From 3c315aab88335c3f27e30e3eabd2bc8128266da6 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 7 Jun 2022 13:10:48 +0200
Subject: [PATCH] 5.17-stable patches

added patches:
	fs-ntfs3-fix-invalid-free-in-log_replay.patch
---
 ...ntfs3-fix-invalid-free-in-log_replay.patch | 54 +++++++++++++++++++
 queue-5.17/series                             |  1 +
 2 files changed, 55 insertions(+)
 create mode 100644 queue-5.17/fs-ntfs3-fix-invalid-free-in-log_replay.patch

diff --git a/queue-5.17/fs-ntfs3-fix-invalid-free-in-log_replay.patch b/queue-5.17/fs-ntfs3-fix-invalid-free-in-log_replay.patch
new file mode 100644
index 00000000000..951a2214946
--- /dev/null
+++ b/queue-5.17/fs-ntfs3-fix-invalid-free-in-log_replay.patch
@@ -0,0 +1,54 @@
+From f26967b9f7a830e228bb13fb41bd516ddd9d789d Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Mon, 30 May 2022 18:43:01 +0300
+Subject: fs/ntfs3: Fix invalid free in log_replay
+
+From: Namjae Jeon <linkinjeon@kernel.org>
+
+commit f26967b9f7a830e228bb13fb41bd516ddd9d789d upstream.
+
+log_read_rst() returns ENOMEM error when there is not enough memory.
+In this case, if info is returned without initialization,
+it attempts to kfree the uninitialized info->r_page pointer. This patch
+moves the memset initialization code to before log_read_rst() is called.
+
+Reported-by: Gerald Lee <sundaywind2004@gmail.com>
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ntfs3/fslog.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/fs/ntfs3/fslog.c
++++ b/fs/ntfs3/fslog.c
+@@ -1185,8 +1185,6 @@ static int log_read_rst(struct ntfs_log
+ 	if (!r_page)
+ 		return -ENOMEM;
+ 
+-	memset(info, 0, sizeof(struct restart_info));
+-
+ 	/* Determine which restart area we are looking for. */
+ 	if (first) {
+ 		vbo = 0;
+@@ -3791,10 +3789,11 @@ int log_replay(struct ntfs_inode *ni, bo
+ 	if (!log)
+ 		return -ENOMEM;
+ 
++	memset(&rst_info, 0, sizeof(struct restart_info));
++
+ 	log->ni = ni;
+ 	log->l_size = l_size;
+ 	log->one_page_buf = kmalloc(page_size, GFP_NOFS);
+-
+ 	if (!log->one_page_buf) {
+ 		err = -ENOMEM;
+ 		goto out;
+@@ -3842,6 +3841,7 @@ int log_replay(struct ntfs_inode *ni, bo
+ 	if (rst_info.vbo)
+ 		goto check_restart_area;
+ 
++	memset(&rst_info2, 0, sizeof(struct restart_info));
+ 	err = log_read_rst(log, l_size, false, &rst_info2);
+ 
+ 	/* Determine which restart area to use. */
diff --git a/queue-5.17/series b/queue-5.17/series
index 51391e69490..5776ff1a6ca 100644
--- a/queue-5.17/series
+++ b/queue-5.17/series
@@ -766,3 +766,4 @@ mips-ip30-remove-incorrect-cpu_has_fpu-override.patch
 ext4-only-allow-test_dummy_encryption-when-supported.patch
 fs-add-two-trivial-lookup-helpers.patch
 exportfs-support-idmapped-mounts.patch
+fs-ntfs3-fix-invalid-free-in-log_replay.patch
-- 
2.47.3