From 2bbcbae98a21b3f3ffbae945773a48cee21ad82b0c62e00408790f2fe7c28afe Mon Sep 17 00:00:00 2001 From: David Sterba Date: Thu, 5 Nov 2015 10:27:18 +0000 Subject: [PATCH] Accepting request 342512 from home:seife:branches:filesystems add patches to fix eventual file corruption (boo#953723) OBS-URL: https://build.opensuse.org/request/show/342512 OBS-URL: https://build.opensuse.org/package/show/filesystems/squashfs?expand=0&rev=26 --- ...are-race-in-fragment-waiting-in-file.patch | 60 +++++++++++++++++++ ...-limit-of-the-is_fragment-.-function.patch | 30 ++++++++++ squashfs.changes | 7 +++ squashfs.spec | 6 ++ 4 files changed, 103 insertions(+) create mode 100644 0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch create mode 100644 0002-Fix-2GB-limit-of-the-is_fragment-.-function.patch diff --git a/0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch b/0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch new file mode 100644 index 0000000..ca47f90 --- /dev/null +++ b/0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch @@ -0,0 +1,60 @@ +From de03266983ceb62e5365aac84fcd3b2fd4d16e6f Mon Sep 17 00:00:00 2001 +From: Phillip Lougher +Date: Thu, 18 Sep 2014 01:28:11 +0100 +Subject: [PATCH 1/2] mksquashfs: fix rare race in fragment waiting in + filesystem finalisation + +Fix a rare race condition in fragment waiting when finalising the +filesystem. This is a race condition that was initially fixed in 2009, +but inadvertantly re-introduced in the latest release when the code +was rewritten. + +Background: + +When finalising the filesystem, the main control thread needs to ensure +all the in-flight fragments have been queued to the writer thread before +asking the writer thread to finish, and then writing the metadata. + +It does this by waiting on the fragments_outstanding counter. Once this +counter reaches 0, it synchronises with the writer thread, waiting until +the writer thread reports no outstanding data to be written. + +However, the main thread can race with the fragment deflator thread(s) +because the fragment deflator thread(s) decrement the fragments_outstanding +counter and release the mutex before queueing the compressed fragment +to the writer thread, i.e. the offending code is: + + fragments_outstanding --; + pthread_mutex_unlock(&fragment_mutex); + queue_put(to_writer, write_buffer); + +In extremely rare circumstances, the main thread may see the +fragments_outstanding counter is zero before the fragment +deflator sends the fragment buffer to the writer thread, and synchronise +with the writer thread, and finalise before the fragment has been written. + +The fix is to ensure the fragment is queued to the writer thread +before releasing the mutex. + +Signed-off-by: Phillip Lougher +--- + squashfs-tools/mksquashfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c +index 87b7d86..f1fcff1 100644 +--- a/squashfs-tools/mksquashfs.c ++++ b/squashfs-tools/mksquashfs.c +@@ -2419,8 +2419,8 @@ void *frag_deflator(void *arg) + write_buffer->block = bytes; + bytes += compressed_size; + fragments_outstanding --; +- pthread_mutex_unlock(&fragment_mutex); + queue_put(to_writer, write_buffer); ++ pthread_mutex_unlock(&fragment_mutex); + TRACE("Writing fragment %lld, uncompressed size %d, " + "compressed size %d\n", file_buffer->block, + file_buffer->size, compressed_size); +-- +2.1.4 + diff --git a/0002-Fix-2GB-limit-of-the-is_fragment-.-function.patch b/0002-Fix-2GB-limit-of-the-is_fragment-.-function.patch new file mode 100644 index 0000000..69b5205 --- /dev/null +++ b/0002-Fix-2GB-limit-of-the-is_fragment-.-function.patch @@ -0,0 +1,30 @@ +From 9c1db6d13a51a2e009f0027ef336ce03624eac0d Mon Sep 17 00:00:00 2001 +From: "Guan, Xin" +Date: Sat, 13 Sep 2014 13:15:26 +0200 +Subject: [PATCH 2/2] Fix 2GB-limit of the is_fragment(...) function. + +Applies to squashfs-tools 4.3. + +Reported-by: Bruno Wolff III +Signed-off-by: Guan, Xin +Signed-off-by: Phillip Lougher +--- + squashfs-tools/mksquashfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c +index f1fcff1..d221c35 100644 +--- a/squashfs-tools/mksquashfs.c ++++ b/squashfs-tools/mksquashfs.c +@@ -2029,7 +2029,7 @@ struct file_info *duplicate(long long file_size, long long bytes, + + inline int is_fragment(struct inode_info *inode) + { +- int file_size = inode->buf.st_size; ++ off_t file_size = inode->buf.st_size; + + /* + * If this block is to be compressed differently to the +-- +2.1.4 + diff --git a/squashfs.changes b/squashfs.changes index 00a964d..e48e296 100644 --- a/squashfs.changes +++ b/squashfs.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Nov 5 08:29:56 UTC 2015 - seife+obs@b1-systems.com + +- add patches to fix eventual file corruption (boo#953723) + 0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch + 0002-Fix-2GB-limit-of-the-is_fragment-.-function.patch + ------------------------------------------------------------------- Tue Sep 1 08:23:28 UTC 2015 - 9@cirno.systems diff --git a/squashfs.spec b/squashfs.spec index 6005d69..e10d085 100644 --- a/squashfs.spec +++ b/squashfs.spec @@ -25,6 +25,10 @@ Group: System/Filesystems Url: http://squashfs.sourceforge.net/ Source0: http://sourceforge.net/projects/squashfs/files/squashfs/%{name}%{version}/%{name}%{version}.tar.gz Patch0: squashfs-64k.patch +# PATCH-FIX-UPSTREAM 0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch boo#953723 +Patch1: 0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch +# PATCH-FIX-UPSTREAM 0002-Fix-2GB-limit-of-the-is_fragment-.-function.patch boo#953723 +Patch2: 0002-Fix-2GB-limit-of-the-is_fragment-.-function.patch BuildRequires: liblz4-devel BuildRequires: lzma-devel BuildRequires: lzo-devel @@ -39,6 +43,8 @@ squashfs images. %prep %setup -q -n squashfs%{version} %patch0 -p1 +%patch1 -p1 +%patch2 -p1 %build sed -i -e "s,-O2,%{optflags}," squashfs-tools/Makefile