[PATCH v3 0/3] udf: refactor udf_current_aext()/udf_next_aext()/inode_bmap() to handle error

From: Zhao Mengmeng
Date: Tue Oct 01 2024 - 07:56:21 EST


From: Zhao Mengmeng <zhaomengmeng@xxxxxxxxxx>

syzbot reports a udf slab-out-of-bounds at [1] and I proposed a fix patch,
after talking with Jan, a better way to fix this is to refactor
udf_current_aext() and udf_next_aext() to differentiate between error and
"hit EOF".
This series refactor udf_current_aext(), udf_next_aext() and inode_bmap(),
they take pointer to etype to store the extent type, return 1 when
getting etype success, return 0 when hitting EOF and return -errno when
err. It has passed the syz repro test.

[1]. https://lore.kernel.org/all/0000000000005093590621340ecf@xxxxxxxxxx/

changelog:
v3:
----
- Change function return rules, On error, ret < 0, on EOF ret == 0,
on success ret == 1.
- minor fix on return check

v2:
----
- Take advices of Jan to fix the error handling code
- Check all other places that may involves EOF and error checking
- Add two macros the simply the error checking of extent
- https://lore.kernel.org/all/20240926120753.3639404-1-zhaomzhao@xxxxxxx/

v1:
----
- https://lore.kernel.org/all/20240918093634.12906-1-zhaomzhao@xxxxxxx/

Zhao Mengmeng (3):
udf: refactor udf_current_aext() to handle error
udf: refactor udf_next_aext() to handle error
udf: refactor inode_bmap() to handle error

fs/udf/balloc.c | 27 +++++---
fs/udf/directory.c | 23 +++++--
fs/udf/inode.c | 167 +++++++++++++++++++++++++++++----------------
fs/udf/partition.c | 6 +-
fs/udf/super.c | 3 +-
fs/udf/truncate.c | 41 ++++++++---
fs/udf/udfdecl.h | 15 ++--
7 files changed, 190 insertions(+), 92 deletions(-)

--
2.43.0