| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241124010459.23283-1-leocstone@gmail.com>
Date: Sat, 23 Nov 2024 17:04:56 -0800
From: Leo Stone <leocstone@...il.com>
To: syzbot+b01a36acd7007e273a83@...kaller.appspotmail.com,
jaegeuk@...nel.org,
chao@...nel.org
Cc: Leo Stone <leocstone@...il.com>,
linux-f2fs-devel@...ts.sourceforge.net,
linux-kernel@...r.kernel.org,
shuah@...nel.org,
anupnewsmail@...il.com,
linux-kernel-mentees@...ts.linuxfoundation.org
Subject: [PATCH] f2fs: Add check for deleted inode
The syzbot reproducer mounts a f2fs image, then tries to unlink an
existing file. However, the unlinked file already has a link count of 0
when it is read for the first time in do_read_inode().
Add a check to sanity_check_inode() for i_nlink == 0.
#syz test
Reported-by: syzbot+b01a36acd7007e273a83@...kaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b01a36acd7007e273a83
Fixes: 4c8ff7095bef ("f2fs: support data compression")
Signed-off-by: Leo Stone <leocstone@...il.com>
---
fs/f2fs/inode.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
index 1ed86df343a5..65f1dc32f173 100644
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -372,6 +372,12 @@ static bool sanity_check_inode(struct inode *inode, struct page *node_page)
return false;
}
+ if (inode->i_nlink == 0) {
+ f2fs_warn(sbi, "%s: inode (ino=%lx) has a link count of 0",
+ __func__, inode->i_ino);
+ return false;
+ }
+
return true;
}
--
2.43.0
Powered by blists - more mailing lists