From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Mikhail Ukhin <mish.uxin2012@yandex.ru>
Cc: Dave Kleikamp <shaggy@kernel.org>,
Christian Brauner <brauner@kernel.org>,
Jens Axboe <axboe@kernel.dk>, Jan Kara <jack@suse.cz>,
jfs-discussion@lists.sourceforge.net, stable@vger.kernel.org,
lvc-project@linuxtesting.org, linux-kernel@vger.kernel.org,
Mikhail Ivanov <iwanov-23@bk.ru>,
Pavel Koshutin <koshutin.pavel@yandex.ru>,
Artem Sadovnikov <ancowi69@gmail.com>
Subject: Re: [PATCH 5.10/5.15] jfs: add check if log->bdev is NULL in lbmStartIO()
Date: Mon, 22 Jan 2024 09:50:00 -0800 [thread overview]
Message-ID: <2024012246-passable-delegate-5528@gregkh> (raw)
In-Reply-To: <2024011216-rubdown-buddhist-6d1e@gregkh>
On Fri, Jan 12, 2024 at 08:31:30PM +0100, Greg Kroah-Hartman wrote:
> On Fri, Jan 12, 2024 at 07:50:07PM +0300, Mikhail Ukhin wrote:
> > Fuzzing of 5.10 stable branch shows NULL pointer dereference happens in
> > lbmStartIO() on log->bdev pointer. The reason for bdev being NULL is the
> > JFS_NOINTEGRITY flag is set on mount of this fs. When this flag is enabled,
> > it results in the open_dummy_log function being called, which initializes a
> > new dummy_log, but does not assign a value to bdev.
> >
> > The error is fixed in 5.18 by commit
> > 07888c665b405b1cd3577ddebfeb74f4717a84c4.
> > Backport of this commit is too intrusive, so it is more reasonable to apply
> > a small patch to fix this issue.
> >
> > Found by Linux Verification Center (linuxtesting.org) with syzkaller.
> >
> > Signed-off-by: Mikhail Ukhin <mish.uxin2012@yandex.ru>
> > Signed-off-by: Mikhail Ivanov <iwanov-23@bk.ru>
> > Signed-off-by: Pavel Koshutin <koshutin.pavel@yandex.ru>
> > Signed-off-by: Artem Sadovnikov <ancowi69@gmail.com>
> > ---
> > fs/jfs/jfs_logmgr.c | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
>
> Who is using jfs in 5.10 and 5.15? Why not just mark the filesystem as
> BROKEN there instead? If you need to access your ancient filesystem
> image just use a newer kernel.
>
> For filesystems that are not used in older kernels, work like this feels
> odd, especially for something just like a NULL dereference which doesn't
> do much, right?
Now dropped from my review queue due to lack of response...
prev parent reply other threads:[~2024-01-22 17:50 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-12 16:50 [PATCH 5.10/5.15] jfs: add check if log->bdev is NULL in lbmStartIO() Mikhail Ukhin
2024-01-12 16:52 ` kernel test robot
2024-01-12 19:31 ` Greg Kroah-Hartman
2024-01-22 17:50 ` Greg Kroah-Hartman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024012246-passable-delegate-5528@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=ancowi69@gmail.com \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=iwanov-23@bk.ru \
--cc=jack@suse.cz \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=koshutin.pavel@yandex.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=lvc-project@linuxtesting.org \
--cc=mish.uxin2012@yandex.ru \
--cc=shaggy@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.