On Wed, May 23, 2018 at 04:22:57PM +0800, Qu Wenruo wrote: > James Harvey reported pretty strange kernel misbehavior where after > reading certain btrfs compressed data, kernel crash with unrelated > calltrace. > (https://bugzilla.kernel.org/show_bug.cgi?id=199707 and > https://www.spinics.net/lists/linux-btrfs/msg77971.html) ... > Thanks for his comprehensive debug help, we located the problem to: > > v3: > Fix comment error for inlined lzo compressed extent. (Still has > header), thanks David for pointing this out. > Add example ascii graph as an example. > Enhance inlined extent check, as header length must match with segment > header length + LZO_LEN * 2. > > Qu Wenruo (4): > btrfs: compression: Add linux/sizes.h for compression.h > btrfs: lzo: Add comment about the how btrfs records its lzo compressed > data > btrfs: lzo: Add header length check to avoid slab out of bounds access > btrfs: lzo: Harden inline lzo compressed extent decompression Thanks, added to misc-next. I left the wost compression estimate in the local variable, only added a const to it. Zlib and zstd are using a different compression container format but some of the check might apply there too, I haven't looked closer. -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
