From patchwork Mon May 15 10:39:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jingbo Xu X-Patchwork-Id: 94092 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp6825218vqo; Mon, 15 May 2023 03:55:52 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4AzM9QOlHshVJVbaAM3m24yk4YVn4rPCkdOTaVWIolvOVKjCFWcEvhnL0EIk4YDVl401xE X-Received: by 2002:a17:902:e550:b0:1a6:e564:6044 with SMTP id n16-20020a170902e55000b001a6e5646044mr43065267plf.7.1684148151653; Mon, 15 May 2023 03:55:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684148151; cv=none; d=google.com; s=arc-20160816; b=tt5cYxcmEpD5zASYSFK7Bj8aM7KffKvV5ZeaPnLpUgoH5IYWGxu0csYqoKZMayzKeY DZ7l8fZPUkgk0TlYTLhNPJoouHjsrMwatJH9HWsIobtH92D+RERdj4pEWdt6bTvxuhFP ScsSNg8K/GJ6smdI1QDZQGtTLSkyxWmr5nHbvnyt7L+uFuxwoQ7e+4eiD3eu3TiltjWT ZfGzf0c7XoYhntawTcy+Kq0twL8sWz0SjsGrJH3xQ4ISikquQVi8xOQBwdebjH/mYSA+ 2PU3eKGfw1aHVbnlzYGR97opQz8wToQ4A3DpgXA5mq0g3XocjkHIEEb/nVRkynhvvJwF enAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=ypN9WXIbAr+5qYxhadH0NaN/lwakvCj3MR+kvttO2t0=; b=tKhvGZyv65gP6ImKRI6B5hmzGbUaP1j6DpH97qjbPYiPwNVrocyr5yVWk4PfwnVaOS PuxKG8qoOzkVmtD0HG4qVAWMksY5+iBnqFANnGzKhVIINLZju8HLfGAeeeukTSkBE1VO /yA/ieJleys68++WDnvXKBfrYy++/VnRFLoEIxZJ1S/5LGf6sMTn82EhJZS67Qa+2U3A A6Vrz2yxcJbsTC6u7RD2oLU0HHXYVELC4OLTVYnTws1AWYaUuYQY/l3P+bQZnvc3TkHa yiOL/6rmjHqJ04OwRlWCc/KZIVADPYEIItTsGiN+EOWSAHq8WqXEnak7sCua4wRom+uq pqiQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l10-20020a17090270ca00b001a81e552dc7si14862313plt.637.2023.05.15.03.55.37; Mon, 15 May 2023 03:55:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240214AbjEOKkD (ORCPT + 99 others); Mon, 15 May 2023 06:40:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35198 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239746AbjEOKjr (ORCPT ); Mon, 15 May 2023 06:39:47 -0400 Received: from out30-101.freemail.mail.aliyun.com (out30-101.freemail.mail.aliyun.com [115.124.30.101]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B070619D for ; Mon, 15 May 2023 03:39:45 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R601e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046056;MF=jefflexu@linux.alibaba.com;NM=1;PH=DS;RN=5;SR=0;TI=SMTPD_---0Vigv17V_1684147181; Received: from localhost(mailfrom:jefflexu@linux.alibaba.com fp:SMTPD_---0Vigv17V_1684147181) by smtp.aliyun-inc.com; Mon, 15 May 2023 18:39:42 +0800 From: Jingbo Xu To: xiang@kernel.org, chao@kernel.org, huyue2@coolpad.com, linux-erofs@lists.ozlabs.org Cc: linux-kernel@vger.kernel.org Subject: [PATCH v2] erofs: fix null-ptr-deref caused by erofs_xattr_prefixes_init Date: Mon, 15 May 2023 18:39:41 +0800 Message-Id: <20230515103941.129784-1-jefflexu@linux.alibaba.com> X-Mailer: git-send-email 2.19.1.6.gb485710b MIME-Version: 1.0 X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY, USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1765957332003751552?= X-GMAIL-MSGID: =?utf-8?q?1765957332003751552?= Fragments and dedupe share one feature bit, and thus packed inode may not exist when fragment feature bit (dedupe feature bit exactly) is set, e.g. when deduplication feature is in use while fragments feature is not. In this case, sbi->packed_inode could be NULL while fragments feature bit is set. Fix this by accessing packed inode only when it exists. Reported-by: syzbot+902d5a9373ae8f748a94@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=902d5a9373ae8f748a94 Fixes: 9e382914617c ("erofs: add helpers to load long xattr name prefixes") Signed-off-by: Jingbo Xu Reviewed-by: Yue Hu Reviewed-by: Chao Yu --- v2: polish the commit message (Gao Xiang) --- fs/erofs/xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/erofs/xattr.c b/fs/erofs/xattr.c index cd80499351e0..bbfe7ce170d2 100644 --- a/fs/erofs/xattr.c +++ b/fs/erofs/xattr.c @@ -675,7 +675,7 @@ int erofs_xattr_prefixes_init(struct super_block *sb) if (!pfs) return -ENOMEM; - if (erofs_sb_has_fragments(sbi)) + if (sbi->packed_inode) buf.inode = sbi->packed_inode; else erofs_init_metabuf(&buf, sb);