<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/fs/squashfs, branch linux-3.16.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>squashfs: more metadata hardening</title>
<updated>2018-11-20T18:05:53+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2018-07-30T21:27:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=26772d7a93703ef0458b8b8891f316bd15386bfc'/>
<id>26772d7a93703ef0458b8b8891f316bd15386bfc</id>
<content type='text'>
commit d512584780d3e6a7cacb2f482834849453d444a1 upstream.

Anatoly reports another squashfs fuzzing issue, where the decompression
parameters themselves are in a compressed block.

This causes squashfs_read_data() to be called in order to read the
decompression options before the decompression stream having been set
up, making squashfs go sideways.

Reported-by: Anatoly Trosinenko &lt;anatoly.trosinenko@gmail.com&gt;
Acked-by: Phillip Lougher &lt;phillip.lougher@gmail.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit d512584780d3e6a7cacb2f482834849453d444a1 upstream.

Anatoly reports another squashfs fuzzing issue, where the decompression
parameters themselves are in a compressed block.

This causes squashfs_read_data() to be called in order to read the
decompression options before the decompression stream having been set
up, making squashfs go sideways.

Reported-by: Anatoly Trosinenko &lt;anatoly.trosinenko@gmail.com&gt;
Acked-by: Phillip Lougher &lt;phillip.lougher@gmail.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>squashfs: be more careful about metadata corruption</title>
<updated>2018-11-20T18:05:52+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2018-07-29T19:44:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=85087c2072b50965d89bd29f5a022e7bceffe586'/>
<id>85087c2072b50965d89bd29f5a022e7bceffe586</id>
<content type='text'>
commit 01cfb7937a9af2abb1136c7e89fbf3fd92952956 upstream.

Anatoly Trosinenko reports that a corrupted squashfs image can cause a
kernel oops.  It turns out that squashfs can end up being confused about
negative fragment lengths.

The regular squashfs_read_data() does check for negative lengths, but
squashfs_read_metadata() did not, and the fragment size code just
blindly trusted the on-disk value.  Fix both the fragment parsing and
the metadata reading code.

Reported-by: Anatoly Trosinenko &lt;anatoly.trosinenko@gmail.com&gt;
Cc: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
Cc: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 01cfb7937a9af2abb1136c7e89fbf3fd92952956 upstream.

Anatoly Trosinenko reports that a corrupted squashfs image can cause a
kernel oops.  It turns out that squashfs can end up being confused about
negative fragment lengths.

The regular squashfs_read_data() does check for negative lengths, but
squashfs_read_metadata() did not, and the fragment size code just
blindly trusted the on-disk value.  Fix both the fragment parsing and
the metadata reading code.

Reported-by: Anatoly Trosinenko &lt;anatoly.trosinenko@gmail.com&gt;
Cc: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
Cc: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fs/squashfs/squashfs.h: replace pr_warning by pr_warn</title>
<updated>2014-06-04T23:53:52+00:00</updated>
<author>
<name>Fabian Frederick</name>
<email>fabf@skynet.be</email>
</author>
<published>2014-06-04T23:05:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=220108361f7cef9bc3ac0b4c84cb556d36ec2a6f'/>
<id>220108361f7cef9bc3ac0b4c84cb556d36ec2a6f</id>
<content type='text'>
Update the last pr_warning callsite in fs branch

Signed-off-by: Fabian Frederick &lt;fabf@skynet.be&gt;
Cc: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Update the last pr_warning callsite in fs branch

Signed-off-by: Fabian Frederick &lt;fabf@skynet.be&gt;
Cc: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fs: push sync_filesystem() down to the file system's remount_fs()</title>
<updated>2014-03-13T14:14:33+00:00</updated>
<author>
<name>Theodore Ts'o</name>
<email>tytso@mit.edu</email>
</author>
<published>2014-03-13T14:14:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=02b9984d640873b7b3809e63f81a0d7e13496886'/>
<id>02b9984d640873b7b3809e63f81a0d7e13496886</id>
<content type='text'>
Previously, the no-op "mount -o mount /dev/xxx" operation when the
file system is already mounted read-write causes an implied,
unconditional syncfs().  This seems pretty stupid, and it's certainly
documented or guaraunteed to do this, nor is it particularly useful,
except in the case where the file system was mounted rw and is getting
remounted read-only.

However, it's possible that there might be some file systems that are
actually depending on this behavior.  In most file systems, it's
probably fine to only call sync_filesystem() when transitioning from
read-write to read-only, and there are some file systems where this is
not needed at all (for example, for a pseudo-filesystem or something
like romfs).

Signed-off-by: "Theodore Ts'o" &lt;tytso@mit.edu&gt;
Cc: linux-fsdevel@vger.kernel.org
Cc: Christoph Hellwig &lt;hch@infradead.org&gt;
Cc: Artem Bityutskiy &lt;dedekind1@gmail.com&gt;
Cc: Adrian Hunter &lt;adrian.hunter@intel.com&gt;
Cc: Evgeniy Dushistov &lt;dushistov@mail.ru&gt;
Cc: Jan Kara &lt;jack@suse.cz&gt;
Cc: OGAWA Hirofumi &lt;hirofumi@mail.parknet.co.jp&gt;
Cc: Anders Larsen &lt;al@alarsen.net&gt;
Cc: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Cc: Kees Cook &lt;keescook@chromium.org&gt;
Cc: Mikulas Patocka &lt;mikulas@artax.karlin.mff.cuni.cz&gt;
Cc: Petr Vandrovec &lt;petr@vandrovec.name&gt;
Cc: xfs@oss.sgi.com
Cc: linux-btrfs@vger.kernel.org
Cc: linux-cifs@vger.kernel.org
Cc: samba-technical@lists.samba.org
Cc: codalist@coda.cs.cmu.edu
Cc: linux-ext4@vger.kernel.org
Cc: linux-f2fs-devel@lists.sourceforge.net
Cc: fuse-devel@lists.sourceforge.net
Cc: cluster-devel@redhat.com
Cc: linux-mtd@lists.infradead.org
Cc: jfs-discussion@lists.sourceforge.net
Cc: linux-nfs@vger.kernel.org
Cc: linux-nilfs@vger.kernel.org
Cc: linux-ntfs-dev@lists.sourceforge.net
Cc: ocfs2-devel@oss.oracle.com
Cc: reiserfs-devel@vger.kernel.org
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Previously, the no-op "mount -o mount /dev/xxx" operation when the
file system is already mounted read-write causes an implied,
unconditional syncfs().  This seems pretty stupid, and it's certainly
documented or guaraunteed to do this, nor is it particularly useful,
except in the case where the file system was mounted rw and is getting
remounted read-only.

However, it's possible that there might be some file systems that are
actually depending on this behavior.  In most file systems, it's
probably fine to only call sync_filesystem() when transitioning from
read-write to read-only, and there are some file systems where this is
not needed at all (for example, for a pseudo-filesystem or something
like romfs).

Signed-off-by: "Theodore Ts'o" &lt;tytso@mit.edu&gt;
Cc: linux-fsdevel@vger.kernel.org
Cc: Christoph Hellwig &lt;hch@infradead.org&gt;
Cc: Artem Bityutskiy &lt;dedekind1@gmail.com&gt;
Cc: Adrian Hunter &lt;adrian.hunter@intel.com&gt;
Cc: Evgeniy Dushistov &lt;dushistov@mail.ru&gt;
Cc: Jan Kara &lt;jack@suse.cz&gt;
Cc: OGAWA Hirofumi &lt;hirofumi@mail.parknet.co.jp&gt;
Cc: Anders Larsen &lt;al@alarsen.net&gt;
Cc: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Cc: Kees Cook &lt;keescook@chromium.org&gt;
Cc: Mikulas Patocka &lt;mikulas@artax.karlin.mff.cuni.cz&gt;
Cc: Petr Vandrovec &lt;petr@vandrovec.name&gt;
Cc: xfs@oss.sgi.com
Cc: linux-btrfs@vger.kernel.org
Cc: linux-cifs@vger.kernel.org
Cc: samba-technical@lists.samba.org
Cc: codalist@coda.cs.cmu.edu
Cc: linux-ext4@vger.kernel.org
Cc: linux-f2fs-devel@lists.sourceforge.net
Cc: fuse-devel@lists.sourceforge.net
Cc: cluster-devel@redhat.com
Cc: linux-mtd@lists.infradead.org
Cc: jfs-discussion@lists.sourceforge.net
Cc: linux-nfs@vger.kernel.org
Cc: linux-nilfs@vger.kernel.org
Cc: linux-ntfs-dev@lists.sourceforge.net
Cc: ocfs2-devel@oss.oracle.com
Cc: reiserfs-devel@vger.kernel.org
</pre>
</div>
</content>
</entry>
<entry>
<title>Squashfs: fix failure to unlock pages on decompress error</title>
<updated>2013-11-24T01:02:50+00:00</updated>
<author>
<name>Phillip Lougher</name>
<email>phillip@squashfs.org.uk</email>
</author>
<published>2013-11-24T00:40:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=6d565409503f4e1f74ac30de14e8c91a2b826cd8'/>
<id>6d565409503f4e1f74ac30de14e8c91a2b826cd8</id>
<content type='text'>
Direct decompression into the page cache.  If we fall back
to using an intermediate buffer (because we cannot grab all the
page cache pages) and we get a decompress fail, we forgot to
release the pages.

Reported-by: Roman Peniaev &lt;r.peniaev@gmail.com&gt;
Signed-off-by: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Direct decompression into the page cache.  If we fall back
to using an intermediate buffer (because we cannot grab all the
page cache pages) and we get a decompress fail, we forgot to
release the pages.

Reported-by: Roman Peniaev &lt;r.peniaev@gmail.com&gt;
Signed-off-by: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Squashfs: Check stream is not NULL in decompressor_multi.c</title>
<updated>2013-11-20T03:59:20+00:00</updated>
<author>
<name>Phillip Lougher</name>
<email>phillip@squashfs.org.uk</email>
</author>
<published>2013-11-10T00:02:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ed4f381ec15e5f11724cdbc68cffd2c22d1eaebd'/>
<id>ed4f381ec15e5f11724cdbc68cffd2c22d1eaebd</id>
<content type='text'>
Fix static checker complaint that stream is not checked in
squashfs_decompressor_destroy().

Reported-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Reviewed-by: Minchan Kim &lt;minchan@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fix static checker complaint that stream is not checked in
squashfs_decompressor_destroy().

Reported-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Reviewed-by: Minchan Kim &lt;minchan@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Squashfs: Directly decompress into the page cache for file data</title>
<updated>2013-11-20T03:59:13+00:00</updated>
<author>
<name>Phillip Lougher</name>
<email>phillip@squashfs.org.uk</email>
</author>
<published>2013-11-13T02:04:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0d455c12c6428647547bacccaaced3cae0f35570'/>
<id>0d455c12c6428647547bacccaaced3cae0f35570</id>
<content type='text'>
This introduces an implementation of squashfs_readpage_block()
that directly decompresses into the page cache.

This uses the previously added page handler abstraction to push
down the necessary kmap_atomic/kunmap_atomic operations on the
page cache buffers into the decompressors.  This enables
direct copying into the page cache without using the slow
kmap/kunmap calls.

The code detects when multiple threads are racing in
squashfs_readpage() to decompress the same block, and avoids
this regression by falling back to using an intermediate
buffer.

This patch enhances the performance of Squashfs significantly
when multiple processes are accessing the filesystem simultaneously
because it not only reduces memcopying, but it more importantly
eliminates the lock contention on the intermediate buffer.

Using single-thread decompression.

        dd if=file1 of=/dev/null bs=4096 &amp;
        dd if=file2 of=/dev/null bs=4096 &amp;
        dd if=file3 of=/dev/null bs=4096 &amp;
        dd if=file4 of=/dev/null bs=4096

Before:

629145600 bytes (629 MB) copied, 45.8046 s, 13.7 MB/s

After:

629145600 bytes (629 MB) copied, 9.29414 s, 67.7 MB/s

Signed-off-by: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Reviewed-by: Minchan Kim &lt;minchan@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This introduces an implementation of squashfs_readpage_block()
that directly decompresses into the page cache.

This uses the previously added page handler abstraction to push
down the necessary kmap_atomic/kunmap_atomic operations on the
page cache buffers into the decompressors.  This enables
direct copying into the page cache without using the slow
kmap/kunmap calls.

The code detects when multiple threads are racing in
squashfs_readpage() to decompress the same block, and avoids
this regression by falling back to using an intermediate
buffer.

This patch enhances the performance of Squashfs significantly
when multiple processes are accessing the filesystem simultaneously
because it not only reduces memcopying, but it more importantly
eliminates the lock contention on the intermediate buffer.

Using single-thread decompression.

        dd if=file1 of=/dev/null bs=4096 &amp;
        dd if=file2 of=/dev/null bs=4096 &amp;
        dd if=file3 of=/dev/null bs=4096 &amp;
        dd if=file4 of=/dev/null bs=4096

Before:

629145600 bytes (629 MB) copied, 45.8046 s, 13.7 MB/s

After:

629145600 bytes (629 MB) copied, 9.29414 s, 67.7 MB/s

Signed-off-by: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Reviewed-by: Minchan Kim &lt;minchan@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Squashfs: Restructure squashfs_readpage()</title>
<updated>2013-11-20T03:59:07+00:00</updated>
<author>
<name>Phillip Lougher</name>
<email>phillip@squashfs.org.uk</email>
</author>
<published>2013-10-31T19:24:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5f55dbc0c5c466a9cdfa4da7ac1bfe351c7fc52a'/>
<id>5f55dbc0c5c466a9cdfa4da7ac1bfe351c7fc52a</id>
<content type='text'>
Restructure squashfs_readpage() splitting it into separate
functions for datablocks, fragments and sparse blocks.

Move the memcpying (from squashfs cache entry) implementation of
squashfs_readpage_block into file_cache.c

This allows different implementations to be supported.

Signed-off-by: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Reviewed-by: Minchan Kim &lt;minchan@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Restructure squashfs_readpage() splitting it into separate
functions for datablocks, fragments and sparse blocks.

Move the memcpying (from squashfs cache entry) implementation of
squashfs_readpage_block into file_cache.c

This allows different implementations to be supported.

Signed-off-by: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Reviewed-by: Minchan Kim &lt;minchan@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Squashfs: Generalise paging handling in the decompressors</title>
<updated>2013-11-20T03:59:01+00:00</updated>
<author>
<name>Phillip Lougher</name>
<email>phillip@squashfs.org.uk</email>
</author>
<published>2013-11-18T02:59:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=846b730e99518a1c9945afcb2afbe4d08a02ed80'/>
<id>846b730e99518a1c9945afcb2afbe4d08a02ed80</id>
<content type='text'>
Further generalise the decompressors by adding a page handler
abstraction.  This adds helpers to allow the decompressors
to access and process the output buffers in an implementation
independant manner.

This allows different types of output buffer to be passed
to the decompressors, with the implementation specific
aspects handled at decompression time, but without the
knowledge being held in the decompressor wrapper code.

This will allow the decompressors to handle Squashfs
cache buffers, and page cache pages.

This patch adds the abstraction and an implementation for
the caches.

Signed-off-by: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Reviewed-by: Minchan Kim &lt;minchan@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Further generalise the decompressors by adding a page handler
abstraction.  This adds helpers to allow the decompressors
to access and process the output buffers in an implementation
independant manner.

This allows different types of output buffer to be passed
to the decompressors, with the implementation specific
aspects handled at decompression time, but without the
knowledge being held in the decompressor wrapper code.

This will allow the decompressors to handle Squashfs
cache buffers, and page cache pages.

This patch adds the abstraction and an implementation for
the caches.

Signed-off-by: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
Reviewed-by: Minchan Kim &lt;minchan@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Squashfs: add multi-threaded decompression using percpu variable</title>
<updated>2013-11-20T03:58:03+00:00</updated>
<author>
<name>Phillip Lougher</name>
<email>phillip@squashfs.org.uk</email>
</author>
<published>2013-11-18T02:31:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d208383d640727b70cd6689bc17e67e9b5ebf4ff'/>
<id>d208383d640727b70cd6689bc17e67e9b5ebf4ff</id>
<content type='text'>
Add a multi-threaded decompression implementation which uses
percpu variables.

Using percpu variables has advantages and disadvantages over
implementations which do not use percpu variables.

Advantages:
  * the nature of percpu variables ensures decompression is
    load-balanced across the multiple cores.
  * simplicity.

Disadvantages: it limits decompression to one thread per core.

Signed-off-by: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add a multi-threaded decompression implementation which uses
percpu variables.

Using percpu variables has advantages and disadvantages over
implementations which do not use percpu variables.

Advantages:
  * the nature of percpu variables ensures decompression is
    load-balanced across the multiple cores.
  * simplicity.

Disadvantages: it limits decompression to one thread per core.

Signed-off-by: Phillip Lougher &lt;phillip@squashfs.org.uk&gt;
</pre>
</div>
</content>
</entry>
</feed>
