linux.git/fs/erofs, branch v5.7 Linux kernel source tree erofs: handle corrupted images whose decompressed size less than it'd be 2020-03-03T15:40:52+00:00 Gao Xiang gaoxiang25@huawei.com 2020-02-26T08:10:08+00:00 aa99a76b40d6434e67ac23efef2a01c291b82d8b As Lasse pointed out, "Looking at fs/erofs/decompress.c, the return value from LZ4_decompress_safe_partial is only checked for negative value to catch errors. ... So if I understood it correctly, if there is bad data whose uncompressed size is much less than it should be, it can leave part of the output buffer untouched and expose the previous data as the file content. " Let's fix it now. Cc: Lasse Collin <lasse.collin@tukaani.org> Fixes: 7fc45dbc938a ("staging: erofs: introduce generic decompression backend") [ Gao Xiang: v5.3+, I will manually backport this to stable later. ] Link: https://lore.kernel.org/r/20200226081008.86348-3-gaoxiang25@huawei.com Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> 
As Lasse pointed out, "Looking at fs/erofs/decompress.c,
the return value from LZ4_decompress_safe_partial is only
checked for negative value to catch errors. ... So if
I understood it correctly, if there is bad data whose
uncompressed size is much less than it should be, it can
leave part of the output buffer untouched and expose the
previous data as the file content. "

Let's fix it now.

Cc: Lasse Collin <lasse.collin@tukaani.org>
Fixes: 7fc45dbc938a ("staging: erofs: introduce generic decompression backend")
[ Gao Xiang: v5.3+, I will manually backport this to stable later. ]
Link: https://lore.kernel.org/r/20200226081008.86348-3-gaoxiang25@huawei.com
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
erofs: use LZ4_decompress_safe() for full decoding 2020-03-03T15:40:16+00:00 Gao Xiang gaoxiang25@huawei.com 2020-02-26T08:10:07+00:00 af1038abbd1449b7feb2b5b7cdbb24aa0bd1f120 As Lasse pointed out, "EROFS uses LZ4_decompress_safe_partial for both partial and full blocks. Thus when it is decoding a full block, it doesn't know if the LZ4 decoder actually decoded all the input. The real uncompressed size could be bigger than the value stored in the file system metadata. Using LZ4_decompress_safe instead of _safe_partial when decompressing a full block would help to detect errors." So it's reasonable to use _safe in case of potential corrupted images and it might have some speed gain as well although I didn't observe much difference. Note that legacy compressor (< 5.3, no LZ4_0PADDING) could encode extra data in a pcluster, which is excluded as well. Cc: Lasse Collin <lasse.collin@tukaani.org> Fixes: 0ffd71bcc3a0 ("staging: erofs: introduce LZ4 decompression inplace") [ Gao Xiang: v5.3+, I will manually backport this to stable later. ] Link: https://lore.kernel.org/r/20200226081008.86348-2-gaoxiang25@huawei.com Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> 
As Lasse pointed out, "EROFS uses LZ4_decompress_safe_partial
for both partial and full blocks. Thus when it is decoding a
full block, it doesn't know if the LZ4 decoder actually decoded
all the input. The real uncompressed size could be bigger than
the value stored in the file system metadata.

Using LZ4_decompress_safe instead of _safe_partial when
decompressing a full block would help to detect errors."

So it's reasonable to use _safe in case of potential corrupted
images and it might have some speed gain as well although
I didn't observe much difference.

Note that legacy compressor (< 5.3, no LZ4_0PADDING) could
encode extra data in a pcluster, which is excluded as well.

Cc: Lasse Collin <lasse.collin@tukaani.org>
Fixes: 0ffd71bcc3a0 ("staging: erofs: introduce LZ4 decompression inplace")
[ Gao Xiang: v5.3+, I will manually backport this to stable later. ]
Link: https://lore.kernel.org/r/20200226081008.86348-2-gaoxiang25@huawei.com
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
erofs: correct the remaining shrink objects 2020-03-03T15:39:29+00:00 Gao Xiang gaoxiang25@huawei.com 2020-02-26T08:10:06+00:00 9d5a09c6f3b5fb85af20e3a34827b5d27d152b34 The remaining count should not include successful shrink attempts. Fixes: e7e9a307be9d ("staging: erofs: introduce workstation for decompression") Cc: <stable@vger.kernel.org> # 4.19+ Link: https://lore.kernel.org/r/20200226081008.86348-1-gaoxiang25@huawei.com Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> 
The remaining count should not include successful
shrink attempts.

Fixes: e7e9a307be9d ("staging: erofs: introduce workstation for decompression")
Cc: <stable@vger.kernel.org> # 4.19+
Link: https://lore.kernel.org/r/20200226081008.86348-1-gaoxiang25@huawei.com
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
erofs: convert workstn to XArray 2020-03-03T15:27:25+00:00 Gao Xiang gaoxiang25@huawei.com 2020-02-20T02:46:42+00:00 64094a04414f0b2fb7e31e1c57a67e91e390d66c XArray has friendly APIs and it will replace the old radix tree in the near future. This convert makes use of __xa_cmpxchg when inserting on a just inserted item by other thread. In detail, instead of totally looking up again as what we did for the old radix tree, it will try to legitimize the current in-tree item in the XArray therefore more effective. In addition, naming is rather a challenge for non-English speaker like me. The basic idea of workstn is to provide a runtime sparse array with items arranged in the physical block number order. Such items (was called workgroup) can be used to record compress clusters or for later new features. However, both workgroup and workstn seem not good names from whatever point of view, so I'd like to rename them as pslot and managed_pslots to stand for physical slots. This patch handles the second as a part of the radix tree convert. Cc: Matthew Wilcox <willy@infradead.org> Link: https://lore.kernel.org/r/20200220024642.91529-1-gaoxiang25@huawei.com Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> 
XArray has friendly APIs and it will replace the old radix
tree in the near future.

This convert makes use of __xa_cmpxchg when inserting on
a just inserted item by other thread. In detail, instead
of totally looking up again as what we did for the old
radix tree, it will try to legitimize the current in-tree
item in the XArray therefore more effective.

In addition, naming is rather a challenge for non-English
speaker like me. The basic idea of workstn is to provide
a runtime sparse array with items arranged in the physical
block number order. Such items (was called workgroup) can be
used to record compress clusters or for later new features.

However, both workgroup and workstn seem not good names from
whatever point of view, so I'd like to rename them as pslot
and managed_pslots to stand for physical slots. This patch
handles the second as a part of the radix tree convert.

Cc: Matthew Wilcox <willy@infradead.org>
Link: https://lore.kernel.org/r/20200220024642.91529-1-gaoxiang25@huawei.com
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
erofs: clean up z_erofs_submit_queue() 2020-01-21T08:46:23+00:00 Gao Xiang gaoxiang25@huawei.com 2020-01-21T06:48:19+00:00 1e4a295567949ee8e6896a7db70afd1b6246966e A label and extra variables will be eliminated, which is more cleaner. Link: https://lore.kernel.org/r/20200121064819.139469-1-gaoxiang25@huawei.com Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> 
A label and extra variables will be eliminated,
which is more cleaner.

Link: https://lore.kernel.org/r/20200121064819.139469-1-gaoxiang25@huawei.com
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
erofs: fold in postsubmit_is_all_bypassed() 2020-01-21T08:46:17+00:00 Gao Xiang gaoxiang25@huawei.com 2020-01-21T06:47:47+00:00 587a67b77789f822930d8f5e65bdd161c82e6365 No need to introduce such separated helper since cache strategy compile configs were changed into runtime options instead in v5.4. No logic changes. Link: https://lore.kernel.org/r/20200121064747.138987-1-gaoxiang25@huawei.com Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> 
No need to introduce such separated helper since
cache strategy compile configs were changed into
runtime options instead in v5.4. No logic changes.

Link: https://lore.kernel.org/r/20200121064747.138987-1-gaoxiang25@huawei.com
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
erofs: fix out-of-bound read for shifted uncompressed block 2020-01-11T10:29:19+00:00 Gao Xiang gaoxiang25@huawei.com 2020-01-07T02:25:46+00:00 4d2024370d877f9ac8b98694bcff666da6a5d333 rq->out[1] should be valid before accessing. Otherwise, in very rare cases, out-of-bound dirty onstack rq->out[1] can equal to *in and lead to unintended memmove behavior. Link: https://lore.kernel.org/r/20200107022546.19432-1-gaoxiang25@huawei.com Fixes: 7fc45dbc938a ("staging: erofs: introduce generic decompression backend") Cc: <stable@vger.kernel.org> # 5.3+ Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> 
rq->out[1] should be valid before accessing. Otherwise,
in very rare cases, out-of-bound dirty onstack rq->out[1]
can equal to *in and lead to unintended memmove behavior.

Link: https://lore.kernel.org/r/20200107022546.19432-1-gaoxiang25@huawei.com
Fixes: 7fc45dbc938a ("staging: erofs: introduce generic decompression backend")
Cc: <stable@vger.kernel.org> # 5.3+
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
erofs: remove void tagging/untagging of workgroup pointers 2020-01-07T02:09:21+00:00 Vladimir Zapolskiy vladimir@tuxera.com 2020-01-02T12:01:18+00:00 e3915ad94bfa0e2c1818837af618e9adec74eb1b Because workgroup pointers inserted to a radix tree are always tagged with a single value of 0, it is possible to remove tagging and untagging of the pointers completely. Signed-off-by: Vladimir Zapolskiy <vladimir@tuxera.com> Link: https://lore.kernel.org/r/20200102120118.14979-4-vladimir@tuxera.com Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> 
Because workgroup pointers inserted to a radix tree are always tagged with
a single value of 0, it is possible to remove tagging and untagging of the
pointers completely.

Signed-off-by: Vladimir Zapolskiy <vladimir@tuxera.com>
Link: https://lore.kernel.org/r/20200102120118.14979-4-vladimir@tuxera.com
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
erofs: remove unused tag argument while registering a workgroup 2020-01-07T02:08:45+00:00 Vladimir Zapolskiy vladimir@tuxera.com 2020-01-02T12:01:17+00:00 e5e9a432036a40756db171e7b22ee63e69c41ef1 All workgroups are registered with tag value set to 0, to simplify erofs_register_workgroup() interface the tag argument can be removed, if its only value is sent down to the function body. Signed-off-by: Vladimir Zapolskiy <vladimir@tuxera.com> Link: https://lore.kernel.org/r/20200102120118.14979-3-vladimir@tuxera.com Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> 
All workgroups are registered with tag value set to 0, to simplify
erofs_register_workgroup() interface the tag argument can be removed,
if its only value is sent down to the function body.

Signed-off-by: Vladimir Zapolskiy <vladimir@tuxera.com>
Link: https://lore.kernel.org/r/20200102120118.14979-3-vladimir@tuxera.com
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
erofs: remove unused tag argument while finding a workgroup 2020-01-07T02:08:38+00:00 Vladimir Zapolskiy vladimir@tuxera.com 2020-01-02T12:01:16+00:00 997626d8383871862d0774c50a351aa98dacc0eb It is feasible to simplify erofs_find_workgroup() interface by removing an unused function argument. While formally the argument is used in the function itself, its assigned value is ignored on the caller side. Signed-off-by: Vladimir Zapolskiy <vladimir@tuxera.com> Link: https://lore.kernel.org/r/20200102120118.14979-2-vladimir@tuxera.com Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Gao Xiang <gaoxiang25@huawei.com> 
It is feasible to simplify erofs_find_workgroup() interface by removing
an unused function argument. While formally the argument is used in the
function itself, its assigned value is ignored on the caller side.

Signed-off-by: Vladimir Zapolskiy <vladimir@tuxera.com>
Link: https://lore.kernel.org/r/20200102120118.14979-2-vladimir@tuxera.com
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>