From patchwork Wed Jan  3 12:40:13 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Edward Adam Davis <eadavis@qq.com>
X-Patchwork-Id: 184731
Return-Path: <linux-kernel+bounces-15522-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:6f82:b0:100:9c79:88ff with SMTP id
 tb2csp4992601dyb;
        Wed, 3 Jan 2024 04:40:44 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IHvcGChyXVz2wn8uy0ziA7nM+OIkXAuyZyZhudkfMO5/vZF7OsNmaSdbJYzEYLQGblxtJKn
X-Received: by 2002:a05:6a20:7345:b0:197:4ee1:e8da with SMTP id
 v5-20020a056a20734500b001974ee1e8damr2070245pzc.15.1704285644488;
        Wed, 03 Jan 2024 04:40:44 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1704285644; cv=none;
        d=google.com; s=arc-20160816;
        b=nNPFh1AhOfNswmJ8rXFtPreYvMeQi93l88l4lQhlpFnxd9VVXdNhGA5Z5rRTSLPkXs
         L2nOuhIY3yDwYizQ3b2MvtSXe+kKdzWmtUm++t0TgcCVxXnb0MSYKfpMpgI0XElFSSgg
         ioDfxxVqM++DsDZc+4PqFysbt/xRDKOlSytlWtFut8pOJd6V3A0QAqeencp+BiXjQW3Q
         FemhvpNGtTIgpmirZZ5LG6AmmDdGWZhAoT5ls23TFpV5VM4sb6JOpZcIiD14Gs7GuYLW
         j3F8ceqk65bYwFT/24Jgg2ZJYzPdkRvfhB2g3y/t25Gld/SmgDLnPgFwsGjdXnHJJOqg
         +cng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:date
         :subject:cc:to:from:message-id:dkim-signature;
        bh=c5fu1A1ImJUvOCFks4wnS2EUsKt4lP/tQqjI0lBUL38=;
        fh=Bi0NNNmIEi38maxoreXKKzTqnU3sFgHmF+ug15tAe24=;
        b=Y2M3ZvkTAaEqI+hZZZHV47gzDkybfI1BSJfEoan9zV5ZDvXq7mmmwWbsV8WFVfjAFq
         InO+VWkRGNevHnWGyPZk+EOwjymdtsVEz3PzMI2N4mPvKLmjx0WPJwYYiuKg6P6AGuJJ
         Gh3sqQGH0mofL45t91F31n0PD7nn77UQR3pM6yPZMfMdihsANnHS5yFhnlWnJDI1Mx2Y
         j6YqTi1jm/m+E8MFPlahlrAQArvQCsa9Gq5AniKLhUSbyQUdxIv9vPI7bm9i1th/S4aq
         sY5fQ0wNf6M7WJHl68xBjUegHF6cJNIz1eB6eIeajeruA2DBK5esQsnHcl6uUYfU2MFd
         +zyw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=h8eQMLFb;
       spf=pass (google.com: domain of
 linux-kernel+bounces-15522-ouuuleilei=gmail.com@vger.kernel.org designates
 2604:1380:45e3:2400::1 as permitted sender)
 smtp.mailfrom="linux-kernel+bounces-15522-ouuuleilei=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org.
 [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id
 g21-20020a056a0023d500b006d9bcfe85b7si15637037pfc.381.2024.01.03.04.40.44
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 03 Jan 2024 04:40:44 -0800 (PST)
Received-SPF: pass (google.com: domain of
 linux-kernel+bounces-15522-ouuuleilei=gmail.com@vger.kernel.org designates
 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=h8eQMLFb;
       spf=pass (google.com: domain of
 linux-kernel+bounces-15522-ouuuleilei=gmail.com@vger.kernel.org designates
 2604:1380:45e3:2400::1 as permitted sender)
 smtp.mailfrom="linux-kernel+bounces-15522-ouuuleilei=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 46B45281CC2
	for <ouuuleilei@gmail.com>; Wed,  3 Jan 2024 12:40:44 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id BAEB219BB8;
	Wed,  3 Jan 2024 12:40:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="h8eQMLFb"
X-Original-To: linux-kernel@vger.kernel.org
Received: from out203-205-221-153.mail.qq.com (out203-205-221-153.mail.qq.com
 [203.205.221.153])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 73791199A2;
	Wed,  3 Jan 2024 12:40:17 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=qq.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=qq.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512;
	t=1704285615; bh=c5fu1A1ImJUvOCFks4wnS2EUsKt4lP/tQqjI0lBUL38=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=h8eQMLFbbnJWbhhfMx4EuUzIrCVnw5TcxGwTKW6qfiHAUhzMrIzCWHtIVGiuBQXkc
	 8QFJgZw+6cNzj/JwoZQ1+XaCT7OHi9lqe+rCSW1gflC+Rc4nGLpvt37Zz6Wtb7OjV0
	 7DjWorHb9k7I7W5yg4aTc7lLl03C6+pVohxNe7AQ=
Received: from pek-lxu-l1.wrs.com ([111.198.225.215])
	by newxmesmtplogicsvrsza10-0.qq.com (NewEsmtp) with SMTP
	id A0D1B6CA; Wed, 03 Jan 2024 20:40:13 +0800
X-QQ-mid: xmsmtpt1704285613tf9xk87nb
Message-ID: <tencent_364B28745976AD66CC3D7137029706364609@qq.com>
X-QQ-XMAILINFO: NY3HYYTs4gYSjGGl4pI81D+9aPPG4Pl6XKvRN2GgZe65xh/KrLRQFrwo9ipoS5
	 rcpgrV+ZnEYvIwaDDEQrTLgumXGp8mIzoX574PfCtSOz4bYCvGZX2ujoTNIx8cIKpACwrwCDdI2O
	 dP0dK5u6RGeKrk6x0QGeGfou49RKH5P0Gf9arHXmm5P86KbtFkcHbsGow2GCMMqMBNPKgQjBF3Wx
	 P7BYqXgCRfX32nxTE/EgeGnFu6h1kWmY86pwZ0FTb8PkRxS/ZeTz+y6DVSZcbX0Xzyg36SclpYdl
	 c6Kti6PjAJFiT9z5zJIpRWmUJcyv+XoOPBQhvAGxZrlq78uCTlCBvb497ek1y4XMusZ2i0hMl1Ug
	 XtGeAB1uF6oUOhSf3iIIlKQV/06li6rw4UWx+RW2mxHooQpPSL1LB+59MK1viv75fn+0pR2lCN0X
	 H65pDupLP2a0+osRu7Nr2mlZWus1RyyGQATnuFWUqQDTscJVz3qjXsNXTwHR7O3vqqAQ95+HVG/H
	 V8bHLb6T2NE1IESyeols2O7ev8jKI9Ou4jMhKtPA3kgjuBmd9rtTdVHRznPsd8m6AzXokT6w3Q95
	 3l3Ttbvp2/aHzoHWHXupZBqJN3oUkZlVATLgWNsGO55sKl9+PXpiv0IVpw0C955rvQ9Zp2+5PZds
	 xXxBZsbvpFH60iRWuP/JDwCqXdlXIo4czkIf6B9L6sC4+13gNmdZuTf2z9uZmfQ0VwGJuth0bJaI
	 yowE4SXUxe5OOVnpKwwZGgzC/+DyEBUss/iOxAbFuVop8UAxjLcGtTquw5qnSicCmUCwzU/OHiLe
	 BOovfhFzrjS03rmHyK8RhNyd4CPaHEQxuQ7DctdhbYMn3VXcU+fvM2rOQvTU8Y9QCyKB7ZJ7/J2u
	 uiSyciYzoruBpDmB7rPixmz4cg6jPNUQ+SXA+Ge4tLRTPfGOfg55yfcgUtT5Hp0l4mvfpOwVCN
X-QQ-XMRINFO: OD9hHCdaPRBwq3WW+NvGbIU=
From: Edward Adam Davis <eadavis@qq.com>
To: syzbot+74dce9511a59ad67a492@syzkaller.appspotmail.com
Cc: linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	reiserfs-devel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: [PATCH] reiserfs: fix null ptr deref in reiserfs_xattr_set
Date: Wed,  3 Jan 2024 20:40:13 +0800
X-OQ-MSGID: <20240103124012.2765090-2-eadavis@qq.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <0000000000009d4b80060df41cf8@google.com>
References: <0000000000009d4b80060df41cf8@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1787073023923123278
X-GMAIL-MSGID: 1787073023923123278

Before performing any xattr settings, it is necessary to first confirm that both
xattr_root and priv_root are valid.

Reported-and-tested-by: syzbot+74dce9511a59ad67a492@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com
---
 fs/reiserfs/xattr.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c
index 998035a6388e..00fd8f747394 100644
--- a/fs/reiserfs/xattr.c
+++ b/fs/reiserfs/xattr.c
@@ -618,6 +618,9 @@ int reiserfs_xattr_set(struct inode *inode, const char *name,
 	int error, error2;
 	size_t jbegin_count = reiserfs_xattr_nblocks(inode, buffer_size);
 
+	if (!reiserfs_xattrs_initialized(inode->i_sb))
+		return -EOPNOTSUPP;
+
 	/* Check before we start a transaction and then do nothing. */
 	if (!d_really_is_positive(REISERFS_SB(inode->i_sb)->priv_root))
 		return -EOPNOTSUPP;