_index(page); DBG_BUGON(pagenr >= nr_pages); - DBG_BUGON(pages[pagenr]); + if (unlikely(pages[pagenr])) { + DBG_BUGON(1); + SetPageError(pages[pagenr]); + z_erofs_onlinepage_endio(pages[pagenr]); + err = -EFSCORRUPTED; + } pages[pagenr] = page; overlapped = true;

5 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] staging: erofs: add two missing erofs_workgroup_put for" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 138e1a0990e80db486ab9f6c06bd5c01f9a97999 Mon Sep 17 00:00:00 2001 From: Gao Xiang <gaoxiang25(a)huawei.com> Date: Mon, 19 Aug 2019 18:34:23 +0800 Subject: [PATCH] staging: erofs: add two missing erofs_workgroup_put for corrupted images As reported by erofs-utils fuzzer, these error handling path will be entered to handle corrupted images. Lack of erofs_workgroup_puts will cause unmounting unsuccessfully. Fix these return values to EFSCORRUPTED as well. Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: <stable(a)vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25(a)huawei.com> Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Link: https://lore.kernel.org/r/20190819103426.87579-4-gaoxiang25@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c index 87b0c96caf8f..23283c97fd3b 100644 --- a/drivers/staging/erofs/zdata.c +++ b/drivers/staging/erofs/zdata.c @@ -357,14 +357,16 @@ static struct z_erofs_collection *cllookup(struct z_erofs_collector *clt, cl = z_erofs_primarycollection(pcl); if (unlikely(cl->pageofs != (map->m_la & ~PAGE_MASK))) { DBG_BUGON(1); - return ERR_PTR(-EIO); + erofs_workgroup_put(grp); + return ERR_PTR(-EFSCORRUPTED); } length = READ_ONCE(pcl->length); if (length & Z_EROFS_PCLUSTER_FULL_LENGTH) { if ((map->m_llen << Z_EROFS_PCLUSTER_LENGTH_BIT) > length) { DBG_BUGON(1); - return ERR_PTR(-EIO); + erofs_workgroup_put(grp); + return ERR_PTR(-EFSCORRUPTED); } } else { unsigned int llen = map->m_llen << Z_EROFS_PCLUSTER_LENGTH_BIT;

5 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] staging: erofs: add two missing erofs_workgroup_put for" failed to apply to 5.2-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.2-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 138e1a0990e80db486ab9f6c06bd5c01f9a97999 Mon Sep 17 00:00:00 2001 From: Gao Xiang <gaoxiang25(a)huawei.com> Date: Mon, 19 Aug 2019 18:34:23 +0800 Subject: [PATCH] staging: erofs: add two missing erofs_workgroup_put for corrupted images As reported by erofs-utils fuzzer, these error handling path will be entered to handle corrupted images. Lack of erofs_workgroup_puts will cause unmounting unsuccessfully. Fix these return values to EFSCORRUPTED as well. Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: <stable(a)vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25(a)huawei.com> Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Link: https://lore.kernel.org/r/20190819103426.87579-4-gaoxiang25@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c index 87b0c96caf8f..23283c97fd3b 100644 --- a/drivers/staging/erofs/zdata.c +++ b/drivers/staging/erofs/zdata.c @@ -357,14 +357,16 @@ static struct z_erofs_collection *cllookup(struct z_erofs_collector *clt, cl = z_erofs_primarycollection(pcl); if (unlikely(cl->pageofs != (map->m_la & ~PAGE_MASK))) { DBG_BUGON(1); - return ERR_PTR(-EIO); + erofs_workgroup_put(grp); + return ERR_PTR(-EFSCORRUPTED); } length = READ_ONCE(pcl->length); if (length & Z_EROFS_PCLUSTER_FULL_LENGTH) { if ((map->m_llen << Z_EROFS_PCLUSTER_LENGTH_BIT) > length) { DBG_BUGON(1); - return ERR_PTR(-EIO); + erofs_workgroup_put(grp); + return ERR_PTR(-EFSCORRUPTED); } } else { unsigned int llen = map->m_llen << Z_EROFS_PCLUSTER_LENGTH_BIT;

5 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] staging: erofs: add two missing erofs_workgroup_put for" failed to apply to 5.3-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.3-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 138e1a0990e80db486ab9f6c06bd5c01f9a97999 Mon Sep 17 00:00:00 2001 From: Gao Xiang <gaoxiang25(a)huawei.com> Date: Mon, 19 Aug 2019 18:34:23 +0800 Subject: [PATCH] staging: erofs: add two missing erofs_workgroup_put for corrupted images As reported by erofs-utils fuzzer, these error handling path will be entered to handle corrupted images. Lack of erofs_workgroup_puts will cause unmounting unsuccessfully. Fix these return values to EFSCORRUPTED as well. Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: <stable(a)vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25(a)huawei.com> Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Link: https://lore.kernel.org/r/20190819103426.87579-4-gaoxiang25@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c index 87b0c96caf8f..23283c97fd3b 100644 --- a/drivers/staging/erofs/zdata.c +++ b/drivers/staging/erofs/zdata.c @@ -357,14 +357,16 @@ static struct z_erofs_collection *cllookup(struct z_erofs_collector *clt, cl = z_erofs_primarycollection(pcl); if (unlikely(cl->pageofs != (map->m_la & ~PAGE_MASK))) { DBG_BUGON(1); - return ERR_PTR(-EIO); + erofs_workgroup_put(grp); + return ERR_PTR(-EFSCORRUPTED); } length = READ_ONCE(pcl->length); if (length & Z_EROFS_PCLUSTER_FULL_LENGTH) { if ((map->m_llen << Z_EROFS_PCLUSTER_LENGTH_BIT) > length) { DBG_BUGON(1); - return ERR_PTR(-EIO); + erofs_workgroup_put(grp); + return ERR_PTR(-EFSCORRUPTED); } } else { unsigned int llen = map->m_llen << Z_EROFS_PCLUSTER_LENGTH_BIT;

5 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] staging: erofs: some compressed cluster should be submitted" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ee45197c807895e156b2be0abcaebdfc116487c8 Mon Sep 17 00:00:00 2001 From: Gao Xiang <gaoxiang25(a)huawei.com> Date: Mon, 19 Aug 2019 18:34:21 +0800 Subject: [PATCH] staging: erofs: some compressed cluster should be submitted for corrupted images As reported by erofs_utils fuzzer, a logical page can belong to at most 2 compressed clusters, if one compressed cluster is corrupted, but the other has been ready in submitting chain. The chain needs to submit anyway in order to keep the page working properly (page unlocked with PG_error set, PG_uptodate not set). Let's fix it now. Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: <stable(a)vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25(a)huawei.com> Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Link: https://lore.kernel.org/r/20190819103426.87579-2-gaoxiang25@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c index 2d7aaf98f7de..87b0c96caf8f 100644 --- a/drivers/staging/erofs/zdata.c +++ b/drivers/staging/erofs/zdata.c @@ -1307,19 +1307,18 @@ static int z_erofs_vle_normalaccess_readpage(struct file *file, err = z_erofs_do_read_page(&f, page, &pagepool); (void)z_erofs_collector_end(&f.clt); - if (err) { + /* if some compressed cluster ready, need submit them anyway */ + z_erofs_submit_and_unzip(inode->i_sb, &f.clt, &pagepool, true); + + if (err) errln("%s, failed to read, err [%d]", __func__, err); - goto out; - } - z_erofs_submit_and_unzip(inode->i_sb, &f.clt, &pagepool, true); -out: if (f.map.mpage) put_page(f.map.mpage); /* clean up the remaining free pages */ put_pages_list(&pagepool); - return 0; + return err; } static bool should_decompress_synchronously(struct erofs_sb_info *sbi,

5 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] staging: erofs: some compressed cluster should be submitted" failed to apply to 5.2-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.2-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ee45197c807895e156b2be0abcaebdfc116487c8 Mon Sep 17 00:00:00 2001 From: Gao Xiang <gaoxiang25(a)huawei.com> Date: Mon, 19 Aug 2019 18:34:21 +0800 Subject: [PATCH] staging: erofs: some compressed cluster should be submitted for corrupted images As reported by erofs_utils fuzzer, a logical page can belong to at most 2 compressed clusters, if one compressed cluster is corrupted, but the other has been ready in submitting chain. The chain needs to submit anyway in order to keep the page working properly (page unlocked with PG_error set, PG_uptodate not set). Let's fix it now. Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: <stable(a)vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25(a)huawei.com> Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Link: https://lore.kernel.org/r/20190819103426.87579-2-gaoxiang25@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c index 2d7aaf98f7de..87b0c96caf8f 100644 --- a/drivers/staging/erofs/zdata.c +++ b/drivers/staging/erofs/zdata.c @@ -1307,19 +1307,18 @@ static int z_erofs_vle_normalaccess_readpage(struct file *file, err = z_erofs_do_read_page(&f, page, &pagepool); (void)z_erofs_collector_end(&f.clt); - if (err) { + /* if some compressed cluster ready, need submit them anyway */ + z_erofs_submit_and_unzip(inode->i_sb, &f.clt, &pagepool, true); + + if (err) errln("%s, failed to read, err [%d]", __func__, err); - goto out; - } - z_erofs_submit_and_unzip(inode->i_sb, &f.clt, &pagepool, true); -out: if (f.map.mpage) put_page(f.map.mpage); /* clean up the remaining free pages */ put_pages_list(&pagepool); - return 0; + return err; } static bool should_decompress_synchronously(struct erofs_sb_info *sbi,

5 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] staging: erofs: some compressed cluster should be submitted" failed to apply to 5.3-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.3-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ee45197c807895e156b2be0abcaebdfc116487c8 Mon Sep 17 00:00:00 2001 From: Gao Xiang <gaoxiang25(a)huawei.com> Date: Mon, 19 Aug 2019 18:34:21 +0800 Subject: [PATCH] staging: erofs: some compressed cluster should be submitted for corrupted images As reported by erofs_utils fuzzer, a logical page can belong to at most 2 compressed clusters, if one compressed cluster is corrupted, but the other has been ready in submitting chain. The chain needs to submit anyway in order to keep the page working properly (page unlocked with PG_error set, PG_uptodate not set). Let's fix it now. Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Cc: <stable(a)vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25(a)huawei.com> Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Link: https://lore.kernel.org/r/20190819103426.87579-2-gaoxiang25@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c index 2d7aaf98f7de..87b0c96caf8f 100644 --- a/drivers/staging/erofs/zdata.c +++ b/drivers/staging/erofs/zdata.c @@ -1307,19 +1307,18 @@ static int z_erofs_vle_normalaccess_readpage(struct file *file, err = z_erofs_do_read_page(&f, page, &pagepool); (void)z_erofs_collector_end(&f.clt); - if (err) { + /* if some compressed cluster ready, need submit them anyway */ + z_erofs_submit_and_unzip(inode->i_sb, &f.clt, &pagepool, true); + + if (err) errln("%s, failed to read, err [%d]", __func__, err); - goto out; - } - z_erofs_submit_and_unzip(inode->i_sb, &f.clt, &pagepool, true); -out: if (f.map.mpage) put_page(f.map.mpage); /* clean up the remaining free pages */ put_pages_list(&pagepool); - return 0; + return err; } static bool should_decompress_synchronously(struct erofs_sb_info *sbi,

5 years, 2 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2019