| Message ID | tencent_2975FB767367603CED3622962437524A8C09@qq.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-49931-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:9bc1:b0:106:209c:c626 with SMTP id op1csp466283dyc;
Fri, 2 Feb 2024 06:31:48 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IEBNUPmUhXj4nGn/jLP02HQzx6lRq695k7GHQ2gMlbA7VroodTiRgSiVKMZrNA9VS4y3soP
X-Received: by 2002:a05:6a21:3984:b0:19e:3fce:c36 with SMTP id
ad4-20020a056a21398400b0019e3fce0c36mr6124291pzc.3.1706884307820;
Fri, 02 Feb 2024 06:31:47 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1706884307; cv=pass;
d=google.com; s=arc-20160816;
b=ZlSbirNeoi16W+OAlRz1ZHfyijFb4BJ036Mr9+wO96I2QrcWG0FoKJZNr4Z4WZYpPt
QMpcj9iMt7epXj4J2MLwQoyozCCtLGqIh6BXhxIQsrgcuzv4R9kB3EGOVzJdIQ/55p6p
lBMjuTiJW0nFpGMWzR0ApZm/FojPhFz3XmtdvM7YIynPCk6a2TmJkhOQDHhKWn5MoOFx
ql+zqOz/rCQ3MQcHfzc8+9w6NcKQmKBgOFLGNPAyhXd/DdVSkVOkvWLEYp2JBk6Lz4qp
rWI9bho3Z0DsVOVCmK1sCSMZXf/WptoDleTrqMVOhHC/sKNnTQW8RRZhdqz8W8v05XO3
41RA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-transfer-encoding:mime-version:list-unsubscribe
:list-subscribe:list-id:precedence:references:in-reply-to:date
:subject:cc:to:from:message-id:dkim-signature;
bh=utGP6OZSBLpmJu+9Td/7txs00XIiQw4x9gVWwrER68U=;
fh=bP8UeJfbihRBtyFLJBiSwk/G80TypoXxA+DxRzmaShI=;
b=SbwQjxWKRlDy5ulAc/Yk0r2ODSuERegx55AmrVQyTLkdcWnMpHEwzxslGH4r6RgFun
ZeYs3iU87kKzD8qkdLrDfbCspjFqAh4oand7ihv7e5vAJt2ogHWTDFEWQXxa2yxDqOML
pAylt4mvEuPDHsMJ3TCGSKrsycxUnHo5vy24RsucbTE5gU+Y2abJ85YHShqv007VW5mk
b/UI5a3eOnvEzYOzZQjTDH0fmWufH5qk6GSiie7EjDWY4N8SsV2HIhWTDELMJR/eHNmI
VRsMipIHdhHqwmQqmi0fLtZvmxaCcMeP1Rf4oZ7hJrADWqCdDwW2GIOvTmty/I69R9TS
SL0A==;
dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@qq.com header.s=s201512 header.b=HlGjcscK;
arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com
dmarc=pass fromdomain=qq.com);
spf=pass (google.com: domain of
linux-kernel+bounces-49931-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.48.161 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-49931-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
X-Forwarded-Encrypted: i=1;
AJvYcCU3Xq1ptWXQDKvxun7NVhxeFHT8h13SwvcK6O9cjZmE5xE7YeYRmZE0QfyRYtzM1F3hYyx0xHzWawLd/irkhipNgjj9ag==
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161])
by mx.google.com with ESMTPS id
z17-20020a656111000000b005d4fdff9a2csi1680825pgu.328.2024.02.02.06.31.47
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 02 Feb 2024 06:31:47 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-49931-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.48.161 as permitted sender) client-ip=147.75.48.161;
Authentication-Results: mx.google.com;
dkim=pass header.i=@qq.com header.s=s201512 header.b=HlGjcscK;
arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com
dmarc=pass fromdomain=qq.com);
spf=pass (google.com: domain of
linux-kernel+bounces-49931-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.48.161 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-49931-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by sy.mirrors.kernel.org (Postfix) with ESMTPS id 4EA9BB24ADE
for <ouuuleilei@gmail.com>; Fri, 2 Feb 2024 14:15:16 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id 4F4BF144625;
Fri, 2 Feb 2024 14:15:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="HlGjcscK"
Received: from out162-62-57-49.mail.qq.com (out162-62-57-49.mail.qq.com
[162.62.57.49])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7546F17C77;
Fri, 2 Feb 2024 14:14:53 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=162.62.57.49
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1706883297; cv=none;
b=Ak6TI6CSRC7JjWHDj5qfR5nOOmnirlNDwHadeZ8mVhD96kf+opWA+G9fi+V2+RKS4T0MBChKbZH6WycuiqJ8pioSquURU7D0VAr6otCJbwt0WnG0dnl/wiytHyoTLG8CU4Zsi/ykU9YGphlz7d94hJyHw18OSKeOjhoRSbKsYeY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1706883297; c=relaxed/simple;
bh=BJQfplmaSyBDDhVs/RstyS/GWbcJ/Hf09yPAoLpwVRQ=;
h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References:
MIME-Version;
b=hSNlps2iV6sMIorJIg76+Cda7YLqnUUHalaW3lj6LpkG0e+6wngrxItdsVKgrUgW+HcJonBceLz4UF1Rq8LBhqv0GZzNzWWEljNz2TNJ8CYPmfsMfseNgjYLRLfNHA2nId7GvnpAfKDmsV5RJI+v8JabmcYB9SVG0z9jX3oJA+0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=qq.com;
spf=pass smtp.mailfrom=qq.com;
dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=HlGjcscK;
arc=none smtp.client-ip=162.62.57.49
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=qq.com
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=qq.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512;
t=1706882984; bh=utGP6OZSBLpmJu+9Td/7txs00XIiQw4x9gVWwrER68U=;
h=From:To:Cc:Subject:Date:In-Reply-To:References;
b=HlGjcscKpYIaUpYlkJdx1tCd4V3OAU8gBztf1fOCEJVuYsxtENrCrgHUPuyr+KVeB
2uMrmS3gA3miH3DWBn9RjgmlLQdZQNxdmN/NUSiFCfGpI6keBEW5KhgEaqnyfV8nOi
JRB134zXODyPzGo49nTXl3yoXG+0tJ1wLF32M+hU=
Received: from pek-lxu-l1.wrs.com ([111.198.228.140])
by newxmesmtplogicsvrsza1-0.qq.com (NewEsmtp) with SMTP
id D329E61; Fri, 02 Feb 2024 22:03:19 +0800
X-QQ-mid: xmsmtpt1706882599tcbkviljv
Message-ID: <tencent_2975FB767367603CED3622962437524A8C09@qq.com>
X-QQ-XMAILINFO: NyTsQ4JOu2J2VwOlPHaW7j2tsaSYtv5nx4xX96Q8K3YFvj37RAaq+YBf17GGzv
ArWxQSrW//mfyCBLhKljL6oRifpo4iGAx8GJ/Bea5/efYq0zN4jXPfZsSyxeFzr7xqc98q7KOh2E
JfG6AWuktRJq8mIlhX6jVhtE3VuMLnq8FEAKm7q+65dvDwLAQVoRh1xAq52WRbgJFFoQ/32YlcD6
eJGFtNUJ7B4WMD2ESJSn9ifhCHkuB22E5pm2jmS19XBqcDyq9ZGK4hZ1W8xhdwWabgYXcvwR0qSZ
W57mVLGvJ5/ub9VBlvex/ONfMZ53lJl/w0NdRaur+SERaZ5J3P7MSKu73wqh0UCECZJnPf8vgfUD
LnGg+VnpYeZyIXsGjrDjbfwouY+A5p/Fh8g7UK3szkmFdwKiAYLo2waBt6ALnY/WwFevedbzPIUX
z8EHR+ADf3DrbkmXf6H51uoiu0z2mH4CA+/SjVpLQGsDqmR1OfATo0WfX70lyo4YluhwXpFUeTry
40uq6W8XD0vzTw2JnFiTKEn9Bna/CL2GpqMHL5HKZWFMX9tjXKUq7RHhU+2LNs73HOTCK6s6Mcut
3BhElnjH9JPhFPOMKJN3YxHkD/fAbyAB3JMg6XE8+N7i6iHxw+ei6MpsoW51Ct+8PD+dVeH6efdU
NmJtJb+UxiQMPyCcnAcNPCN7v8rFwZ8YPGmTbTwCU+bpA/SM2qdw+Qpryif0X2IcIDs54Vhlhwr+
F3f1i+0LqiAzzVV8t5K3f8tiMvrG5VqdREWgwzI/7mxQZ8sHTHxgkWOEaRTIgfrNA8wgR9I0CPWj
Shi2zr51gKhzx8E2Gaw2IMoLSEmEzuzX+LtAePqOQAI7Gur5m0V1QVIuYztVnNEPBB3F07XUOuBP
DLA7Bs2cTpxPFOlOpur+IfFcTsqOPQ94sNawXvT70qIIuuV+0igsmTTlupsGk1j0xs+lFnWr4i
X-QQ-XMRINFO: OD9hHCdaPRBwq3WW+NvGbIU=
From: Edward Adam Davis <eadavis@qq.com>
To: syzbot+a4c1a7875b2babd9e359@syzkaller.appspotmail.com
Cc: dhowells@redhat.com,
jlayton@kernel.org,
linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org,
netfs@lists.linux.dev,
syzkaller-bugs@googlegroups.com
Subject: [PATCH next] fs/9p: fix uaf in in __fscache_relinquish_cookie
Date: Fri, 2 Feb 2024 22:03:19 +0800
X-OQ-MSGID: <20240202140318.4147829-2-eadavis@qq.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <0000000000007e7a63061062fcd9@google.com>
References: <0000000000007e7a63061062fcd9@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1789797919817346455
X-GMAIL-MSGID: 1789797919817346455
|
| Series |
[next] fs/9p: fix uaf in in __fscache_relinquish_cookie
|
|
Commit Message
Edward Adam Davis
Feb. 2, 2024, 2:03 p.m. UTC
In v9fs_fid_get_dotl(), if p9_client_getattr_dotl() or v9fs_init_inode() fails,
the cookie will not be properly initialized and will result in accessing improperly
allocated cookies.
When the cookie is not initialized, exit the subsequent cookie recycling process
to avoid this issue.
Reported-and-tested-by: syzbot+a4c1a7875b2babd9e359@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
---
fs/9p/vfs_inode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c index 360a5304ec03..d27b7ecf7163 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c @@ -353,7 +353,8 @@ void v9fs_evict_inode(struct inode *inode) filemap_fdatawrite(&inode->i_data); #ifdef CONFIG_9P_FSCACHE - fscache_relinquish_cookie(v9fs_inode_cookie(v9inode), false); + if (mapping_release_always(inode->i_mapping)) + fscache_relinquish_cookie(v9fs_inode_cookie(v9inode), false); #endif }