lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <842b3b43-0a1c-4fe8-adff-94fdb2cee59b@I-love.SAKURA.ne.jp>
Date: Sat, 4 Oct 2025 19:43:02 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: almaz.alexandrovich@...agon-software.com, ntfs3@...ts.linux.dev,
        Edward Adam Davis <eadavis@...com>
Cc: syzbot <syzbot+bdeb22a4b9a09ab9aa45@...kaller.appspotmail.com>,
        linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [ntfs3?] INFO: trying to register non-static key in
 ntfs_set_size

On 2025/09/20 18:42, Tetsuo Handa wrote:
> On 2025/09/16 12:48, Tetsuo Handa wrote:
>> Well, we need to also initialize ni->file.run_lock, for vfs_truncate() now
>> passes the
>>
>> 	/* For directories it's -EISDIR, for other non-regulars - -EINVAL */
>> 	if (S_ISDIR(inode->i_mode))
>> 		return -EISDIR;
>> 	if (!S_ISREG(inode->i_mode))
>> 		return -EINVAL;
>>
>> check. But do we really want to pretend as if S_IFREG ?
>>
>> diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
>> index 37cbbee7fa58..ea2193ebf8fc 100644
>> --- a/fs/ntfs3/inode.c
>> +++ b/fs/ntfs3/inode.c
>> @@ -471,6 +471,8 @@ static struct inode *ntfs_read_mft(struct inode *inode,
>>                    fname->home.seq == cpu_to_le16(MFT_REC_EXTEND)) {
>>                 /* Records in $Extend are not a files or general directories. */
>>                 inode->i_op = &ntfs_file_inode_operations;
>> +               mode = S_IFREG;
>> +               init_rwsem(&ni->file.run_lock);
>>         } else {
>>                 err = -EINVAL;
>>                 goto out;
>>
>> Are records in $Extend expected to be truncated to arbitrary size? Should we
>> prepend something other than S_IFREG (at least S_IFREG so that truncate()
> 
> pretend something other than S_IFREG (at least S_IFDIR so that truncate()
> 
>> will fail, or possibly S_IFSOCK so that open() will fail) ?

I tested using a legitimate filesystem image, and I came to a conclusion that
pretending as if S_IFREG seems to be OK because normal operations (e.g. read,
truncate) fail with "No such device or address" despite S_IFREG.

Therefore, please apply
https://lkml.kernel.org/r/tencent_F24B651BC22523BA92BB5A337D9E2A1B5F08@qq.com
and send to linux.git .

------------------------------------------------------------
[root@...alhost ~]# truncate -s 100M testfile.img
[root@...alhost ~]# mkfs.ntfs -F testfile.img
testfile.img is not a block device.
mkntfs forced anyway.
The sector size was not specified for testfile.img and it could not be obtained automatically.  It has been set to 512 bytes.
The partition start sector was not specified for testfile.img and it could not be obtained automatically.  It has been set to 0.
The number of sectors per track was not specified for testfile.img and it could not be obtained automatically.  It has been set to 0.
The number of heads was not specified for testfile.img and it could not be obtained automatically.  It has been set to 0.
Cluster size has been automatically set to 4096 bytes.
To boot from a device, Windows needs the 'partition start sector', the 'sectors per track' and the 'number of heads' to be set.
Windows will not be able to boot from this device.
Initializing device with zeroes: 100% - Done.
Creating NTFS volume structures.
mkntfs completed successfully. Have a nice day.
[root@...alhost ~]# mount -t ntfs3 -o loop testfile.img /mnt/
for i in '$ObjId' '$Quota' '$Reparse'
do
  stat /mnt/\$Extend/$i
  truncate -s 1024 /mnt/\$Extend/$i
  chmod 7777 /mnt/\$Extend/$i
  chown 1 /mnt/\$Extend/$i
  cat /mnt/\$Extend/\$Reparse
  stat /mnt/\$Extend/$i
  rm -f /mnt/\$Extend/$i
done
  File: /mnt/$Extend/$ObjId
  Size: 0               Blocks: 0          IO Block: 4096   regular empty file
Device: 7,0     Inode: 25          Links: 1
Access: (0000/----------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2025-10-04 19:26:28.077612000 +0900
Modify: 2025-10-04 19:26:28.077612000 +0900
Change: 2025-10-04 19:26:28.077612000 +0900
 Birth: 2025-10-04 19:26:28.077612000 +0900
truncate: cannot open '/mnt/$Extend/$ObjId' for writing: No such device or address
cat: '/mnt/$Extend/$Reparse': No such device or address
  File: /mnt/$Extend/$ObjId
  Size: 0               Blocks: 0          IO Block: 4096   regular empty file
Device: 7,0     Inode: 25          Links: 1
Access: (1777/-rwxrwxrwt)  Uid: (    1/     bin)   Gid: (    0/    root)
Access: 2025-10-04 19:26:28.077612000 +0900
Modify: 2025-10-04 19:26:28.077612000 +0900
Change: 2025-10-04 19:28:18.811900400 +0900
 Birth: 2025-10-04 19:26:28.077612000 +0900
  File: /mnt/$Extend/$Quota
  Size: 0               Blocks: 0          IO Block: 4096   regular empty file
Device: 7,0     Inode: 24          Links: 1
Access: (0000/----------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2025-10-04 19:26:28.077612000 +0900
Modify: 2025-10-04 19:26:28.077612000 +0900
Change: 2025-10-04 19:26:28.077612000 +0900
 Birth: 2025-10-04 19:26:28.077612000 +0900
truncate: cannot open '/mnt/$Extend/$Quota' for writing: No such device or address
cat: '/mnt/$Extend/$Reparse': No such device or address
  File: /mnt/$Extend/$Quota
  Size: 0               Blocks: 0          IO Block: 4096   regular empty file
Device: 7,0     Inode: 24          Links: 1
Access: (1777/-rwxrwxrwt)  Uid: (    1/     bin)   Gid: (    0/    root)
Access: 2025-10-04 19:26:28.077612000 +0900
Modify: 2025-10-04 19:26:28.077612000 +0900
Change: 2025-10-04 19:28:18.901901800 +0900
 Birth: 2025-10-04 19:26:28.077612000 +0900
  File: /mnt/$Extend/$Reparse
  Size: 0               Blocks: 0          IO Block: 4096   regular empty file
Device: 7,0     Inode: 26          Links: 1
Access: (0000/----------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2025-10-04 19:26:28.077612000 +0900
Modify: 2025-10-04 19:26:28.077612000 +0900
Change: 2025-10-04 19:26:28.077612000 +0900
 Birth: 2025-10-04 19:26:28.077612000 +0900
truncate: cannot open '/mnt/$Extend/$Reparse' for writing: No such device or address
cat: '/mnt/$Extend/$Reparse': No such device or address
  File: /mnt/$Extend/$Reparse
  Size: 0               Blocks: 0          IO Block: 4096   regular empty file
Device: 7,0     Inode: 26          Links: 1
Access: (1777/-rwxrwxrwt)  Uid: (    1/     bin)   Gid: (    0/    root)
Access: 2025-10-04 19:26:28.077612000 +0900
Modify: 2025-10-04 19:26:28.077612000 +0900
Change: 2025-10-04 19:28:18.983903100 +0900
 Birth: 2025-10-04 19:26:28.077612000 +0900
------------------------------------------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ