lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: 
 <173714823625.2259050.15101235212593164792.git-patchwork-notify@kernel.org>
Date: Fri, 17 Jan 2025 21:10:36 +0000
From: patchwork-bot+f2fs@...nel.org
To: Chao Yu <chao@...nel.org>
Cc: jaegeuk@...nel.org, qasdev00@...il.com,
 syzbot+69f5379a1717a0b982a1@...kaller.appspotmail.com,
 linux-kernel@...r.kernel.org,
 syzbot+f5e74075e096e757bdbf@...kaller.appspotmail.com,
 linux-f2fs-devel@...ts.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH v2] f2fs: fix to do sanity check correctly on
 i_inline_xattr_size

Hello:

This patch was applied to jaegeuk/f2fs.git (dev)
by Jaegeuk Kim <jaegeuk@...nel.org>:

On Tue, 14 Jan 2025 20:34:10 +0800 you wrote:
> syzbot reported an out-of-range access issue as below:
> 
> UBSAN: array-index-out-of-bounds in fs/f2fs/f2fs.h:3292:19
> index 18446744073709550491 is out of range for type '__le32[923]' (aka 'unsigned int[923]')
> CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-10689-g7af08b57bcb9 #0
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
> Call Trace:
>  <TASK>
>  __dump_stack lib/dump_stack.c:94 [inline]
>  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
>  ubsan_epilogue lib/ubsan.c:231 [inline]
>  __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429
>  read_inline_xattr+0x273/0x280
>  lookup_all_xattrs fs/f2fs/xattr.c:341 [inline]
>  f2fs_getxattr+0x57b/0x13b0 fs/f2fs/xattr.c:533
>  vfs_getxattr_alloc+0x472/0x5c0 fs/xattr.c:393
>  ima_read_xattr+0x38/0x60 security/integrity/ima/ima_appraise.c:229
>  process_measurement+0x117a/0x1fb0 security/integrity/ima/ima_main.c:353
>  ima_file_check+0xd9/0x120 security/integrity/ima/ima_main.c:572
>  security_file_post_open+0xb9/0x280 security/security.c:3121
>  do_open fs/namei.c:3830 [inline]
>  path_openat+0x2ccd/0x3590 fs/namei.c:3987
>  do_file_open_root+0x3a7/0x720 fs/namei.c:4039
>  file_open_root+0x247/0x2a0 fs/open.c:1382
>  do_handle_open+0x85b/0x9d0 fs/fhandle.c:414
>  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> 
> [...]

Here is the summary with links:
  - [f2fs-dev,v2] f2fs: fix to do sanity check correctly on i_inline_xattr_size
    https://git.kernel.org/jaegeuk/f2fs/c/5c1768b67250

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ