| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_70204B621B682561BA47BB81339A9E031B08@qq.com> Date: Sat, 7 Sep 2024 09:42:58 +0800 From: Edward Adam Davis <eadavis@...com> To: syzbot+3bfd2cc059ab93efcdb4@...kaller.appspotmail.com Cc: almaz.alexandrovich@...agon-software.com, linux-kernel@...r.kernel.org, ntfs3@...ts.linux.dev, syzkaller-bugs@...glegroups.com Subject: [PATCH] fs/ntfs3: Move condition bitmap.sb to before run_unpack [Syzbot reported] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 0 UID: 0 PID: 5231 Comm: syz-executor253 Not tainted 6.11.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 assign_lock_key+0x238/0x270 kernel/locking/lockdep.c:975 register_lock_class+0x1cf/0x980 kernel/locking/lockdep.c:1288 __lock_acquire+0xf0/0x2040 kernel/locking/lockdep.c:5019 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 down_write_nested+0xa2/0x220 kernel/locking/rwsem.c:1695 mark_as_free_ex+0x3e/0x390 fs/ntfs3/fsntfs.c:2484 run_unpack+0x7f3/0xda0 fs/ntfs3/run.c:1019 run_unpack_ex+0x14b/0x7f0 fs/ntfs3/run.c:1060 ni_delete_all+0x2d9/0x9a0 fs/ntfs3/frecord.c:1610 ni_clear+0x28e/0x4b0 fs/ntfs3/frecord.c:106 evict+0x534/0x950 fs/inode.c:704 ntfs_loadlog_and_replay+0x2e8/0x4f0 fs/ntfs3/fsntfs.c:326 ntfs_fill_super+0x2c38/0x4730 fs/ntfs3/super.c:1280 get_tree_bdev+0x3f9/0x570 fs/super.c:1635 vfs_get_tree+0x92/0x2b0 fs/super.c:1800 do_new_mount+0x2be/0xb40 fs/namespace.c:3472 do_mount fs/namespace.c:3812 [inline] __do_sys_mount fs/namespace.c:4020 [inline] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3997 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [Analysis] Before call this path, sbi->used.bitmap.sb has not been initialized in ntfs_fill_super. Reported-and-tested-by: syzbot+3bfd2cc059ab93efcdb4@...kaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3bfd2cc059ab93efcdb4 Signed-off-by: Edward Adam Davis <eadavis@...com> --- fs/ntfs3/run.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/ntfs3/run.c b/fs/ntfs3/run.c index cb8cf0161177..8970101147c7 100644 --- a/fs/ntfs3/run.c +++ b/fs/ntfs3/run.c @@ -1057,11 +1057,14 @@ int run_unpack_ex(struct runs_tree *run, struct ntfs_sb_info *sbi, CLST ino, bool ok; struct wnd_bitmap *wnd; + if (!sbi->used.bitmap.sb) + return -EINVAL; + ret = run_unpack(run, sbi, ino, svcn, evcn, vcn, run_buf, run_buf_size); if (ret <= 0) return ret; - if (!sbi->used.bitmap.sb || !run || run == RUN_DEALLOCATE) + if (!run || run == RUN_DEALLOCATE) return ret; if (ino == MFT_REC_BADCLUST) -- 2.43.0
Powered by blists - more mailing lists