From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Ryusuke Konishi <konishi.ryusuke@gmail.com>,
syzbot+2b32eb36c1a825b7a74c@syzkaller.appspotmail.com,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH 5.19 01/33] nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
Date: Thu, 13 Oct 2022 19:52:33 +0200 [thread overview]
Message-ID: <20221013175145.284122320@linuxfoundation.org> (raw)
In-Reply-To: <20221013175145.236739253@linuxfoundation.org>
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit 21a87d88c2253350e115029f14fe2a10a7e6c856 upstream.
If the i_mode field in inode of metadata files is corrupted on disk, it
can cause the initialization of bmap structure, which should have been
called from nilfs_read_inode_common(), not to be called. This causes a
lockdep warning followed by a NULL pointer dereference at
nilfs_bmap_lookup_at_level().
This patch fixes these issues by adding a missing sanitiy check for the
i_mode field of metadata file's inode.
Link: https://lkml.kernel.org/r/20221002030804.29978-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+2b32eb36c1a825b7a74c@syzkaller.appspotmail.com
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/inode.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/nilfs2/inode.c
+++ b/fs/nilfs2/inode.c
@@ -440,6 +440,8 @@ int nilfs_read_inode_common(struct inode
inode->i_atime.tv_nsec = le32_to_cpu(raw_inode->i_mtime_nsec);
inode->i_ctime.tv_nsec = le32_to_cpu(raw_inode->i_ctime_nsec);
inode->i_mtime.tv_nsec = le32_to_cpu(raw_inode->i_mtime_nsec);
+ if (nilfs_is_metadata_file_inode(inode) && !S_ISREG(inode->i_mode))
+ return -EIO; /* this inode is for metadata and corrupted */
if (inode->i_nlink == 0)
return -ESTALE; /* this inode is deleted */
next prev parent reply other threads:[~2022-10-13 18:02 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-13 17:52 [PATCH 5.19 00/33] 5.19.16-rc1 review Greg Kroah-Hartman
2022-10-13 17:52 ` Greg Kroah-Hartman [this message]
2022-10-13 17:52 ` [PATCH 5.19 02/33] nilfs2: fix use-after-free bug of struct nilfs_root Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 03/33] nilfs2: fix leak of nilfs_root in case of writer thread creation failure Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 04/33] nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 05/33] ceph: dont truncate file in atomic_open Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 06/33] nvme-pci: set min_align_mask before calculating max_hw_sectors Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 07/33] random: restore O_NONBLOCK support Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 08/33] random: clamp credited irq bits to maximum mixed Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 09/33] ALSA: hda: Fix position reporting on Poulsbo Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 10/33] ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 11/33] efi: Correct Macmini DMI match in uefi cert quirk Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 12/33] scsi: stex: Properly zero out the passthrough command structure Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 13/33] USB: serial: qcserial: add new usb-id for Dell branded EM7455 Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 14/33] Revert "USB: fixup for merge issue with "usb: dwc3: Dont switch OTG -> peripheral if extcon is present"" Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 15/33] Revert "usb: dwc3: Dont switch OTG -> peripheral if extcon is present" Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 16/33] Revert "powerpc/rtas: Implement reentrant rtas call" Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 17/33] Revert "crypto: qat - reduce size of mapped region" Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 18/33] random: avoid reading two cache lines on irq randomness Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 19/33] random: use expired timer rather than wq for mixing fast pool Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 20/33] wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 21/33] wifi: cfg80211/mac80211: reject bad MBSSID elements Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 22/33] wifi: mac80211: fix MBSSID parsing use-after-free Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 23/33] wifi: cfg80211: ensure length byte is present before access Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 24/33] wifi: cfg80211: fix BSS refcounting bugs Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 25/33] wifi: cfg80211: avoid nontransmitted BSS list corruption Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 26/33] wifi: mac80211_hwsim: avoid mac80211 warning on bad rate Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 5.19 27/33] wifi: mac80211: fix crash in beacon protection for P2P-device Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 5.19 28/33] wifi: cfg80211: update hidden BSSes to avoid WARN_ON Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 5.19 29/33] mctp: prevent double key removal and unref Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 5.19 30/33] Input: xpad - add supported devices as contributed on github Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 5.19 31/33] Input: xpad - fix wireless 360 controller breaking after suspend Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 5.19 32/33] misc: pci_endpoint_test: Aggregate params checking for xfer Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 5.19 33/33] misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic Greg Kroah-Hartman
2022-10-13 21:05 ` [PATCH 5.19 00/33] 5.19.16-rc1 review Florian Fainelli
2022-10-13 21:07 ` Justin Forbes
2022-10-14 0:14 ` Slade Watkins
2022-10-14 7:56 ` Bagas Sanjaya
2022-10-14 8:47 ` Naresh Kamboju
2022-10-14 12:12 ` Sudip Mukherjee (Codethink)
2022-10-14 15:22 ` Shuah Khan
2022-10-14 15:57 ` Jon Hunter
2022-10-14 21:20 ` Ron Economos
2022-10-14 23:08 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221013175145.284122320@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=konishi.ryusuke@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=stable@vger.kernel.org \
--cc=syzbot+2b32eb36c1a825b7a74c@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).