Re: [PATCH v3 0/3] udf: refactor udf_current_aext()/udf_next_aext()/inode_bmap() to handle error

[Jan Kara]

On Tue 01-10-24 19:54:22, Zhao Mengmeng wrote:
> From: Zhao Mengmeng <zhaomengmeng@xxxxxxxxxx>
> 
> syzbot reports a udf slab-out-of-bounds at [1] and I proposed a fix patch,
> after talking with Jan, a better way to fix this is to refactor 
> udf_current_aext() and udf_next_aext() to differentiate between error and
> "hit EOF".
> This series refactor udf_current_aext(), udf_next_aext() and inode_bmap(),
> they take pointer to etype to store the extent type, return 1 when 
> getting etype success, return 0 when hitting EOF and return -errno when
> err. It has passed the syz repro test.
> 
> [1]. https://lore.kernel.org/all/0000000000005093590621340ecf@xxxxxxxxxx/

Thanks! I did some minor code-style updates to the patches and picked them
up to my tree.

								Honza

> 
> changelog:
> v3:
> ----
>  - Change function return rules, On error, ret < 0, on EOF ret == 0, 
> on success ret == 1.
>  - minor fix on return check
> 
> v2:
> ----
>  - Take advices of Jan to fix the error handling code
>  - Check all other places that may involves EOF and error checking
>  - Add two macros the simply the error checking of extent
>  - https://lore.kernel.org/all/20240926120753.3639404-1-zhaomzhao@xxxxxxx/
> 
> v1:
> ----
>  - https://lore.kernel.org/all/20240918093634.12906-1-zhaomzhao@xxxxxxx/
> 
> Zhao Mengmeng (3):
>   udf: refactor udf_current_aext() to handle error
>   udf: refactor udf_next_aext() to handle error
>   udf: refactor inode_bmap() to handle error
> 
>  fs/udf/balloc.c    |  27 +++++---
>  fs/udf/directory.c |  23 +++++--
>  fs/udf/inode.c     | 167 +++++++++++++++++++++++++++++----------------
>  fs/udf/partition.c |   6 +-
>  fs/udf/super.c     |   3 +-
>  fs/udf/truncate.c  |  41 ++++++++---
>  fs/udf/udfdecl.h   |  15 ++--
>  7 files changed, 190 insertions(+), 92 deletions(-)
> 
> -- 
> 2.43.0
> 
-- 
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR