--- /dev/null
+From 460bbf2990b3fdc597601c2cf669a3371c069242 Mon Sep 17 00:00:00 2001
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Date: Thu, 12 May 2022 19:08:40 +0300
+Subject: fs/ntfs3: Do not change mode if ntfs_set_ea failed
+
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+
+commit 460bbf2990b3fdc597601c2cf669a3371c069242 upstream.
+
+ntfs_set_ea can fail with NOSPC, so we don't need to
+change mode in this situation.
+Fixes xfstest generic/449
+Fixes: be71b5cba2e6 ("fs/ntfs3: Add attrib operations")
+
+Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ntfs3/xattr.c | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+--- a/fs/ntfs3/xattr.c
++++ b/fs/ntfs3/xattr.c
+@@ -545,28 +545,23 @@ static noinline int ntfs_set_acl_ex(stru
+ {
+ const char *name;
+ size_t size, name_len;
+- void *value = NULL;
+- int err = 0;
++ void *value;
++ int err;
+ int flags;
++ umode_t mode;
+
+ if (S_ISLNK(inode->i_mode))
+ return -EOPNOTSUPP;
+
++ mode = inode->i_mode;
+ switch (type) {
+ case ACL_TYPE_ACCESS:
+ /* Do not change i_mode if we are in init_acl */
+ if (acl && !init_acl) {
+- umode_t mode;
+-
+ err = posix_acl_update_mode(mnt_userns, inode, &mode,
+ &acl);
+ if (err)
+ goto out;
+-
+- if (inode->i_mode != mode) {
+- inode->i_mode = mode;
+- mark_inode_dirty(inode);
+- }
+ }
+ name = XATTR_NAME_POSIX_ACL_ACCESS;
+ name_len = sizeof(XATTR_NAME_POSIX_ACL_ACCESS) - 1;
+@@ -602,8 +597,13 @@ static noinline int ntfs_set_acl_ex(stru
+ err = ntfs_set_ea(inode, name, name_len, value, size, flags);
+ if (err == -ENODATA && !size)
+ err = 0; /* Removing non existed xattr. */
+- if (!err)
++ if (!err) {
+ set_cached_acl(inode, type, acl);
++ if (inode->i_mode != mode) {
++ inode->i_mode = mode;
++ mark_inode_dirty(inode);
++ }
++ }
+
+ out:
+ kfree(value);
--- /dev/null
+From 926034353d3c67db1ffeab47dcb7f6bdac02a263 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Mon, 9 May 2022 12:03:00 +0300
+Subject: fs/ntfs3: Don't clear upper bits accidentally in log_replay()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 926034353d3c67db1ffeab47dcb7f6bdac02a263 upstream.
+
+The "vcn" variable is a 64 bit. The "log->clst_per_page" variable is a
+u32. This means that the mask accidentally clears out the high 32 bits
+when it was only supposed to clear some low bits. Fix this by adding a
+cast to u64.
+
+Fixes: b46acd6a6a62 ("fs/ntfs3: Add NTFS journal")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ntfs3/fslog.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ntfs3/fslog.c
++++ b/fs/ntfs3/fslog.c
+@@ -5057,7 +5057,7 @@ undo_action_next:
+ goto add_allocated_vcns;
+
+ vcn = le64_to_cpu(lrh->target_vcn);
+- vcn &= ~(log->clst_per_page - 1);
++ vcn &= ~(u64)(log->clst_per_page - 1);
+
+ add_allocated_vcns:
+ for (i = 0, vcn = le64_to_cpu(lrh->target_vcn),
--- /dev/null
+From cd39981fb92adf0cc736112f87e3e61602baa415 Mon Sep 17 00:00:00 2001
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Date: Wed, 11 May 2022 19:58:36 +0300
+Subject: fs/ntfs3: Fix double free on remount
+
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+
+commit cd39981fb92adf0cc736112f87e3e61602baa415 upstream.
+
+Pointer to options was freed twice on remount
+Fixes xfstest generic/361
+Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
+
+Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ntfs3/super.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/fs/ntfs3/super.c
++++ b/fs/ntfs3/super.c
+@@ -30,6 +30,7 @@
+ #include <linux/fs_context.h>
+ #include <linux/fs_parser.h>
+ #include <linux/log2.h>
++#include <linux/minmax.h>
+ #include <linux/module.h>
+ #include <linux/nls.h>
+ #include <linux/seq_file.h>
+@@ -390,7 +391,7 @@ static int ntfs_fs_reconfigure(struct fs
+ return -EINVAL;
+ }
+
+- memcpy(sbi->options, new_opts, sizeof(*new_opts));
++ swap(sbi->options, fc->fs_private);
+
+ return 0;
+ }
+@@ -901,6 +902,8 @@ static int ntfs_fill_super(struct super_
+ ref.high = 0;
+
+ sbi->sb = sb;
++ sbi->options = fc->fs_private;
++ fc->fs_private = NULL;
+ sb->s_flags |= SB_NODIRATIME;
+ sb->s_magic = 0x7366746e; // "ntfs"
+ sb->s_op = &ntfs_sops;
+@@ -1264,8 +1267,6 @@ load_root:
+ goto put_inode_out;
+ }
+
+- fc->fs_private = NULL;
+-
+ return 0;
+
+ put_inode_out:
+@@ -1418,7 +1419,6 @@ static int ntfs_init_fs_context(struct f
+ mutex_init(&sbi->compress.mtx_lzx);
+ #endif
+
+- sbi->options = opts;
+ fc->s_fs_info = sbi;
+ ok:
+ fc->fs_private = opts;
--- /dev/null
+From 37a530bfe56ca9a0d3129598803f2794c7428aae Mon Sep 17 00:00:00 2001
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Date: Thu, 26 May 2022 12:51:03 +0300
+Subject: fs/ntfs3: Fix missing i_op in ntfs_read_mft
+
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+
+commit 37a530bfe56ca9a0d3129598803f2794c7428aae upstream.
+
+There is null pointer dereference because i_op == NULL.
+The bug happens because we don't initialize i_op for records in $Extend.
+Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
+
+Reported-by: Liangbin Lian <jjm2473@gmail.com>
+Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ntfs3/inode.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/ntfs3/inode.c
++++ b/fs/ntfs3/inode.c
+@@ -430,6 +430,7 @@ end_enum:
+ } else if (fname && fname->home.low == cpu_to_le32(MFT_REC_EXTEND) &&
+ fname->home.seq == cpu_to_le16(MFT_REC_EXTEND)) {
+ /* Records in $Extend are not a files or general directories. */
++ inode->i_op = &ntfs_file_inode_operations;
+ } else {
+ err = -EINVAL;
+ goto out;
--- /dev/null
+From 321460ca3b55f48b3ba6008248264ab2bd6407d9 Mon Sep 17 00:00:00 2001
+From: Pavel Skripkin <paskripkin@gmail.com>
+Date: Thu, 21 Apr 2022 23:53:36 +0300
+Subject: fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr
+
+From: Pavel Skripkin <paskripkin@gmail.com>
+
+commit 321460ca3b55f48b3ba6008248264ab2bd6407d9 upstream.
+
+If ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL.
+Code should check this ptr before dereferencing. Syzbot hit this issue
+via passing wrong mount param as can be seen from log below
+
+Fail log:
+ntfs3: Unknown parameter 'iochvrset'
+general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
+KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
+CPU: 1 PID: 3589 Comm: syz-executor210 Not tainted 5.18.0-rc3-syzkaller-00016-gb253435746d9 #0
+...
+Call Trace:
+ <TASK>
+ put_ntfs+0x1ed/0x2a0 fs/ntfs3/super.c:463
+ ntfs_fs_free+0x6a/0xe0 fs/ntfs3/super.c:1363
+ put_fs_context+0x119/0x7a0 fs/fs_context.c:469
+ do_new_mount+0x2b4/0xad0 fs/namespace.c:3044
+ do_mount fs/namespace.c:3383 [inline]
+ __do_sys_mount fs/namespace.c:3591 [inline]
+
+Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
+Reported-and-tested-by: syzbot+c95173762127ad76a824@syzkaller.appspotmail.com
+Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
+Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ntfs3/fsntfs.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/fs/ntfs3/fsntfs.c
++++ b/fs/ntfs3/fsntfs.c
+@@ -831,10 +831,15 @@ int ntfs_update_mftmirr(struct ntfs_sb_i
+ {
+ int err;
+ struct super_block *sb = sbi->sb;
+- u32 blocksize = sb->s_blocksize;
++ u32 blocksize;
+ sector_t block1, block2;
+ u32 bytes;
+
++ if (!sb)
++ return -EINVAL;
++
++ blocksize = sb->s_blocksize;
++
+ if (!(sbi->flags & NTFS_FLAGS_MFTMIRR))
+ return 0;
+
--- /dev/null
+From ae5a4e46916fc307288227b64c1d062352eb93b7 Mon Sep 17 00:00:00 2001
+From: Yan Lei <chinayanlei2002@163.com>
+Date: Sun, 10 Apr 2022 09:09:00 +0300
+Subject: fs/ntfs3: Fix using uninitialized value n when calling indx_read
+
+From: Yan Lei <chinayanlei2002@163.com>
+
+commit ae5a4e46916fc307288227b64c1d062352eb93b7 upstream.
+
+This value is checked in indx_read, so it must be initialized
+Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
+
+Signed-off-by: Yan Lei <chinayanlei2002@163.com>
+Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ntfs3/index.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ntfs3/index.c
++++ b/fs/ntfs3/index.c
+@@ -1994,7 +1994,7 @@ static int indx_free_children(struct ntf
+ const struct NTFS_DE *e, bool trim)
+ {
+ int err;
+- struct indx_node *n;
++ struct indx_node *n = NULL;
+ struct INDEX_HDR *hdr;
+ CLST vbn = de_get_vbn(e);
+ size_t i;
perf-parse-events-fix-segfault-when-event-parser-gets-an-error.patch
perf-tests-fix-track-with-sched_switch-test-for-hybrid-case.patch
dpaa2-eth-trace-the-allocated-address-instead-of-page-struct.patch
+fs-ntfs3-fix-using-uninitialized-value-n-when-calling-indx_read.patch
+fs-ntfs3-fix-null-deref-in-ntfs_update_mftmirr.patch
+fs-ntfs3-don-t-clear-upper-bits-accidentally-in-log_replay.patch
+fs-ntfs3-fix-double-free-on-remount.patch
+fs-ntfs3-do-not-change-mode-if-ntfs_set_ea-failed.patch
+fs-ntfs3-fix-missing-i_op-in-ntfs_read_mft.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
