lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20230629-squashfs-cache-migration-v1-1-d50ebe55099d@axis.com>
Date:   Thu, 29 Jun 2023 16:17:57 +0200
From:   Vincent Whitchurch <vincent.whitchurch@...s.com>
To:     Phillip Lougher <phillip@...ashfs.org.uk>,
        Andrew Morton <akpm@...ux-foundation.org>
CC:     Christoph Hellwig <hch@....de>, <linux-kernel@...r.kernel.org>,
        <kernel@...s.com>, Vincent Whitchurch <vincent.whitchurch@...s.com>
Subject: [PATCH] squashfs: fix cache race with migration

Migration replaces the page in the mapping before copying the contents
and the flags over from the old page, so check that the page in the page
cache is really up to date before using it.  Without this, stressing
squashfs reads with parallel compaction sometimes results in squashfs
reporting data corruption.

Fixes: e994f5b677ee ("squashfs: cache partial compressed blocks")
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@...s.com>
---
 fs/squashfs/block.c | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/fs/squashfs/block.c b/fs/squashfs/block.c
index 6aa9c2e1e8ebe..581ce95193390 100644
--- a/fs/squashfs/block.c
+++ b/fs/squashfs/block.c
@@ -166,6 +166,26 @@ static int squashfs_bio_read_cached(struct bio *fullbio,
 	return 0;
 }
 
+static struct page *squashfs_get_cache_page(struct address_space *mapping,
+					    pgoff_t index)
+{
+	struct page *page;
+
+	if (!mapping)
+		return NULL;
+
+	page = find_get_page(mapping, index);
+	if (!page)
+		return NULL;
+
+	if (!PageUptodate(page)) {
+		put_page(page);
+		return NULL;
+	}
+
+	return page;
+}
+
 static int squashfs_bio_read(struct super_block *sb, u64 index, int length,
 			     struct bio **biop, int *block_offset)
 {
@@ -190,11 +210,10 @@ static int squashfs_bio_read(struct super_block *sb, u64 index, int length,
 	for (i = 0; i < page_count; ++i) {
 		unsigned int len =
 			min_t(unsigned int, PAGE_SIZE - offset, total_len);
-		struct page *page = NULL;
+		pgoff_t index = (read_start >> PAGE_SHIFT) + i;
+		struct page *page;
 
-		if (cache_mapping)
-			page = find_get_page(cache_mapping,
-					     (read_start >> PAGE_SHIFT) + i);
+		page = squashfs_get_cache_page(cache_mapping, index);
 		if (!page)
 			page = alloc_page(GFP_NOIO);
 

---
base-commit: 3a8a670eeeaa40d87bd38a587438952741980c18
change-id: 20230629-squashfs-cache-migration-27154a50f449

Best regards,
-- 
Vincent Whitchurch <vincent.whitchurch@...s.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ