lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 12 Mar 2024 13:44:07 +0100
From: Mateusz Guzik <mjguzik@...il.com>
To: Jan Kara <jack@...e.cz>
Cc: syzbot <syzbot+6ec38f7a8db3b3fb1002@...kaller.appspotmail.com>, 
	almaz.alexandrovich@...agon-software.com, anton@...era.com, axboe@...nel.dk, 
	brauner@...nel.org, ebiederm@...ssion.com, keescook@...omium.org, 
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, 
	linux-mm@...ck.org, linux-ntfs-dev@...ts.sourceforge.net, 
	ntfs3@...ts.linux.dev, syzkaller-bugs@...glegroups.com, tytso@....edu, 
	viro@...iv.linux.org.uk, willy@...radead.org
Subject: Re: [syzbot] [ntfs3?] WARNING in do_open_execat

On 3/12/24, Jan Kara <jack@...e.cz> wrote:
> On Mon 11-03-24 20:01:14, Mateusz Guzik wrote:
>> On 3/11/24, Jan Kara <jack@...e.cz> wrote:
>> > On Mon 11-03-24 11:04:04, syzbot wrote:
>> >> syzbot suspects this issue was fixed by commit:
>> >>
>> >> commit 6f861765464f43a71462d52026fbddfc858239a5
>> >> Author: Jan Kara <jack@...e.cz>
>> >> Date:   Wed Nov 1 17:43:10 2023 +0000
>> >>
>> >>     fs: Block writes to mounted block devices
>> >>
>> >> bisection log:
>> >> https://syzkaller.appspot.com/x/bisect.txt?x=17e3f58e180000
>> >> start commit:   eb3479bc23fa Merge tag 'kbuild-fixes-v6.7' of
>> >> git://git.ke..
>> >> git tree:       upstream
>> >> kernel config:
>> >> https://syzkaller.appspot.com/x/.config?x=bdf178b2f20f99b0
>> >> dashboard link:
>> >> https://syzkaller.appspot.com/bug?extid=6ec38f7a8db3b3fb1002
>> >> syz repro:
>> >> https://syzkaller.appspot.com/x/repro.syz?x=15073fd4e80000
>> >> C reproducer:
>> >> https://syzkaller.appspot.com/x/repro.c?x=17b20b8f680000
>> >>
>> >> If the result looks correct, please mark the issue as fixed by
>> >> replying
>> >> with:
>> >
>> > #syz fix: fs: Block writes to mounted block devices
>> >
>>
>> I don't think that's correct.
>>
>> The bug is ntfs instantiating an inode with bogus type (based on an
>> intentionally corrupted filesystem), violating the api contract with
>> vfs, which in turn results in the warning way later.
>>
>> It may be someone sorted out ntfs doing this in the meantime, I have
>> not checked.
>>
>> With this in mind I don't believe your patch fixed it, at best it
>> happened to neuter the reproducer.
>
> OK, I didn't dig deep into the bug. I've just seen there are no working
> reproducers and given this is ntfs3 which doesn't really have great
> maintenance effort put into it, I've opted for closing the bug. If there's
> a way to tickle the bug without writing to mounted block device, syzbot
> should eventually find it and create a new issue... But if you want to look
> into this feel free to :) Thanks for sharing the info.
>

Maybe I'll get around to future-proofing by adding validation before
the inode escapes the filesystem code, but I'm definitely NOT patching
ntfs. 8->

-- 
Mateusz Guzik <mjguzik gmail.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ