staging: erofs: some compressed cluster should be submitted for corrupted images

As reported by erofs_utils fuzzer, a logical page can belong
to at most 2 compressed clusters, if one compressed cluster
is corrupted, but the other has been ready in submitting chain.

The chain needs to submit anyway in order to keep the page
working properly (page unlocked with PG_error set, PG_uptodate
not set).

Let's fix it now.

Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
Cc: <stable@vger.kernel.org> # 4.19+
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Link: https://lore.kernel.org/r/20190819103426.87579-2-gaoxiang25@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/erofs/zdata.c b/drivers/staging/erofs/zdata.c
index 2d7aaf98f7de9c1302e8f89abc6a6c944a8be301..87b0c96caf8fcaf856e8a1b74eb4b290d6e80f2a 100644 (file)
--- a/drivers/staging/erofs/zdata.c
+++ b/drivers/staging/erofs/zdata.c
@@ -1307,19 +1307,18 @@ static int z_erofs_vle_normalaccess_readpage(struct file *file,
        err = z_erofs_do_read_page(&f, page, &pagepool);
        (void)z_erofs_collector_end(&f.clt);
 
-       if (err) {
+       /* if some compressed cluster ready, need submit them anyway */
+       z_erofs_submit_and_unzip(inode->i_sb, &f.clt, &pagepool, true);
+
+       if (err)
                errln("%s, failed to read, err [%d]", __func__, err);
-               goto out;
-       }
 
-       z_erofs_submit_and_unzip(inode->i_sb, &f.clt, &pagepool, true);
-out:
        if (f.map.mpage)
                put_page(f.map.mpage);
 
        /* clean up the remaining free pages */
        put_pages_list(&pagepool);
-       return 0;
+       return err;
 }
 
 static bool should_decompress_synchronously(struct erofs_sb_info *sbi,