git.ipfire.org Git - thirdparty/kernel/stable.git/commit

hfsplus: Verify inode mode when loading from disk

[ Upstream commit 005d4b0d33f6b4a23d382b7930f7a96b95b01f39 ]

syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when
the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted.

According to [1], the permissions field was treated as reserved in Mac OS
8 and 9. According to [2], the reserved field was explicitly initialized
with 0, and that field must remain 0 as long as reserved. Therefore, when
the "mode" field is not 0 (i.e. no longer reserved), the file must be
S_IFDIR if dir == 1, and the file must be one of S_IFREG/S_IFLNK/S_IFCHR/
S_IFBLK/S_IFIFO/S_IFSOCK if dir == 0.

Reported-by: syzbot <syzbot+895c23f6917da440ed0d@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=895c23f6917da440ed0d
Link: https://developer.apple.com/library/archive/technotes/tn/tn1150.html#HFSPlusPermissions
Link: https://developer.apple.com/library/archive/technotes/tn/tn1150.html#ReservedAndPadFields
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Viacheslav Dubeyko <slava@dubeyko.com>
Signed-off-by: Viacheslav Dubeyko <slava@dubeyko.com>
Link: https://lore.kernel.org/r/04ded9f9-73fb-496c-bfa5-89c4f5d1d7bb@I-love.SAKURA.ne.jp
Signed-off-by: Viacheslav Dubeyko <slava@dubeyko.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
	Sat, 15 Nov 2025 09:18:54 +0000 (18:18 +0900)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 19 Jan 2026 12:09:42 +0000 (13:09 +0100)
commit	d92333c7a35856e419500e7eed72dac1afa404a5
tree	cbf92615bdff113cbcd5777665caa6c954c0bf9a	tree \| snapshot
parent	39e149d58ef4d7883cbf87448d39d51292fd342d	commit \| diff