git.ipfire.org Git - thirdparty/openwrt.git/blob

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Jan Kara <jack@suse.cz>
   3 Date: Thu, 9 Feb 2023 10:33:09 +0100
   4 Subject: udf: Avoid directory type conversion failure due to ENOMEM
   5
   6 commit df97f64dfa317a5485daf247b6c043a584ef95f9 upstream.
   7
   8 When converting directory from in-ICB to normal format, the last
   9 iteration through the directory fixing up directory enteries can fail
  10 due to ENOMEM. We do not expect this iteration to fail since the
  11 directory is already verified to be correct and it is difficult to undo
  12 the conversion at this point. So just use GFP_NOFAIL to make sure the
  13 small allocation cannot fail.
  14
  15 Reported-by: syzbot+111eaa994ff74f8d440f@syzkaller.appspotmail.com
  16 Fixes: 0aba4860b0d0 ("udf: Allocate name buffer in directory iterator on heap")
  17 Signed-off-by: Jan Kara <jack@suse.cz>
  18 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  19 ---
  20  fs/udf/directory.c | 9 ++++++---
  21  1 file changed, 6 insertions(+), 3 deletions(-)
  22
  23 --- a/fs/udf/directory.c
  24 +++ b/fs/udf/directory.c
  25 @@ -249,9 +249,12 @@ int udf_fiiter_init(struct udf_fileident
  26         iter->elen = 0;
  27         iter->epos.bh = NULL;
  28         iter->name = NULL;
  29 -       iter->namebuf = kmalloc(UDF_NAME_LEN_CS0, GFP_KERNEL);
  30 -       if (!iter->namebuf)
  31 -               return -ENOMEM;
  32 +       /*
  33 +        * When directory is verified, we don't expect directory iteration to
  34 +        * fail and it can be difficult to undo without corrupting filesystem.
  35 +        * So just do not allow memory allocation failures here.
  36 +        */
  37 +       iter->namebuf = kmalloc(UDF_NAME_LEN_CS0, GFP_KERNEL | __GFP_NOFAIL);
  38
  39         if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) {
  40                 err = udf_copy_fi(iter);