Re: [PATCH v3 0/3] udf: refactor udf_current_aext()/udf_next_aext()/inode_bmap() to handle error
From: Jan Kara
Date: Wed Oct 02 2024 - 09:05:04 EST
On Tue 01-10-24 19:54:22, Zhao Mengmeng wrote:
> From: Zhao Mengmeng <zhaomengmeng@xxxxxxxxxx>
>
> syzbot reports a udf slab-out-of-bounds at [1] and I proposed a fix patch,
> after talking with Jan, a better way to fix this is to refactor
> udf_current_aext() and udf_next_aext() to differentiate between error and
> "hit EOF".
> This series refactor udf_current_aext(), udf_next_aext() and inode_bmap(),
> they take pointer to etype to store the extent type, return 1 when
> getting etype success, return 0 when hitting EOF and return -errno when
> err. It has passed the syz repro test.
>
> [1]. https://lore.kernel.org/all/0000000000005093590621340ecf@xxxxxxxxxx/
Thanks! I did some minor code-style updates to the patches and picked them
up to my tree.
Honza
>
> changelog:
> v3:
> ----
> - Change function return rules, On error, ret < 0, on EOF ret == 0,
> on success ret == 1.
> - minor fix on return check
>
> v2:
> ----
> - Take advices of Jan to fix the error handling code
> - Check all other places that may involves EOF and error checking
> - Add two macros the simply the error checking of extent
> - https://lore.kernel.org/all/20240926120753.3639404-1-zhaomzhao@xxxxxxx/
>
> v1:
> ----
> - https://lore.kernel.org/all/20240918093634.12906-1-zhaomzhao@xxxxxxx/
>
> Zhao Mengmeng (3):
> udf: refactor udf_current_aext() to handle error
> udf: refactor udf_next_aext() to handle error
> udf: refactor inode_bmap() to handle error
>
> fs/udf/balloc.c | 27 +++++---
> fs/udf/directory.c | 23 +++++--
> fs/udf/inode.c | 167 +++++++++++++++++++++++++++++----------------
> fs/udf/partition.c | 6 +-
> fs/udf/super.c | 3 +-
> fs/udf/truncate.c | 41 ++++++++---
> fs/udf/udfdecl.h | 15 ++--
> 7 files changed, 190 insertions(+), 92 deletions(-)
>
> --
> 2.43.0
>
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR