From ae288387e6352dbd8201aa0ac73189f1cfeeaed0 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 16 Jul 2024 15:15:31 +0200 Subject: [PATCH] 6.9-stable patches added patches: ext4-avoid-ptr-null-pointer-dereference.patch --- ...4-avoid-ptr-null-pointer-dereference.patch | 35 +++++++++++++++++++ queue-6.9/series | 1 + 2 files changed, 36 insertions(+) create mode 100644 queue-6.9/ext4-avoid-ptr-null-pointer-dereference.patch diff --git a/queue-6.9/ext4-avoid-ptr-null-pointer-dereference.patch b/queue-6.9/ext4-avoid-ptr-null-pointer-dereference.patch new file mode 100644 index 00000000000..da060007797 --- /dev/null +++ b/queue-6.9/ext4-avoid-ptr-null-pointer-dereference.patch @@ -0,0 +1,35 @@ +From libaokun@huaweicloud.com Tue Jul 16 15:13:28 2024 +From: libaokun@huaweicloud.com +Date: Tue, 16 Jul 2024 17:29:29 +0800 +Subject: ext4: avoid ptr null pointer dereference +To: stable@vger.kernel.org, gregkh@linuxfoundation.org +Cc: sashal@kernel.org, tytso@mit.edu, jack@suse.cz, patches@lists.linux.dev, yi.zhang@huawei.com, yangerkun@huawei.com, libaokun@huaweicloud.com, Baokun Li +Message-ID: <20240716092929.864207-1-libaokun@huaweicloud.com> + +From: Baokun Li + +When commit 13df4d44a3aa ("ext4: fix slab-out-of-bounds in +ext4_mb_find_good_group_avg_frag_lists()") was backported to stable, the +commit f536808adcc3 ("ext4: refactor out ext4_generic_attr_store()") that +uniformly determines if the ptr is null is not merged in, so it needs to +be judged whether ptr is null or not in each case of the switch, otherwise +null pointer dereferencing may occur. + +Fixes: b829687ae122 ("ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()") +Signed-off-by: Baokun Li +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/sysfs.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/ext4/sysfs.c ++++ b/fs/ext4/sysfs.c +@@ -473,6 +473,8 @@ static ssize_t ext4_attr_store(struct ko + *((unsigned int *) ptr) = t; + return len; + case attr_clusters_in_group: ++ if (!ptr) ++ return 0; + ret = kstrtouint(skip_spaces(buf), 0, &t); + if (ret) + return ret; diff --git a/queue-6.9/series b/queue-6.9/series index 7176761601f..91d3d11bcaa 100644 --- a/queue-6.9/series +++ b/queue-6.9/series @@ -131,3 +131,4 @@ mm-readahead-limit-page-cache-size-in-page_cache_ra_order.patch mm-shmem-disable-pmd-sized-page-cache-if-needed.patch mm-damon-core-merge-regions-aggressively-when-max_nr_regions-is-unmet.patch revert-dt-bindings-cache-qcom-llcc-correct-qdu1000-reg-entries.patch +ext4-avoid-ptr-null-pointer-dereference.patch -- 2.47.3