www.infradead.org Git - users/hch/dma-mapping.git/commit

author	Ryusuke Konishi <konishi.ryusuke@gmail.com>
	Fri, 4 Oct 2024 03:35:31 +0000 (12:35 +0900)
committer	Andrew Morton <akpm@linux-foundation.org>
	Thu, 17 Oct 2024 07:28:06 +0000 (00:28 -0700)
commit	08cfa12adf888db98879dbd735bc741360a34168
tree	070ef5d743a73de2b72d91ad3059983ad7d03126	tree
parent	74874c57939444b19993fe3dd6c0b70aba4f468c	commit \| diff

nilfs2: propagate directory read errors from nilfs_find_entry()

Syzbot reported that a task hang occurs in vcs_open() during a fuzzing
test for nilfs2.

The root cause of this problem is that in nilfs_find_entry(), which
searches for directory entries, ignores errors when loading a directory
page/folio via nilfs_get_folio() fails.

If the filesystem images is corrupted, and the i_size of the directory
inode is large, and the directory page/folio is successfully read but
fails the sanity check, for example when it is zero-filled,
nilfs_check_folio() may continue to spit out error messages in bursts.

Fix this issue by propagating the error to the callers when loading a
page/folio fails in nilfs_find_entry().

The current interface of nilfs_find_entry() and its callers is outdated
and cannot propagate error codes such as -EIO and -ENOMEM returned via
nilfs_find_entry(), so fix it together.

Link: https://lkml.kernel.org/r/20241004033640.6841-1-konishi.ryusuke@gmail.com
Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations")
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: Lizhi Xu <lizhi.xu@windriver.com>
Closes: https://lkml.kernel.org/r/20240927013806.3577931-1-lizhi.xu@windriver.com
Reported-by: syzbot+8a192e8d090fa9a31135@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=8a192e8d090fa9a31135
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

fs/nilfs2/dir.c		diff \| blob \| history
fs/nilfs2/namei.c		diff \| blob \| history
fs/nilfs2/nilfs.h		diff \| blob \| history