+++ /dev/null
-From 254e69f284d7270e0abdc023ee53b71401c3ba0c Mon Sep 17 00:00:00 2001
-From: ZhangPeng <zhangpeng362@huawei.com>
-Date: Fri, 25 Nov 2022 10:21:59 +0000
-Subject: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
-
-From: ZhangPeng <zhangpeng362@huawei.com>
-
-commit 254e69f284d7270e0abdc023ee53b71401c3ba0c upstream.
-
-Syzbot reported a null-ptr-deref bug:
-
-ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
-(512)
-ntfs3: loop0: Mark volume as dirty due to NTFS errors
-general protection fault, probably for non-canonical address
-0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
-KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
-RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
-RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
-Call Trace:
- <TASK>
- d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
- lookup_open fs/namei.c:3391 [inline]
- open_last_lookups fs/namei.c:3481 [inline]
- path_openat+0x10e6/0x2df0 fs/namei.c:3688
- do_filp_open+0x264/0x4f0 fs/namei.c:3718
- do_sys_openat2+0x124/0x4e0 fs/open.c:1310
- do_sys_open fs/open.c:1326 [inline]
- __do_sys_open fs/open.c:1334 [inline]
- __se_sys_open fs/open.c:1330 [inline]
- __x64_sys_open+0x221/0x270 fs/open.c:1330
- do_syscall_x64 arch/x86/entry/common.c:50 [inline]
- do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
- entry_SYSCALL_64_after_hwframe+0x63/0xcd
-
-If the MFT record of ntfs inode is not a base record, inode->i_op can be
-NULL. And a null-ptr-deref may happen:
-
-ntfs_lookup()
- dir_search_u() # inode->i_op is set to NULL
- d_splice_alias()
- __d_add()
- d_flags_for_inode() # inode->i_op->get_link null-ptr-deref
-
-Fix this by adding a Check on inode->i_op before calling the
-d_splice_alias() function.
-
-Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
-Reported-by: syzbot+a8f26a403c169b7593fe@syzkaller.appspotmail.com
-Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
-Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
-Cc: Rudi Heitbaum <rudi@heitbaum.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/ntfs3/namei.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
---- a/fs/ntfs3/namei.c
-+++ b/fs/ntfs3/namei.c
-@@ -96,6 +96,16 @@ static struct dentry *ntfs_lookup(struct
- inode = ERR_PTR(-EINVAL);
- }
-
-+ /*
-+ * Check for a null pointer
-+ * If the MFT record of ntfs inode is not a base record, inode->i_op can be NULL.
-+ * This causes null pointer dereference in d_splice_alias().
-+ */
-+ if (!IS_ERR(inode) && inode->i_op == NULL) {
-+ iput(inode);
-+ inode = ERR_PTR(-EINVAL);
-+ }
-+
- return d_splice_alias(inode, dentry);
- }
-
drm-amdgpu-disable-sdma-ecc-irq-only-when-sdma-ras-is-enabled-in-suspend.patch
hid-wacom-set-a-default-resolution-for-older-tablets.patch
hid-wacom-insert-timestamp-to-packed-bluetooth-bt-events.patch
-fs-ntfs3-fix-null-ptr-deref-on-inode-i_op-in-ntfs_lookup.patch
fs-ntfs3-refactoring-of-various-minor-issues.patch
asoc-soc-pcm-fix-dpcm-lockdep-warning-due-to-nested-stream-locks.patch
asoc-soc-compress-inherit-atomicity-from-dai-link-for-compress-fe.patch
+++ /dev/null
-From 254e69f284d7270e0abdc023ee53b71401c3ba0c Mon Sep 17 00:00:00 2001
-From: ZhangPeng <zhangpeng362@huawei.com>
-Date: Fri, 25 Nov 2022 10:21:59 +0000
-Subject: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
-
-From: ZhangPeng <zhangpeng362@huawei.com>
-
-commit 254e69f284d7270e0abdc023ee53b71401c3ba0c upstream.
-
-Syzbot reported a null-ptr-deref bug:
-
-ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
-(512)
-ntfs3: loop0: Mark volume as dirty due to NTFS errors
-general protection fault, probably for non-canonical address
-0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
-KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
-RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
-RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
-Call Trace:
- <TASK>
- d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
- lookup_open fs/namei.c:3391 [inline]
- open_last_lookups fs/namei.c:3481 [inline]
- path_openat+0x10e6/0x2df0 fs/namei.c:3688
- do_filp_open+0x264/0x4f0 fs/namei.c:3718
- do_sys_openat2+0x124/0x4e0 fs/open.c:1310
- do_sys_open fs/open.c:1326 [inline]
- __do_sys_open fs/open.c:1334 [inline]
- __se_sys_open fs/open.c:1330 [inline]
- __x64_sys_open+0x221/0x270 fs/open.c:1330
- do_syscall_x64 arch/x86/entry/common.c:50 [inline]
- do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
- entry_SYSCALL_64_after_hwframe+0x63/0xcd
-
-If the MFT record of ntfs inode is not a base record, inode->i_op can be
-NULL. And a null-ptr-deref may happen:
-
-ntfs_lookup()
- dir_search_u() # inode->i_op is set to NULL
- d_splice_alias()
- __d_add()
- d_flags_for_inode() # inode->i_op->get_link null-ptr-deref
-
-Fix this by adding a Check on inode->i_op before calling the
-d_splice_alias() function.
-
-Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
-Reported-by: syzbot+a8f26a403c169b7593fe@syzkaller.appspotmail.com
-Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
-Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
-Cc: Rudi Heitbaum <rudi@heitbaum.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/ntfs3/namei.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
---- a/fs/ntfs3/namei.c
-+++ b/fs/ntfs3/namei.c
-@@ -96,6 +96,16 @@ static struct dentry *ntfs_lookup(struct
- inode = ERR_PTR(-EINVAL);
- }
-
-+ /*
-+ * Check for a null pointer
-+ * If the MFT record of ntfs inode is not a base record, inode->i_op can be NULL.
-+ * This causes null pointer dereference in d_splice_alias().
-+ */
-+ if (!IS_ERR(inode) && inode->i_op == NULL) {
-+ iput(inode);
-+ inode = ERR_PTR(-EINVAL);
-+ }
-+
- return d_splice_alias(inode, dentry);
- }
-
drm-amd-use-amdgpu_ucode_-helpers-for-mes.patch
hid-wacom-set-a-default-resolution-for-older-tablets.patch
hid-wacom-insert-timestamp-to-packed-bluetooth-bt-events.patch
-fs-ntfs3-fix-null-ptr-deref-on-inode-i_op-in-ntfs_lookup.patch
fs-ntfs3-refactoring-of-various-minor-issues.patch
drm-msm-adreno-adreno_gpu-use-suspend-instead-of-idle-on-load-error.patch
f2fs-specify-extent-cache-for-read-explicitly.patch
+++ /dev/null
-From 254e69f284d7270e0abdc023ee53b71401c3ba0c Mon Sep 17 00:00:00 2001
-From: ZhangPeng <zhangpeng362@huawei.com>
-Date: Fri, 25 Nov 2022 10:21:59 +0000
-Subject: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
-
-From: ZhangPeng <zhangpeng362@huawei.com>
-
-commit 254e69f284d7270e0abdc023ee53b71401c3ba0c upstream.
-
-Syzbot reported a null-ptr-deref bug:
-
-ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
-(512)
-ntfs3: loop0: Mark volume as dirty due to NTFS errors
-general protection fault, probably for non-canonical address
-0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
-KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
-RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
-RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
-Call Trace:
- <TASK>
- d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
- lookup_open fs/namei.c:3391 [inline]
- open_last_lookups fs/namei.c:3481 [inline]
- path_openat+0x10e6/0x2df0 fs/namei.c:3688
- do_filp_open+0x264/0x4f0 fs/namei.c:3718
- do_sys_openat2+0x124/0x4e0 fs/open.c:1310
- do_sys_open fs/open.c:1326 [inline]
- __do_sys_open fs/open.c:1334 [inline]
- __se_sys_open fs/open.c:1330 [inline]
- __x64_sys_open+0x221/0x270 fs/open.c:1330
- do_syscall_x64 arch/x86/entry/common.c:50 [inline]
- do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
- entry_SYSCALL_64_after_hwframe+0x63/0xcd
-
-If the MFT record of ntfs inode is not a base record, inode->i_op can be
-NULL. And a null-ptr-deref may happen:
-
-ntfs_lookup()
- dir_search_u() # inode->i_op is set to NULL
- d_splice_alias()
- __d_add()
- d_flags_for_inode() # inode->i_op->get_link null-ptr-deref
-
-Fix this by adding a Check on inode->i_op before calling the
-d_splice_alias() function.
-
-Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
-Reported-by: syzbot+a8f26a403c169b7593fe@syzkaller.appspotmail.com
-Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
-Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
-Cc: Rudi Heitbaum <rudi@heitbaum.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/ntfs3/namei.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
---- a/fs/ntfs3/namei.c
-+++ b/fs/ntfs3/namei.c
-@@ -98,6 +98,16 @@ static struct dentry *ntfs_lookup(struct
- inode = ERR_PTR(-EINVAL);
- }
-
-+ /*
-+ * Check for a null pointer
-+ * If the MFT record of ntfs inode is not a base record, inode->i_op can be NULL.
-+ * This causes null pointer dereference in d_splice_alias().
-+ */
-+ if (!IS_ERR(inode) && inode->i_op == NULL) {
-+ iput(inode);
-+ inode = ERR_PTR(-EINVAL);
-+ }
-+
- return d_splice_alias(inode, dentry);
- }
-
drm-amd-use-amdgpu_ucode_-helpers-for-mes.patch
hid-wacom-set-a-default-resolution-for-older-tablets.patch
hid-wacom-insert-timestamp-to-packed-bluetooth-bt-events.patch
-fs-ntfs3-fix-null-ptr-deref-on-inode-i_op-in-ntfs_lookup.patch
fs-ntfs3-refactoring-of-various-minor-issues.patch
drm-msm-adreno-adreno_gpu-use-suspend-instead-of-idle-on-load-error.patch
drm-i915-mtl-add-workarounds-wa_14017066071-and-wa_1.patch
+++ /dev/null
-From 254e69f284d7270e0abdc023ee53b71401c3ba0c Mon Sep 17 00:00:00 2001
-From: ZhangPeng <zhangpeng362@huawei.com>
-Date: Fri, 25 Nov 2022 10:21:59 +0000
-Subject: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
-
-From: ZhangPeng <zhangpeng362@huawei.com>
-
-commit 254e69f284d7270e0abdc023ee53b71401c3ba0c upstream.
-
-Syzbot reported a null-ptr-deref bug:
-
-ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
-(512)
-ntfs3: loop0: Mark volume as dirty due to NTFS errors
-general protection fault, probably for non-canonical address
-0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
-KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
-RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
-RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
-Call Trace:
- <TASK>
- d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
- lookup_open fs/namei.c:3391 [inline]
- open_last_lookups fs/namei.c:3481 [inline]
- path_openat+0x10e6/0x2df0 fs/namei.c:3688
- do_filp_open+0x264/0x4f0 fs/namei.c:3718
- do_sys_openat2+0x124/0x4e0 fs/open.c:1310
- do_sys_open fs/open.c:1326 [inline]
- __do_sys_open fs/open.c:1334 [inline]
- __se_sys_open fs/open.c:1330 [inline]
- __x64_sys_open+0x221/0x270 fs/open.c:1330
- do_syscall_x64 arch/x86/entry/common.c:50 [inline]
- do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
- entry_SYSCALL_64_after_hwframe+0x63/0xcd
-
-If the MFT record of ntfs inode is not a base record, inode->i_op can be
-NULL. And a null-ptr-deref may happen:
-
-ntfs_lookup()
- dir_search_u() # inode->i_op is set to NULL
- d_splice_alias()
- __d_add()
- d_flags_for_inode() # inode->i_op->get_link null-ptr-deref
-
-Fix this by adding a Check on inode->i_op before calling the
-d_splice_alias() function.
-
-Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
-Reported-by: syzbot+a8f26a403c169b7593fe@syzkaller.appspotmail.com
-Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>
-Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
-Cc: Rudi Heitbaum <rudi@heitbaum.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/ntfs3/namei.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
---- a/fs/ntfs3/namei.c
-+++ b/fs/ntfs3/namei.c
-@@ -98,6 +98,16 @@ static struct dentry *ntfs_lookup(struct
- inode = ERR_PTR(-EINVAL);
- }
-
-+ /*
-+ * Check for a null pointer
-+ * If the MFT record of ntfs inode is not a base record, inode->i_op can be NULL.
-+ * This causes null pointer dereference in d_splice_alias().
-+ */
-+ if (!IS_ERR(inode) && inode->i_op == NULL) {
-+ iput(inode);
-+ inode = ERR_PTR(-EINVAL);
-+ }
-+
- return d_splice_alias(inode, dentry);
- }
-
firewire-net-fix-unexpected-release-of-object-for-asynchronous-request-packet.patch
hid-wacom-set-a-default-resolution-for-older-tablets.patch
hid-wacom-insert-timestamp-to-packed-bluetooth-bt-events.patch
-fs-ntfs3-fix-null-ptr-deref-on-inode-i_op-in-ntfs_lookup.patch
fs-ntfs3-refactoring-of-various-minor-issues.patch
revert-net-sched-flower-fix-wrong-handle-assignment-during-filter-change.patch
drm-msm-adreno-adreno_gpu-use-suspend-instead-of-idle-on-load-error.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
