lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0000000000006a2b4c061c2b66b5@google.com>
Date: Mon, 01 Jul 2024 01:29:47 -0700
From: syzbot <syzbot+18df508cf00a0598d9a6@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [PATCH] handle EFSCORRUPTED, drop EXT4_STATE_MAY_INLINE_DATA
 sanity check

For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com.

***

Subject: [PATCH] handle EFSCORRUPTED, drop EXT4_STATE_MAY_INLINE_DATA sanity check
Author: wojciech.gladysz@...ogain.com

#syz test: https://linux.googlesource.com/linux/kernel/git/torvalds/linux
---
 fs/buffer.c     | 5 ++++-
 fs/ext4/inode.c | 5 +++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/fs/buffer.c b/fs/buffer.c
index 4f73d23c2c46..10514fa9851c 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -2163,7 +2163,10 @@ static void __block_commit_write(struct folio *folio, size_t from, size_t to)
 	unsigned blocksize;
 	struct buffer_head *bh, *head;
 
-	bh = head = folio_buffers(folio);
+	head = folio_buffers(folio);
+	if (!head)
+		return;
+	bh = head;
 	blocksize = bh->b_size;
 
 	block_start = 0;
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 537803250ca9..e7a6958025ee 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -2948,6 +2948,11 @@ static int ext4_da_do_write_end(struct address_space *mapping,
 	bool disksize_changed = false;
 	loff_t new_i_size;
 
+	if (unlikely(!folio_buffers(folio))) {
+		folio_unlock(folio);
+		folio_put(folio);
+		return -EIO;
+	}
 	/*
 	 * block_write_end() will mark the inode as dirty with I_DIRTY_PAGES
 	 * flag, which all that's needed to trigger page writeback.
-- 
2.35.3


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ