* [PATCH v4] ntfs : fix shift-out-of-bounds in ntfs_iget
@ 2023-08-13 5:59 Manas Ghandat
2023-08-14 1:02 ` Namjae Jeon
2023-08-16 19:15 ` Greg KH
0 siblings, 2 replies; 6+ messages in thread
From: Manas Ghandat @ 2023-08-13 5:59 UTC (permalink / raw)
To: gregkh
Cc: Manas Ghandat, Linux-kernel-mentees, anton, linkinjeon,
linux-fsdevel, linux-kernel, linux-ntfs-dev,
syzbot+4768a8f039aa677897d0
Currently there is not check for ni->itype.compressed.block_size when
a->data.non_resident.compression_unit is present and NInoSparse(ni) is
true. Added the required check to calculation of block size.
Signed-off-by: Manas Ghandat <ghandatmanas@gmail.com>
Reported-by: syzbot+4768a8f039aa677897d0@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=4768a8f039aa677897d0
Fix-commit-ID: upstream f40ddce88593482919761f74910f42f4b84c004b
---
V3 -> V4: Fix description
V2 -> V3: Fix patching issue.
V1 -> V2: Cleaned up coding style.
fs/ntfs/inode.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
index 6c3f38d66579..a657322874ed 100644
--- a/fs/ntfs/inode.c
+++ b/fs/ntfs/inode.c
@@ -1077,6 +1077,15 @@ static int ntfs_read_locked_inode(struct inode *vi)
goto unm_err_out;
}
if (a->data.non_resident.compression_unit) {
+ if (a->data.non_resident.compression_unit +
+ vol->cluster_size_bits > 32) {
+ ntfs_error(vi->i_sb,
+ "Found non-standard compression unit (%u). Cannot handle this.",
+ a->data.non_resident.compression_unit
+ );
+ err = -EOPNOTSUPP;
+ goto unm_err_out;
+ }
ni->itype.compressed.block_size = 1U <<
(a->data.non_resident.
compression_unit +
--
2.37.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v4] ntfs : fix shift-out-of-bounds in ntfs_iget
2023-08-13 5:59 [PATCH v4] ntfs : fix shift-out-of-bounds in ntfs_iget Manas Ghandat
@ 2023-08-14 1:02 ` Namjae Jeon
2023-08-16 19:15 ` Greg KH
1 sibling, 0 replies; 6+ messages in thread
From: Namjae Jeon @ 2023-08-14 1:02 UTC (permalink / raw)
To: Manas Ghandat, anton
Cc: gregkh, Linux-kernel-mentees, linux-fsdevel, linux-kernel,
linux-ntfs-dev, syzbot+4768a8f039aa677897d0
2023-08-13 14:59 GMT+09:00, Manas Ghandat <ghandatmanas@gmail.com>:
Hi,
> Currently there is not check for ni->itype.compressed.block_size when
> a->data.non_resident.compression_unit is present and NInoSparse(ni) is
> true. Added the required check to calculation of block size.
>
> Signed-off-by: Manas Ghandat <ghandatmanas@gmail.com>
> Reported-by: syzbot+4768a8f039aa677897d0@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=4768a8f039aa677897d0
> Fix-commit-ID: upstream f40ddce88593482919761f74910f42f4b84c004b
> ---
> V3 -> V4: Fix description
> V2 -> V3: Fix patching issue.
> V1 -> V2: Cleaned up coding style.
>
> fs/ntfs/inode.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
> index 6c3f38d66579..a657322874ed 100644
> --- a/fs/ntfs/inode.c
> +++ b/fs/ntfs/inode.c
> @@ -1077,6 +1077,15 @@ static int ntfs_read_locked_inode(struct inode *vi)
> goto unm_err_out;
> }
> if (a->data.non_resident.compression_unit) {
> + if (a->data.non_resident.compression_unit +
> + vol->cluster_size_bits > 32) {
> + ntfs_error(vi->i_sb,
> + "Found non-standard compression unit (%u). Cannot handle this.",
> + a->data.non_resident.compression_unit
> + );
> + err = -EOPNOTSUPP;
> + goto unm_err_out;
> + }
compression_unit seems to be used when the ntfs inode is compressed.
And it should be either 0 or 4 value. So, I think we can set related
compression block variables of ntfs inode only when ni is
NInoCompressed like this... Anton, Am I missing something ?
diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
index efe0602b4e51..e5a7d81d575b 100644
--- a/fs/ntfs/inode.c
+++ b/fs/ntfs/inode.c
@@ -1076,7 +1076,8 @@ static int ntfs_read_locked_inode(struct inode *vi)
err = -EOPNOTSUPP;
goto unm_err_out;
}
- if (a->data.non_resident.compression_unit) {
+ if (NInoCompressed(ni) &&
+ a->data.non_resident.compression_unit) {
ni->itype.compressed.block_size = 1U <<
(a->data.non_resident.
compression_unit +
> ni->itype.compressed.block_size = 1U <<
> (a->data.non_resident.
> compression_unit +
> --
> 2.37.2
>
>
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v4] ntfs : fix shift-out-of-bounds in ntfs_iget
2023-08-13 5:59 [PATCH v4] ntfs : fix shift-out-of-bounds in ntfs_iget Manas Ghandat
2023-08-14 1:02 ` Namjae Jeon
@ 2023-08-16 19:15 ` Greg KH
2023-08-18 6:34 ` Manas Ghandat
1 sibling, 1 reply; 6+ messages in thread
From: Greg KH @ 2023-08-16 19:15 UTC (permalink / raw)
To: Manas Ghandat
Cc: Linux-kernel-mentees, anton, linkinjeon, linux-fsdevel,
linux-kernel, linux-ntfs-dev, syzbot+4768a8f039aa677897d0
On Sun, Aug 13, 2023 at 11:29:49AM +0530, Manas Ghandat wrote:
> Currently there is not check for ni->itype.compressed.block_size when
> a->data.non_resident.compression_unit is present and NInoSparse(ni) is
> true. Added the required check to calculation of block size.
>
> Signed-off-by: Manas Ghandat <ghandatmanas@gmail.com>
> Reported-by: syzbot+4768a8f039aa677897d0@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=4768a8f039aa677897d0
> Fix-commit-ID: upstream f40ddce88593482919761f74910f42f4b84c004b
What is this last tag for? That's a kernel release version, what can be
done with that?
confused,
greg k-h
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v4] ntfs : fix shift-out-of-bounds in ntfs_iget
2023-08-16 19:15 ` Greg KH
@ 2023-08-18 6:34 ` Manas Ghandat
2023-08-28 3:00 ` Namjae Jeon
0 siblings, 1 reply; 6+ messages in thread
From: Manas Ghandat @ 2023-08-18 6:34 UTC (permalink / raw)
To: Greg KH
Cc: Linux-kernel-mentees, anton, linkinjeon, linux-fsdevel,
linux-kernel, linux-ntfs-dev, syzbot+4768a8f039aa677897d0
Sorry for the last reply Greg. The last tag specifies the commit id.
Also, I have sent the v5 of the patch in which I have made some critical
changes. Please take a look at that.
On 17/08/23 00:45, Greg KH wrote:
> On Sun, Aug 13, 2023 at 11:29:49AM +0530, Manas Ghandat wrote:
>> Currently there is not check for ni->itype.compressed.block_size when
>> a->data.non_resident.compression_unit is present and NInoSparse(ni) is
>> true. Added the required check to calculation of block size.
>>
>> Signed-off-by: Manas Ghandat <ghandatmanas@gmail.com>
>> Reported-by: syzbot+4768a8f039aa677897d0@syzkaller.appspotmail.com
>> Closes: https://syzkaller.appspot.com/bug?extid=4768a8f039aa677897d0
>> Fix-commit-ID: upstream f40ddce88593482919761f74910f42f4b84c004b
> What is this last tag for? That's a kernel release version, what can be
> done with that?
>
> confused,
>
> greg k-h
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v4] ntfs : fix shift-out-of-bounds in ntfs_iget
2023-08-18 6:34 ` Manas Ghandat
@ 2023-08-28 3:00 ` Namjae Jeon
2023-08-28 16:52 ` Manas Ghandat
0 siblings, 1 reply; 6+ messages in thread
From: Namjae Jeon @ 2023-08-28 3:00 UTC (permalink / raw)
To: Manas Ghandat
Cc: Greg KH, Linux-kernel-mentees, anton, linux-fsdevel, linux-kernel,
linux-ntfs-dev, syzbot+4768a8f039aa677897d0
2023-08-18 15:34 GMT+09:00, Manas Ghandat <ghandatmanas@gmail.com>:
> Sorry for the last reply Greg. The last tag specifies the commit id.
> Also, I have sent the v5 of the patch in which I have made some critical
> changes. Please take a look at that.
Have you checked build error report from kernel test robot ?
>
> On 17/08/23 00:45, Greg KH wrote:
>> On Sun, Aug 13, 2023 at 11:29:49AM +0530, Manas Ghandat wrote:
>>> Currently there is not check for ni->itype.compressed.block_size when
>>> a->data.non_resident.compression_unit is present and NInoSparse(ni) is
>>> true. Added the required check to calculation of block size.
>>>
>>> Signed-off-by: Manas Ghandat <ghandatmanas@gmail.com>
>>> Reported-by: syzbot+4768a8f039aa677897d0@syzkaller.appspotmail.com
>>> Closes: https://syzkaller.appspot.com/bug?extid=4768a8f039aa677897d0
>>> Fix-commit-ID: upstream f40ddce88593482919761f74910f42f4b84c004b
>> What is this last tag for? That's a kernel release version, what can be
>> done with that?
>>
>> confused,
>>
>> greg k-h
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v4] ntfs : fix shift-out-of-bounds in ntfs_iget
2023-08-28 3:00 ` Namjae Jeon
@ 2023-08-28 16:52 ` Manas Ghandat
0 siblings, 0 replies; 6+ messages in thread
From: Manas Ghandat @ 2023-08-28 16:52 UTC (permalink / raw)
To: Namjae Jeon
Cc: Greg KH, Linux-kernel-mentees, anton, linux-fsdevel, linux-kernel,
linux-ntfs-dev, syzbot+4768a8f039aa677897d0
I was looking at this issue for some time now. As suggested by Anton,
that the vol->sparse_compression_unit is set at the mount. I cannot seem
to find the code for that part. It seems that the ntfs_inode struct does
not have any sparse_compression_unit. So I am stuck at that part of the
problem.
On 28/08/23 08:30, Namjae Jeon wrote:
> 2023-08-18 15:34 GMT+09:00, Manas Ghandat <ghandatmanas@gmail.com>:
>> Sorry for the last reply Greg. The last tag specifies the commit id.
>> Also, I have sent the v5 of the patch in which I have made some critical
>> changes. Please take a look at that.
> Have you checked build error report from kernel test robot ?
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-08-28 16:54 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-13 5:59 [PATCH v4] ntfs : fix shift-out-of-bounds in ntfs_iget Manas Ghandat
2023-08-14 1:02 ` Namjae Jeon
2023-08-16 19:15 ` Greg KH
2023-08-18 6:34 ` Manas Ghandat
2023-08-28 3:00 ` Namjae Jeon
2023-08-28 16:52 ` Manas Ghandat
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).