From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
syzbot+9d82b8de2992579da5d0@syzkaller.appspotmail.com,
Andrew Morton <akpm@linux-foundation.org>,
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.19 44/86] fat: fix uninit-memory access for partial initialized inode
Date: Tue, 10 Mar 2020 13:45:08 +0100 [thread overview]
Message-ID: <20200310124533.170331709@linuxfoundation.org> (raw)
In-Reply-To: <20200310124530.808338541@linuxfoundation.org>
From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
commit bc87302a093f0eab45cd4e250c2021299f712ec6 upstream.
When get an error in the middle of reading an inode, some fields in the
inode might be still not initialized. And then the evict_inode path may
access those fields via iput().
To fix, this makes sure that inode fields are initialized.
Reported-by: syzbot+9d82b8de2992579da5d0@syzkaller.appspotmail.com
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/871rqnreqx.fsf@mail.parknet.co.jp
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fat/inode.c | 19 +++++++------------
1 file changed, 7 insertions(+), 12 deletions(-)
--- a/fs/fat/inode.c
+++ b/fs/fat/inode.c
@@ -743,6 +743,13 @@ static struct inode *fat_alloc_inode(str
return NULL;
init_rwsem(&ei->truncate_lock);
+ /* Zeroing to allow iput() even if partial initialized inode. */
+ ei->mmu_private = 0;
+ ei->i_start = 0;
+ ei->i_logstart = 0;
+ ei->i_attrs = 0;
+ ei->i_pos = 0;
+
return &ei->vfs_inode;
}
@@ -1373,16 +1380,6 @@ out:
return 0;
}
-static void fat_dummy_inode_init(struct inode *inode)
-{
- /* Initialize this dummy inode to work as no-op. */
- MSDOS_I(inode)->mmu_private = 0;
- MSDOS_I(inode)->i_start = 0;
- MSDOS_I(inode)->i_logstart = 0;
- MSDOS_I(inode)->i_attrs = 0;
- MSDOS_I(inode)->i_pos = 0;
-}
-
static int fat_read_root(struct inode *inode)
{
struct msdos_sb_info *sbi = MSDOS_SB(inode->i_sb);
@@ -1827,13 +1824,11 @@ int fat_fill_super(struct super_block *s
fat_inode = new_inode(sb);
if (!fat_inode)
goto out_fail;
- fat_dummy_inode_init(fat_inode);
sbi->fat_inode = fat_inode;
fsinfo_inode = new_inode(sb);
if (!fsinfo_inode)
goto out_fail;
- fat_dummy_inode_init(fsinfo_inode);
fsinfo_inode->i_ino = MSDOS_FSINFO_INO;
sbi->fsinfo_inode = fsinfo_inode;
insert_inode_hash(fsinfo_inode);
next prev parent reply other threads:[~2020-03-10 13:13 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-10 12:44 [PATCH 4.19 00/86] 4.19.109-stable review Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 01/86] EDAC/amd64: Set grain per DIMM Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 02/86] ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 03/86] net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 04/86] RDMA/core: Fix pkey and port assignment in get_new_pps Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 05/86] RDMA/core: Fix use of logical OR " Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 06/86] kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 07/86] ALSA: hda: do not override bus codec_mask in link_get() Greg Kroah-Hartman
2020-03-10 22:33 ` Pavel Machek
2020-03-10 12:44 ` [PATCH 4.19 08/86] serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 09/86] selftests: fix too long argument Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 10/86] usb: gadget: composite: Support more than 500mA MaxPower Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 11/86] usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 12/86] usb: gadget: serial: fix Tx stall after buffer overflow Greg Kroah-Hartman
2020-03-10 15:08 ` Pavel Machek
2020-03-10 22:51 ` Michał Mirosław
2020-03-11 9:42 ` Pavel Machek
2020-03-10 12:44 ` [PATCH 4.19 13/86] drm/msm/mdp5: rate limit pp done timeout warnings Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 14/86] drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 15/86] scsi: megaraid_sas: silence a warning Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 16/86] drm/msm/dsi: save pll state before dsi host is powered off Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 17/86] drm/msm/dsi/pll: call vco set rate explicitly Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 18/86] selftests: forwarding: use proto icmp for {gretap, ip6gretap}_mac testing Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 19/86] net: dsa: b53: Ensure the default VID is untagged Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 20/86] net: ks8851-ml: Remove 8-bit bus accessors Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 21/86] net: ks8851-ml: Fix 16-bit data access Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 22/86] net: ks8851-ml: Fix 16-bit IO operation Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 23/86] watchdog: da9062: do not ping the hw during stop() Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 24/86] s390/cio: cio_ignore_proc_seq_next should increase position index Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 25/86] s390: make install not depend on vmlinux Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 26/86] x86/boot/compressed: Dont declare __force_order in kaslr_64.c Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 27/86] s390/qdio: fill SL with absolute addresses Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 28/86] nvme: Fix uninitialized-variable warning Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 29/86] ice: Dont tell the OS that link is going down Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 30/86] x86/xen: Distribute switch variables for initialization Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 31/86] net: thunderx: workaround BGX TX Underflow issue Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 32/86] ALSA: hda/realtek - Add Headset Mic supported Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 33/86] ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 34/86] cifs: dont leak -EAGAIN for stat() during reconnect Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 35/86] usb: storage: Add quirk for Samsung Fit flash Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 36/86] usb: quirks: add NO_LPM quirk for Logitech Screen Share Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 37/86] usb: dwc3: gadget: Update chain bit correctly when using sg list Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 38/86] usb: core: hub: fix unhandled return by employing a void function Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 39/86] usb: core: hub: do error out if usb_autopm_get_interface() fails Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 40/86] usb: core: port: " Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 41/86] vgacon: Fix a UAF in vgacon_invert_region Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 42/86] mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 43/86] mm: fix possible PMD dirty bit lost in set_pmd_migration_entry() Greg Kroah-Hartman
2020-03-10 12:45 ` Greg Kroah-Hartman [this message]
2020-03-10 12:45 ` [PATCH 4.19 45/86] arm: dts: dra76x: Fix mmc3 max-frequency Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 46/86] tty:serial:mvebu-uart:fix a wrong return Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 47/86] serial: 8250_exar: add support for ACCES cards Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 48/86] vt: selection, close sel_buffer race Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 49/86] vt: selection, push console lock down Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 50/86] vt: selection, push sel_lock up Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 51/86] media: v4l2-mem2mem.c: fix broken links Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 52/86] x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 53/86] dmaengine: tegra-apb: Fix use-after-free Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 54/86] dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 55/86] dm cache: fix a crash due to incorrect work item cancelling Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 56/86] dm: report suspended device during destroy Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 57/86] dm writecache: verify watermark during resume Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 58/86] ARM: dts: ls1021a: Restore MDIO compatible to gianfar Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 59/86] spi: bcm63xx-hsspi: Really keep pll clk enabled Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 60/86] ASoC: topology: Fix memleak in soc_tplg_link_elems_load() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 61/86] ASoC: topology: Fix memleak in soc_tplg_manifest_load() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 62/86] ASoC: intel: skl: Fix pin debug prints Greg Kroah-Hartman
2020-03-11 9:52 ` Pavel Machek
2020-03-11 9:53 ` Pavel Machek
2020-03-10 12:45 ` [PATCH 4.19 63/86] ASoC: intel: skl: Fix possible buffer overflow in debug outputs Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 64/86] dmaengine: imx-sdma: remove dma_slave_config direction usage and leave sdma_event_enable() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 65/86] ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 66/86] ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 67/86] ASoC: dapm: Correct DAPM handling of active widgets during shutdown Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 68/86] drm/sun4i: Fix DE2 VI layer format support Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 69/86] drm/sun4i: de2/de3: Remove unsupported VI layer formats Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 70/86] phy: mapphone-mdm6600: Fix timeouts by adding wake-up handling Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 71/86] phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO toggle interval Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 72/86] ARM: dts: imx6: phycore-som: fix emmc supply Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 73/86] RDMA/iwcm: Fix iwcm work deallocation Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 74/86] RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 75/86] IB/hfi1, qib: Ensure RCU is locked when accessing list Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 76/86] ARM: imx: build v7_cpu_resume() unconditionally Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 77/86] ARM: dts: am437x-idk-evm: Fix incorrect OPP node names Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 78/86] ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 79/86] ARM: dts: imx7-colibri: Fix frequency for sd/mmc Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 80/86] hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 81/86] dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 82/86] powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 83/86] efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 84/86] efi/x86: Handle by-ref arguments covering multiple pages in mixed mode Greg Kroah-Hartman
2020-03-11 13:01 ` Pavel Machek
2020-03-11 13:13 ` Greg Kroah-Hartman
2020-03-11 13:28 ` Pavel Machek
2020-03-11 13:43 ` Ard Biesheuvel
2020-03-12 3:52 ` Arvind Sankar
2020-03-10 12:45 ` [PATCH 4.19 85/86] dm integrity: fix a deadlock due to offloading to an incorrect workqueue Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 86/86] scsi: pm80xx: Fixed kernel panic during error recovery for SATA drive Greg Kroah-Hartman
2020-03-10 20:08 ` [PATCH 4.19 00/86] 4.19.109-stable review Jon Hunter
2020-03-10 21:18 ` shuah
2020-03-10 21:58 ` Guenter Roeck
2020-03-11 6:52 ` Naresh Kamboju
2020-03-11 10:56 ` Chris Paterson
2020-03-11 13:13 ` Greg Kroah-Hartman
2020-03-17 19:46 ` Chris Paterson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200310124533.170331709@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=hirofumi@mail.parknet.co.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+9d82b8de2992579da5d0@syzkaller.appspotmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).