linux/fs/erofs
Gao Xiang f609789699 erofs: fix unsafe pagevec reuse of hooked pclusters
commit 86432a6dca upstream.

There are pclusters in runtime marked with Z_EROFS_PCLUSTER_TAIL
before actual I/O submission. Thus, the decompression chain can be
extended if the following pcluster chain hooks such tail pcluster.

As the related comment mentioned, if some page is made of a hooked
pcluster and another followed pcluster, it can be reused for in-place
I/O (since I/O should be submitted anyway):
 _______________________________________________________________
|  tail (partial) page |          head (partial) page           |
|_____PRIMARY_HOOKED___|____________PRIMARY_FOLLOWED____________|

However, it's by no means safe to reuse as pagevec since if such
PRIMARY_HOOKED pclusters finally move into bypass chain without I/O
submission. It's somewhat hard to reproduce with LZ4 and I just found
it (general protection fault) by ro_fsstressing a LZMA image for long
time.

I'm going to actively clean up related code together with multi-page
folio adaption in the next few months. Let's address it directly for
easier backporting for now.

Call trace for reference:
  z_erofs_decompress_pcluster+0x10a/0x8a0 [erofs]
  z_erofs_decompress_queue.isra.36+0x3c/0x60 [erofs]
  z_erofs_runqueue+0x5f3/0x840 [erofs]
  z_erofs_readahead+0x1e8/0x320 [erofs]
  read_pages+0x91/0x270
  page_cache_ra_unbounded+0x18b/0x240
  filemap_get_pages+0x10a/0x5f0
  filemap_read+0xa9/0x330
  new_sync_read+0x11b/0x1a0
  vfs_read+0xf1/0x190

Link: https://lore.kernel.org/r/20211103182006.4040-1-xiang@kernel.org
Fixes: 3883a79abd ("staging: erofs: introduce VLE decompression support")
Cc: <stable@vger.kernel.org> # 4.19+
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-11-18 19:17:15 +01:00
..
compress.h erofs: clean up file headers & footers 2021-06-08 00:41:24 +08:00
data.c erofs: support reading chunk-based uncompressed files 2021-08-20 22:38:01 +08:00
decompressor.c erofs: don't trigger WARN() when decompression fails 2021-11-18 19:16:21 +01:00
dir.c erofs: clean up file headers & footers 2021-06-08 00:41:24 +08:00
erofs_fs.h erofs: introduce chunk-based file on-disk format 2021-08-20 22:38:01 +08:00
inode.c erofs: fix misbehavior of unsupported chunk format check 2021-09-23 23:22:04 +08:00
internal.h erofs: support reading chunk-based uncompressed files 2021-08-20 22:38:01 +08:00
Kconfig erofs: iomap support for non-tailpacking DIO 2021-08-10 00:14:42 +08:00
Makefile erofs: introduce multipage per-CPU buffers 2021-04-10 03:19:59 +08:00
namei.c erofs: add fiemap support with iomap 2021-08-19 00:13:43 +08:00
pcpubuf.c erofs: introduce multipage per-CPU buffers 2021-04-10 03:19:59 +08:00
super.c libnvdimm for v5.15 2021-09-09 11:39:57 -07:00
tagptr.h erofs: clean up file headers & footers 2021-06-08 00:41:24 +08:00
utils.c erofs: clean up file headers & footers 2021-06-08 00:41:24 +08:00
xattr.c vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
xattr.h vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
zdata.c erofs: fix unsafe pagevec reuse of hooked pclusters 2021-11-18 19:17:15 +01:00
zdata.h erofs: clean up file headers & footers 2021-06-08 00:41:24 +08:00
zmap.c erofs: clear compacted_2b if compacted_4b_initial > totalidx 2021-09-23 23:23:04 +08:00
zpvec.h erofs: fix unsafe pagevec reuse of hooked pclusters 2021-11-18 19:17:15 +01:00