From patchwork Mon Oct 24 11:28:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 8525 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp405895wru; Mon, 24 Oct 2022 04:57:52 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6Rf5Cj5mew8UShLi9jbx2kF9UuKe+PeEK1/tEMrMu1zQawGSPhf6TVEOCw+FpD6zne4AYT X-Received: by 2002:a17:902:c7c4:b0:186:5ebe:38e with SMTP id r4-20020a170902c7c400b001865ebe038emr24446339pla.33.1666612672493; Mon, 24 Oct 2022 04:57:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666612672; cv=none; d=google.com; s=arc-20160816; b=aFSvVtilq+DMY5AfNz0O0d+AmjeWMm+z1HNGudRRO4tulZ+K4HtBSr1hu3pEx/JdLL 3CeWg6XMcWGnfzg1EYxJmmRmstloVhS1BhjrO792jNthtHZb+9EL3VNOqM7wfTjhxBgm kKvBMMGVbPaOWeT128Qf/PkXFipqIEsKiBSZCS5nmsvzJWbVMsLgl5EStztbinxmG12J ioCXYAZ7YIf4WNn3nDkllTgBPFMyunnAjd8SNT+xhJucQT2NWle7Efcp2ySnJjcv4Hzl c9wELkI9SfB0bDIDkxeSsu31MbMqy/Zk0CnorTlS6qRFqzyn1WkSkmDmcc4LDxS9p3Jb QLmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=dp75aIKniN0n7zlVp/LfuBBKFip2G3YuLFUlMB2dRO8=; b=MCK/jmJ2movNd1NVeR68N86lnP/c8aM4IOehJPAjRxNsB86Hqrt9nJJHZUpVy3VkCx IF3Pj/YvpCbmoef1AYi+ivijyTXZpUB4CjpEzLReorfffl1uw2Z9CGJGUw5FmxcxbY2U l/AJ8DuUKOzuL44N7x8aCzrdeWZ701jB06cgNewj80cheUAiGHHYc3uFkoIVsAxA7pKs 4p8qOP6Br0AOu3s1HUbzfHn2+HiBTAqwwjhTK1k2rSfK1nnaRhm7+8qfH0ToLun01FpD WqWRQ4BENFXcRvYWXQb2GTOiBhO4eZ9SwXkXM+nBFG7DwTbO3B+BjvyOkiSHzhfWuPTo RX+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=EsVxHkRW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y2-20020a655282000000b00469e1f7dcbesi34579414pgp.603.2022.10.24.04.57.38; Mon, 24 Oct 2022 04:57:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=EsVxHkRW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232344AbiJXL5S (ORCPT + 99 others); Mon, 24 Oct 2022 07:57:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56174 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232152AbiJXLzg (ORCPT ); Mon, 24 Oct 2022 07:55:36 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B44C47B1DB; Mon, 24 Oct 2022 04:46:46 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 4714FB8119F; Mon, 24 Oct 2022 11:46:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 94C72C433C1; Mon, 24 Oct 2022 11:46:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666612003; bh=V3WpwRAWt5cAB2K6+gSEMiz3McF42UPgqUC/ragvIrw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EsVxHkRWNLKf4Tp3laRn7/Qv3BXOVSfc0c8BEkE89mTb1iOwXGSa4m9fEoJ0vgWva Zc7DWhgSDdanGp9k2NnkMVDfZlKw9pY7DPzjCZAxP051ijJ9taVdF5JO/cyiPzmo5x 7iF6M0qgSRfEk8CNSiIk8zOQJ7yaGWvrYY5MERLY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, ChenXiaoSong , Anton Altaparmakov , Andrew Morton Subject: [PATCH 4.14 005/210] ntfs: fix BUG_ON in ntfs_lookup_inode_by_name() Date: Mon, 24 Oct 2022 13:28:42 +0200 Message-Id: <20221024112957.026155074@linuxfoundation.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221024112956.797777597@linuxfoundation.org> References: <20221024112956.797777597@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747570049648531193?= X-GMAIL-MSGID: =?utf-8?q?1747570049648531193?= From: ChenXiaoSong commit 1b513f613731e2afc05550e8070d79fac80c661e upstream. Syzkaller reported BUG_ON as follows: ------------[ cut here ]------------ kernel BUG at fs/ntfs/dir.c:86! invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 PID: 758 Comm: a.out Not tainted 5.19.0-next-20220808 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:ntfs_lookup_inode_by_name+0xd11/0x2d10 Code: ff e9 b9 01 00 00 e8 1e fe d6 fe 48 8b 7d 98 49 8d 5d 07 e8 91 85 29 ff 48 c7 45 98 00 00 00 00 e9 5a fb ff ff e8 ff fd d6 fe <0f> 0b e8 f8 fd d6 fe 0f 0b e8 f1 fd d6 fe 48 8b b5 50 ff ff ff 4c RSP: 0018:ffff888079607978 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000008000 RCX: 0000000000000000 RDX: ffff88807cf10000 RSI: ffffffff82a4a081 RDI: 0000000000000003 RBP: ffff888079607a70 R08: 0000000000000001 R09: ffff88807a6d01d7 R10: ffffed100f4da03a R11: 0000000000000000 R12: ffff88800f0fb110 R13: ffff88800f0ee000 R14: ffff88800f0fb000 R15: 0000000000000001 FS: 00007f33b63c7540(0000) GS:ffff888108580000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f33b635c090 CR3: 000000000f39e005 CR4: 0000000000770ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: load_system_files+0x1f7f/0x3620 ntfs_fill_super+0xa01/0x1be0 mount_bdev+0x36a/0x440 ntfs_mount+0x3a/0x50 legacy_get_tree+0xfb/0x210 vfs_get_tree+0x8f/0x2f0 do_new_mount+0x30a/0x760 path_mount+0x4de/0x1880 __x64_sys_mount+0x2b3/0x340 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f33b62ff9ea Code: 48 8b 0d a9 f4 0b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 76 f4 0b 00 f7 d8 64 89 01 48 RSP: 002b:00007ffd0c471aa8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f33b62ff9ea RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd0c471be0 RBP: 00007ffd0c471c60 R08: 00007ffd0c471ae0 R09: 00007ffd0c471c24 R10: 0000000000000000 R11: 0000000000000202 R12: 000055bac5afc160 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: ---[ end trace 0000000000000000 ]--- Fix this by adding sanity check on extended system files' directory inode to ensure that it is directory, just like ntfs_extend_init() when mounting ntfs3. Link: https://lkml.kernel.org/r/20220809064730.2316892-1-chenxiaosong2@huawei.com Signed-off-by: ChenXiaoSong Cc: Anton Altaparmakov Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman --- fs/ntfs/super.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/fs/ntfs/super.c +++ b/fs/ntfs/super.c @@ -2106,7 +2106,8 @@ get_ctx_vol_failed: // TODO: Initialize security. /* Get the extended system files' directory inode. */ vol->extend_ino = ntfs_iget(sb, FILE_Extend); - if (IS_ERR(vol->extend_ino) || is_bad_inode(vol->extend_ino)) { + if (IS_ERR(vol->extend_ino) || is_bad_inode(vol->extend_ino) || + !S_ISDIR(vol->extend_ino->i_mode)) { if (!IS_ERR(vol->extend_ino)) iput(vol->extend_ino); ntfs_error(sb, "Failed to load $Extend.");