+++ /dev/null
-From 9cef343056036e96bcfdc98629134fa81f8cf8d6 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 25 Nov 2022 10:21:59 +0000
-Subject: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
-
-From: ZhangPeng <zhangpeng362@huawei.com>
-
-[ Upstream commit 254e69f284d7270e0abdc023ee53b71401c3ba0c ]
-
-Syzbot reported a null-ptr-deref bug:
-
-ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
-(512)
-ntfs3: loop0: Mark volume as dirty due to NTFS errors
-general protection fault, probably for non-canonical address
-0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
-KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
-RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
-RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
-Call Trace:
- <TASK>
- d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
- lookup_open fs/namei.c:3391 [inline]
- open_last_lookups fs/namei.c:3481 [inline]
- path_openat+0x10e6/0x2df0 fs/namei.c:3688
- do_filp_open+0x264/0x4f0 fs/namei.c:3718
- do_sys_openat2+0x124/0x4e0 fs/open.c:1310
- do_sys_open fs/open.c:1326 [inline]
- __do_sys_open fs/open.c:1334 [inline]
- __se_sys_open fs/open.c:1330 [inline]
- __x64_sys_open+0x221/0x270 fs/open.c:1330
- do_syscall_x64 arch/x86/entry/common.c:50 [inline]
- do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
- entry_SYSCALL_64_after_hwframe+0x63/0xcd
-
-If the MFT record of ntfs inode is not a base record, inode->i_op can be
-NULL. And a null-ptr-deref may happen:
-
-ntfs_lookup()
- dir_search_u() # inode->i_op is set to NULL
- d_splice_alias()
- __d_add()
- d_flags_for_inode() # inode->i_op->get_link null-ptr-deref
-
-Fix this by adding a Check on inode->i_op before calling the
-d_splice_alias() function.
-
-Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
-Reported-by: syzbot+a8f26a403c169b7593fe@syzkaller.appspotmail.com
-Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
-Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/ntfs3/namei.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/fs/ntfs3/namei.c b/fs/ntfs3/namei.c
-index bc741213ad848..29fd76d94c744 100644
---- a/fs/ntfs3/namei.c
-+++ b/fs/ntfs3/namei.c
-@@ -86,6 +86,16 @@ static struct dentry *ntfs_lookup(struct inode *dir, struct dentry *dentry,
- __putname(uni);
- }
-
-+ /*
-+ * Check for a null pointer
-+ * If the MFT record of ntfs inode is not a base record, inode->i_op can be NULL.
-+ * This causes null pointer dereference in d_splice_alias().
-+ */
-+ if (!IS_ERR(inode) && inode->i_op == NULL) {
-+ iput(inode);
-+ inode = ERR_PTR(-EINVAL);
-+ }
-+
- return d_splice_alias(inode, dentry);
- }
-
---
-2.39.2
-
rtc-meson-vrtc-use-ktime_get_real_ts64-to-get-the-cu.patch
fs-ntfs3-fix-memory-leak-if-ntfs_read_mft-failed.patch
fs-ntfs3-add-check-for-kmemdup.patch
-fs-ntfs3-fix-null-ptr-deref-on-inode-i_op-in-ntfs_lo.patch
fs-ntfs3-fix-oob-read-in-indx_insert_into_buffer.patch
fs-ntfs3-fix-slab-out-of-bounds-read-in-hdr_delete_d.patch
power-supply-generic-adc-battery-fix-unit-scaling.patch
+++ /dev/null
-From aec1b22a83f95d382c3dec59598dffb2630724d8 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 25 Nov 2022 10:21:59 +0000
-Subject: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
-
-From: ZhangPeng <zhangpeng362@huawei.com>
-
-[ Upstream commit 254e69f284d7270e0abdc023ee53b71401c3ba0c ]
-
-Syzbot reported a null-ptr-deref bug:
-
-ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
-(512)
-ntfs3: loop0: Mark volume as dirty due to NTFS errors
-general protection fault, probably for non-canonical address
-0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
-KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
-RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
-RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
-Call Trace:
- <TASK>
- d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
- lookup_open fs/namei.c:3391 [inline]
- open_last_lookups fs/namei.c:3481 [inline]
- path_openat+0x10e6/0x2df0 fs/namei.c:3688
- do_filp_open+0x264/0x4f0 fs/namei.c:3718
- do_sys_openat2+0x124/0x4e0 fs/open.c:1310
- do_sys_open fs/open.c:1326 [inline]
- __do_sys_open fs/open.c:1334 [inline]
- __se_sys_open fs/open.c:1330 [inline]
- __x64_sys_open+0x221/0x270 fs/open.c:1330
- do_syscall_x64 arch/x86/entry/common.c:50 [inline]
- do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
- entry_SYSCALL_64_after_hwframe+0x63/0xcd
-
-If the MFT record of ntfs inode is not a base record, inode->i_op can be
-NULL. And a null-ptr-deref may happen:
-
-ntfs_lookup()
- dir_search_u() # inode->i_op is set to NULL
- d_splice_alias()
- __d_add()
- d_flags_for_inode() # inode->i_op->get_link null-ptr-deref
-
-Fix this by adding a Check on inode->i_op before calling the
-d_splice_alias() function.
-
-Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
-Reported-by: syzbot+a8f26a403c169b7593fe@syzkaller.appspotmail.com
-Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
-Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/ntfs3/namei.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/fs/ntfs3/namei.c b/fs/ntfs3/namei.c
-index bc22cc321a74b..7760aedc06728 100644
---- a/fs/ntfs3/namei.c
-+++ b/fs/ntfs3/namei.c
-@@ -86,6 +86,16 @@ static struct dentry *ntfs_lookup(struct inode *dir, struct dentry *dentry,
- __putname(uni);
- }
-
-+ /*
-+ * Check for a null pointer
-+ * If the MFT record of ntfs inode is not a base record, inode->i_op can be NULL.
-+ * This causes null pointer dereference in d_splice_alias().
-+ */
-+ if (!IS_ERR(inode) && inode->i_op == NULL) {
-+ iput(inode);
-+ inode = ERR_PTR(-EINVAL);
-+ }
-+
- return d_splice_alias(inode, dentry);
- }
-
---
-2.39.2
-
rdma-erdma-use-fixed-hardware-page-size.patch
fs-ntfs3-fix-memory-leak-if-ntfs_read_mft-failed.patch
fs-ntfs3-add-check-for-kmemdup.patch
-fs-ntfs3-fix-null-ptr-deref-on-inode-i_op-in-ntfs_lo.patch
fs-ntfs3-fix-oob-read-in-indx_insert_into_buffer.patch
fs-ntfs3-fix-slab-out-of-bounds-read-in-hdr_delete_d.patch
iommu-mediatek-set-dma_mask-for-pgtable_pa_35_en.patch
+++ /dev/null
-From f09d735877b129e78bd67ad77fcb4a065491096f Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 25 Nov 2022 10:21:59 +0000
-Subject: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
-
-From: ZhangPeng <zhangpeng362@huawei.com>
-
-[ Upstream commit 254e69f284d7270e0abdc023ee53b71401c3ba0c ]
-
-Syzbot reported a null-ptr-deref bug:
-
-ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
-(512)
-ntfs3: loop0: Mark volume as dirty due to NTFS errors
-general protection fault, probably for non-canonical address
-0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
-KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
-RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
-RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
-Call Trace:
- <TASK>
- d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
- lookup_open fs/namei.c:3391 [inline]
- open_last_lookups fs/namei.c:3481 [inline]
- path_openat+0x10e6/0x2df0 fs/namei.c:3688
- do_filp_open+0x264/0x4f0 fs/namei.c:3718
- do_sys_openat2+0x124/0x4e0 fs/open.c:1310
- do_sys_open fs/open.c:1326 [inline]
- __do_sys_open fs/open.c:1334 [inline]
- __se_sys_open fs/open.c:1330 [inline]
- __x64_sys_open+0x221/0x270 fs/open.c:1330
- do_syscall_x64 arch/x86/entry/common.c:50 [inline]
- do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
- entry_SYSCALL_64_after_hwframe+0x63/0xcd
-
-If the MFT record of ntfs inode is not a base record, inode->i_op can be
-NULL. And a null-ptr-deref may happen:
-
-ntfs_lookup()
- dir_search_u() # inode->i_op is set to NULL
- d_splice_alias()
- __d_add()
- d_flags_for_inode() # inode->i_op->get_link null-ptr-deref
-
-Fix this by adding a Check on inode->i_op before calling the
-d_splice_alias() function.
-
-Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
-Reported-by: syzbot+a8f26a403c169b7593fe@syzkaller.appspotmail.com
-Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
-Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/ntfs3/namei.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/fs/ntfs3/namei.c b/fs/ntfs3/namei.c
-index c8db35e2ae172..3db34d5c03dc7 100644
---- a/fs/ntfs3/namei.c
-+++ b/fs/ntfs3/namei.c
-@@ -88,6 +88,16 @@ static struct dentry *ntfs_lookup(struct inode *dir, struct dentry *dentry,
- __putname(uni);
- }
-
-+ /*
-+ * Check for a null pointer
-+ * If the MFT record of ntfs inode is not a base record, inode->i_op can be NULL.
-+ * This causes null pointer dereference in d_splice_alias().
-+ */
-+ if (!IS_ERR(inode) && inode->i_op == NULL) {
-+ iput(inode);
-+ inode = ERR_PTR(-EINVAL);
-+ }
-+
- return d_splice_alias(inode, dentry);
- }
-
---
-2.39.2
-
rdma-erdma-use-fixed-hardware-page-size.patch
fs-ntfs3-fix-memory-leak-if-ntfs_read_mft-failed.patch
fs-ntfs3-add-check-for-kmemdup.patch
-fs-ntfs3-fix-null-ptr-deref-on-inode-i_op-in-ntfs_lo.patch
fs-ntfs3-fix-oob-read-in-indx_insert_into_buffer.patch
fs-ntfs3-fix-slab-out-of-bounds-read-in-hdr_delete_d.patch
iommu-mediatek-set-dma_mask-for-pgtable_pa_35_en.patch
+++ /dev/null
-From 67096543659b764439cfa9f5e4b4803f1a099ed3 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 25 Nov 2022 10:21:59 +0000
-Subject: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
-
-From: ZhangPeng <zhangpeng362@huawei.com>
-
-[ Upstream commit 254e69f284d7270e0abdc023ee53b71401c3ba0c ]
-
-Syzbot reported a null-ptr-deref bug:
-
-ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
-(512)
-ntfs3: loop0: Mark volume as dirty due to NTFS errors
-general protection fault, probably for non-canonical address
-0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
-KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
-RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
-RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
-Call Trace:
- <TASK>
- d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
- lookup_open fs/namei.c:3391 [inline]
- open_last_lookups fs/namei.c:3481 [inline]
- path_openat+0x10e6/0x2df0 fs/namei.c:3688
- do_filp_open+0x264/0x4f0 fs/namei.c:3718
- do_sys_openat2+0x124/0x4e0 fs/open.c:1310
- do_sys_open fs/open.c:1326 [inline]
- __do_sys_open fs/open.c:1334 [inline]
- __se_sys_open fs/open.c:1330 [inline]
- __x64_sys_open+0x221/0x270 fs/open.c:1330
- do_syscall_x64 arch/x86/entry/common.c:50 [inline]
- do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
- entry_SYSCALL_64_after_hwframe+0x63/0xcd
-
-If the MFT record of ntfs inode is not a base record, inode->i_op can be
-NULL. And a null-ptr-deref may happen:
-
-ntfs_lookup()
- dir_search_u() # inode->i_op is set to NULL
- d_splice_alias()
- __d_add()
- d_flags_for_inode() # inode->i_op->get_link null-ptr-deref
-
-Fix this by adding a Check on inode->i_op before calling the
-d_splice_alias() function.
-
-Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
-Reported-by: syzbot+a8f26a403c169b7593fe@syzkaller.appspotmail.com
-Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
-Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/ntfs3/namei.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/fs/ntfs3/namei.c b/fs/ntfs3/namei.c
-index 407fe92394e22..8d206770d8c6d 100644
---- a/fs/ntfs3/namei.c
-+++ b/fs/ntfs3/namei.c
-@@ -88,6 +88,16 @@ static struct dentry *ntfs_lookup(struct inode *dir, struct dentry *dentry,
- __putname(uni);
- }
-
-+ /*
-+ * Check for a null pointer
-+ * If the MFT record of ntfs inode is not a base record, inode->i_op can be NULL.
-+ * This causes null pointer dereference in d_splice_alias().
-+ */
-+ if (!IS_ERR(inode) && inode->i_op == NULL) {
-+ iput(inode);
-+ inode = ERR_PTR(-EINVAL);
-+ }
-+
- return d_splice_alias(inode, dentry);
- }
-
---
-2.39.2
-
rdma-erdma-use-fixed-hardware-page-size.patch
fs-ntfs3-fix-memory-leak-if-ntfs_read_mft-failed.patch
fs-ntfs3-add-check-for-kmemdup.patch
-fs-ntfs3-fix-null-ptr-deref-on-inode-i_op-in-ntfs_lo.patch
fs-ntfs3-fix-oob-read-in-indx_insert_into_buffer.patch
fs-ntfs3-fix-slab-out-of-bounds-read-in-hdr_delete_d.patch
iommu-mediatek-set-dma_mask-for-pgtable_pa_35_en.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
