]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commit
projects / mirror_ubuntu-kernels.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2e270b3) | patch
lib: zstd: Backport fix for in-place decompression
authorNick Terrell <terrelln@fb.com>
Wed, 15 Feb 2023 23:19:17 +0000 (15:19 -0800)
committerRoxana Nicolescu <roxana.nicolescu@canonical.com>
Wed, 17 May 2023 11:33:43 +0000 (13:33 +0200)
commit2fcc3bc77ce3868b40115a640310ec456218ecbc
tree6dc5ebf367bf25e729761549d0a7ef68bffcc902tree
parent2e270b3fff409279da536dcf2cb752cb9a64cb95commit | diff
lib: zstd: Backport fix for in-place decompression

BugLink: https://bugs.launchpad.net/bugs/2016878
[ Upstream commit 038505c41f0aad26ef101f4f7f6e111531c3914f ]

Backport the relevant part of upstream commit 5b266196 [0].

This fixes in-place decompression for x86-64 kernel decompression. It
uses a bound of 131072 + (uncompressed_size >> 8), which can be violated
after upstream commit 6a7ede3d [1], as zstd can use part of the output
buffer as temporary storage, and without this patch needs a bound of
~262144.

The fix is for zstd to detect that the input and output buffers overlap,
so that zstd knows it can't use the overlapping portion of the output
buffer as tempoary storage. If the margin is not large enough, this will
ensure that zstd will fail the decompression, rather than overwriting
part of the input data, and causing corruption.

This fix has been landed upstream and is in release v1.5.4. That commit
also adds unit and fuzz tests to verify that the margin we use is
respected, and correct. That means that the fix is well tested upstream.

I have not been able to reproduce the potential bug in x86-64 kernel
decompression locally, nor have I recieved reports of failures to
decompress the kernel. It is possible that compression saves enough
space to make it very hard for the issue to appear.

I've boot tested the zstd compressed kernel on x86-64 and i386 with this
patch, which uses in-place decompression, and sanity tested zstd compression
in btrfs / squashfs to make sure that we don't see any issues, but other
uses of zstd shouldn't be affected, because they don't use in-place
decompression.

Thanks to Vasily Gorbik <gor@linux.ibm.com> for debugging a related issue
on s390, which was triggered by the same commit, but was a bug in how
__decompress() was called [2]. And to Sasha Levin <sashal@kernel.org>
for the CC alerting me of the issue.

[0] https://github.com/facebook/zstd/commit/5b266196a41e6a15e21bd4f0eeab43b938db1d90
[1] https://github.com/facebook/zstd/commit/6a7ede3dfccbf3e0a5928b4224a039c260dcff72
[2] https://lore.kernel.org/r/patch-1.thread-41c676.git-41c676c2d153.your-ad-here.call-01675030179-ext-9637@work.hours

CC: Vasily Gorbik <gor@linux.ibm.com>
CC: Heiko Carstens <hca@linux.ibm.com>
CC: Sasha Levin <sashal@kernel.org>
CC: Yann Collet <cyan@fb.com>
Signed-off-by: Nick Terrell <terrelln@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
lib/zstd/decompress/zstd_decompress.c diff | blob | blame | history
Ubuntu combined Linux kernel mirror