Re: 6.0-rc1 BUG squashfs_decompress, and sleeping function called from invalid context at include/linux/sched/mm.h

From: Phillip Lougher
Date: Sun Aug 21 2022 - 16:47:59 EST

Next message: Ingo Molnar: "[GIT PULL] kprobes fix"
Previous message: syzbot: "Re: [syzbot] possible deadlock in kcm_ioctl"
In reply to: Chris Murphy: "6.0-rc1 BUG squashfs_decompress, and sleeping function called from invalid context at include/linux/sched/mm.h"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 20/08/2022, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote:

>Seeing the following on every boot with kernel 6.0-rc1, when booting a Fedora Rawhide Live ISO with qemu-kvm. Full dmesg at:

>https://drive.google.com/file/d/15u38HZD9NSihIvz4P9M0W3dx6FZWq0MX/view?usp=sharing

My fault, it should be fixed with the following patch (untested).

I'll test and send the official patch out tomorrow.

Phillip

diff --git a/fs/squashfs/page_actor.c b/fs/squashfs/page_actor.c
index b23b780d8f42..48c988e3f5d2 100644
--- a/fs/squashfs/page_actor.c
+++ b/fs/squashfs/page_actor.c
@@ -68,20 +68,9 @@ static void *handle_next_page(struct squashfs_page_actor *actor)

if ((actor->next_page == actor->pages) ||
(actor->next_index != actor->page[actor->next_page]->index)) {
- if (actor->alloc_buffer) {
- void *tmp_buffer = kmalloc(PAGE_SIZE, GFP_KERNEL);
-
- if (tmp_buffer) {
- actor->tmp_buffer = tmp_buffer;
- actor->next_index++;
- actor->returned_pages++;
- return tmp_buffer;
- }
- }
-
actor->next_index++;
actor->returned_pages++;
- return ERR_PTR(-ENOMEM);
+ return actor->alloc_buffer ? actor->tmp_buffer : ERR_PTR(-ENOMEM);
}

actor->next_index++;
@@ -96,11 +85,10 @@ static void *direct_first_page(struct squashfs_page_actor *actor)

static void *direct_next_page(struct squashfs_page_actor *actor)
{
- if (actor->pageaddr)
+ if (actor->pageaddr) {
kunmap_local(actor->pageaddr);
-
- kfree(actor->tmp_buffer);
- actor->pageaddr = actor->tmp_buffer = NULL;
+ actor->pageaddr = NULL;
+ }

return handle_next_page(actor);
}
@@ -121,6 +109,16 @@ struct squashfs_page_actor *squashfs_page_actor_init_special(struct squashfs_sb_
if (actor == NULL)
return NULL;

+ if (msblk->decompressor->alloc_buffer) {
+ actor->tmp_buffer = kmalloc(PAGE_SIZE, GFP_KERNEL);
+
+ if (actor->tmp_buffer == NULL) {
+ kfree(actor);
+ return NULL;
+ }
+ } else
+ actor->tmp_buffer = NULL;
+
actor->length = length ? : pages * PAGE_SIZE;
actor->page = page;
actor->pages = pages;
@@ -128,7 +126,6 @@ struct squashfs_page_actor *squashfs_page_actor_init_special(struct squashfs_sb_
actor->returned_pages = 0;
actor->next_index = page[0]->index & ~((1 << (msblk->block_log - PAGE_SHIFT)) - 1);
actor->pageaddr = NULL;
- actor->tmp_buffer = NULL;
actor->alloc_buffer = msblk->decompressor->alloc_buffer;
actor->squashfs_first_page = direct_first_page;
actor->squashfs_next_page = direct_next_page;
--
2.35.1

Next message: Ingo Molnar: "[GIT PULL] kprobes fix"
Previous message: syzbot: "Re: [syzbot] possible deadlock in kcm_ioctl"
In reply to: Chris Murphy: "6.0-rc1 BUG squashfs_decompress, and sleeping function called from invalid context at include/linux/sched/mm.h"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]