Re: [GIT-PULL] More Squashfs fixes for 2.6.29?

From: Linus Torvalds
Date: Wed Mar 11 2009 - 15:53:41 EST

Next message: devzero: "Re: [PATCH] xen: core dom0 support"
Previous message: Ingo Molnar: "Re: [GIT PULL] tracing: use raw spinlocks for trace_vprintk"
In reply to: Phillip Lougher: "[GIT-PULL] More Squashfs fixes for 2.6.29?"
Next in thread: Phillip Lougher: "Re: [GIT-PULL] More Squashfs fixes for 2.6.29?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 11 Mar 2009, Phillip Lougher wrote:
>
> Squashfs: Valid filesystems are flagged as bad by the corrupted fs patch
>
> The problem arises due to an unexpected corner-case with zlib which the
> corrupted filesystems patch didn't address. Very occasionally zlib
> exits needing a couple of extra bytes of input (up to 6 seen bytes in the
> test filesystems), but with avail_out == 0 and no more output buffer
> space available. This situation was incorrectly flagged as an output buffer
> overrun by the corrupted filesystems patch.

I'm almost certain that this situation is caused by a bug in how you call
zlib().

You've explicitly asked for Z_NO_FLUSH, and I suspect you should be using
Z_SYNC_FLUSH (of Z_FINISH if you know you have all the input data). You
want as much to be inflated as possible, and you do seem to be expecting
it to flush as much as possible.

However, I think the more direct cause is your inflate loop. The rules for
running inflate() is to call it until it is done, or returns an error:

inflate() should normally be called until it returns Z_STREAM_END or an
error. However if all decompression is to be performed in a single step
(a single call of inflate), the parameter flush should be set to
Z_FINISH.

so you seem to be doing this all wrong. I think you _should_ be doing an
inner loop over zlib_inflate() that just does inflates until you get a
buffer error, and if you get a buffer error you then go on to the next
page if avail_out is zero (all done if it's the last page), or fill the
input buffer if it's empty.

So I really think you should fix the zlib_inflate() loop instead.

I dunno. At least that's what the docs suggest, and it's what we do in
git (another heavy user of zlib, althoughb the usage patterns are rather
different, and we _tend_ to

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: devzero: "Re: [PATCH] xen: core dom0 support"
Previous message: Ingo Molnar: "Re: [GIT PULL] tracing: use raw spinlocks for trace_vprintk"
In reply to: Phillip Lougher: "[GIT-PULL] More Squashfs fixes for 2.6.29?"
Next in thread: Phillip Lougher: "Re: [GIT-PULL] More Squashfs fixes for 2.6.29?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]