[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20240822225812.78755-1-phillip@squashfs.org.uk>
Date: Thu, 22 Aug 2024 23:58:12 +0100
From: Phillip Lougher <phillip@...ashfs.org.uk>
To: akpm@...ux-foundation.org,
brauner@...nel.org,
linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Cc: Phillip Lougher <phillip@...ashfs.org.uk>
Subject: [PATCH V2] Squashfs: Ensure all readahead pages have been used
In the recent work to remove page->index, a sanity check
that ensured all the readhead pages were covered by the
Squashfs data block was removed [1].
To avoid any regression, this commit adds the sanity check
back in an equivalent way. Namely the page actor will now
return error if any pages are unused after completion.
[1] https://lore.kernel.org/all/20240818235847.170468-3-phillip@squashfs.org.uk/
Signed-off-by: Phillip Lougher <phillip@...ashfs.org.uk>
--
V2: fix use after free thinko.
---
fs/squashfs/file.c | 4 ++--
fs/squashfs/file_direct.c | 2 +-
fs/squashfs/page_actor.h | 3 ++-
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/squashfs/file.c b/fs/squashfs/file.c
index 5a3745e52025..21aaa96856c1 100644
--- a/fs/squashfs/file.c
+++ b/fs/squashfs/file.c
@@ -535,7 +535,7 @@ static int squashfs_readahead_fragment(struct page **page,
last_page = squashfs_page_actor_free(actor);
- if (copied == expected) {
+ if (copied == expected && !IS_ERR(last_page)) {
/* Last page (if present) may have trailing bytes not filled */
bytes = copied % PAGE_SIZE;
if (bytes && last_page)
@@ -625,7 +625,7 @@ static void squashfs_readahead(struct readahead_control *ractl)
last_page = squashfs_page_actor_free(actor);
- if (res == expected) {
+ if (res == expected && !IS_ERR(last_page)) {
int bytes;
/* Last page (if present) may have trailing bytes not filled */
diff --git a/fs/squashfs/file_direct.c b/fs/squashfs/file_direct.c
index 646d4d421f99..22251743fadf 100644
--- a/fs/squashfs/file_direct.c
+++ b/fs/squashfs/file_direct.c
@@ -80,7 +80,7 @@ int squashfs_readpage_block(struct page *target_page, u64 block, int bsize,
if (res < 0)
goto mark_errored;
- if (res != expected) {
+ if (res != expected || IS_ERR(last_page)) {
res = -EIO;
goto mark_errored;
}
diff --git a/fs/squashfs/page_actor.h b/fs/squashfs/page_actor.h
index c6d837f0e9ca..aa0d0e583634 100644
--- a/fs/squashfs/page_actor.h
+++ b/fs/squashfs/page_actor.h
@@ -33,10 +33,11 @@ extern struct squashfs_page_actor *squashfs_page_actor_init_special(
loff_t start_index);
static inline struct page *squashfs_page_actor_free(struct squashfs_page_actor *actor)
{
- struct page *last_page = actor->last_page;
+ struct page *last_page = actor->next_page == actor->pages ? last_page : ERR_PTR(-EIO);
kfree(actor->tmp_buffer);
kfree(actor);
+
return last_page;
}
static inline void *squashfs_first_page(struct squashfs_page_actor *actor)
--
2.39.2
Powered by blists - more mailing lists