mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-23 20:24:12 +08:00
1f9b94af92
Upon investigation of the C reproducer provided by Syzbot, it seemed the reproducer was trying to mount a corrupted NTFS filesystem, then issue a rename syscall to some nodes in the filesystem. This can be shown by modifying the reproducer to only include the mount syscall, and investigating the filesystem by e.g. `ls` and `rm` commands. As a result, during the problematic call to `hdr_fine_e`, the `inode` being supplied did not go through `indx_init`, hence the `cmp` function pointer was never set. The fix is simply to check whether `cmp` is not set, and return NULL if that's the case, in order to be consistent with other error scenarios of the `hdr_find_e` method. The rationale behind this patch is that: - We should prevent crashing the kernel even if the mounted filesystem is corrupted. Any syscalls made on the filesystem could return invalid, but the kernel should be able to sustain these calls. - Only very specific corruption would lead to this bug, so it would be a pretty rare case in actual usage anyways. Therefore, introducing a check to specifically protect against this bug seems appropriate. Because of its rarity, an `unlikely` clause is used to wrap around this nullity check. Reported-by: syzbot+60cf892fc31d1f4358fc@syzkaller.appspotmail.com Signed-off-by: Ziqi Zhao <astrajoan@yahoo.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> |
||
|---|---|---|
| .. | ||
| lib | ||
| attrib.c | ||
| attrlist.c | ||
| bitfunc.c | ||
| bitmap.c | ||
| debug.h | ||
| dir.c | ||
| file.c | ||
| frecord.c | ||
| fslog.c | ||
| fsntfs.c | ||
| index.c | ||
| inode.c | ||
| Kconfig | ||
| lznt.c | ||
| Makefile | ||
| namei.c | ||
| ntfs_fs.h | ||
| ntfs.h | ||
| record.c | ||
| run.c | ||
| super.c | ||
| upcase.c | ||
| xattr.c | ||