Re: [PATCH] squashfs: fix oob in squashfs_readahead

From: Andrew Morton
Date: Wed Nov 15 2023 - 17:40:21 EST

Next message: kernel test robot: "Re: [PATCH v2 01/14] mm: Batch-copy PTE ranges during fork()"
Previous message: Andrew Morton: "Re: [PATCH] kasan: default to inline instrumentation"
In reply to: syzbot: "Re: [syzbot] [PATCH] Test oob in squashfs readahead"
Next in thread: syzbot: "Re: [syzbot] [squashfs?] KASAN: slab-out-of-bounds Write in squashfs_readahead (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 15 Nov 2023 12:05:35 +0800 Edward Adam Davis <eadavis@xxxxxx> wrote:

> Before performing a read ahead operation in squashfs_read_folio() and
> squashfs_readahead(), check if i_size is not 0 before continuing.

I'll merge this for testing, pending Phillip's review. One thing:

> --- a/fs/squashfs/block.c
> +++ b/fs/squashfs/block.c
> @@ -323,7 +323,7 @@ int squashfs_read_data(struct super_block *sb, u64 index, int length,
> }
> if (length < 0 || length > output->length ||
> (index + length) > msblk->bytes_used) {
> - res = -EIO;
> + res = length < 0 ? -EIO : -EFBIG;
> goto out;
> }

Seems a bit ugly to test `length' twice for the same thing. How about

if (length < 0) {
res = -EIO;
got out;
}
if (length > output->length || (index + length) > msblk->bytes_used) {
res = -EFBIG;
goto out;
}

?

Next message: kernel test robot: "Re: [PATCH v2 01/14] mm: Batch-copy PTE ranges during fork()"
Previous message: Andrew Morton: "Re: [PATCH] kasan: default to inline instrumentation"
In reply to: syzbot: "Re: [syzbot] [PATCH] Test oob in squashfs readahead"
Next in thread: syzbot: "Re: [syzbot] [squashfs?] KASAN: slab-out-of-bounds Write in squashfs_readahead (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]