From: Greg KH <gregkh@linuxfoundation.org>
To: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: stable@vger.kernel.org, akpm@linux-foundation.org
Subject: Re: [PATCH 4.19 5.4 5.10 5.15 6.1 6.6] nilfs2: fix kernel bug on rename operation of broken directory
Date: Tue, 16 Jul 2024 15:10:28 +0200 [thread overview]
Message-ID: <2024071618-compacted-gigantic-4694@gregkh> (raw)
In-Reply-To: <20240715162711.6850-1-konishi.ryusuke@gmail.com>
On Tue, Jul 16, 2024 at 01:27:11AM +0900, Ryusuke Konishi wrote:
> commit a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 upstream.
>
> Syzbot reported that in rename directory operation on broken directory on
> nilfs2, __block_write_begin_int() called to prepare block write may fail
> BUG_ON check for access exceeding the folio/page size.
>
> This is because nilfs_dotdot(), which gets parent directory reference
> entry ("..") of the directory to be moved or renamed, does not check
> consistency enough, and may return location exceeding folio/page size for
> broken directories.
>
> Fix this issue by checking required directory entries ("." and "..") in
> the first chunk of the directory in nilfs_dotdot().
>
> Link: https://lkml.kernel.org/r/20240628165107.9006-1-konishi.ryusuke@gmail.com
> Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
> Reported-by: syzbot+d3abed1ad3d367fa2627@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=d3abed1ad3d367fa2627
> Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations")
> Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> ---
> Please apply this patch to the stable trees indicated by the subject
> prefix instead of the patch that failed.
>
> This patch is tailored to take page/folio conversion into account and
> can be applied to these stable trees.
>
> Also, all the builds and tests I did on each stable tree passed.
Now queued up, thanks!
greg k-h
prev parent reply other threads:[~2024-07-16 13:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-15 16:27 [PATCH 4.19 5.4 5.10 5.15 6.1 6.6] nilfs2: fix kernel bug on rename operation of broken directory Ryusuke Konishi
2024-07-16 13:10 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024071618-compacted-gigantic-4694@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=konishi.ryusuke@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox