iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Edward Lo c9db0ff046
fs/ntfs3: Return error for inconsistent extended attributes 
ntfs_read_ea is called when we want to read extended attributes. There
are some sanity checks for the validity of the EAs. However, it fails to
return a proper error code for the inconsistent attributes, which might
lead to unpredicted memory accesses after return.

[  138.916927] BUG: KASAN: use-after-free in ntfs_set_ea+0x453/0xbf0
[  138.923876] Write of size 4 at addr ffff88800205cfac by task poc/199
[  138.931132]
[  138.933016] CPU: 0 PID: 199 Comm: poc Not tainted 6.2.0-rc1+ #4
[  138.938070] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
[  138.947327] Call Trace:
[  138.949557]  <TASK>
[  138.951539]  dump_stack_lvl+0x4d/0x67
[  138.956834]  print_report+0x16f/0x4a6
[  138.960798]  ? ntfs_set_ea+0x453/0xbf0
[  138.964437]  ? kasan_complete_mode_report_info+0x7d/0x200
[  138.969793]  ? ntfs_set_ea+0x453/0xbf0
[  138.973523]  kasan_report+0xb8/0x140
[  138.976740]  ? ntfs_set_ea+0x453/0xbf0
[  138.980578]  __asan_store4+0x76/0xa0
[  138.984669]  ntfs_set_ea+0x453/0xbf0
[  138.988115]  ? __pfx_ntfs_set_ea+0x10/0x10
[  138.993390]  ? kernel_text_address+0xd3/0xe0
[  138.998270]  ? __kernel_text_address+0x16/0x50
[  139.002121]  ? unwind_get_return_address+0x3e/0x60
[  139.005659]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  139.010177]  ? arch_stack_walk+0xa2/0x100
[  139.013657]  ? filter_irq_stacks+0x27/0x80
[  139.017018]  ntfs_setxattr+0x405/0x440
[  139.022151]  ? __pfx_ntfs_setxattr+0x10/0x10
[  139.026569]  ? kvmalloc_node+0x2d/0x120
[  139.030329]  ? kasan_save_stack+0x41/0x60
[  139.033883]  ? kasan_save_stack+0x2a/0x60
[  139.037338]  ? kasan_set_track+0x29/0x40
[  139.040163]  ? kasan_save_alloc_info+0x1f/0x30
[  139.043588]  ? __kasan_kmalloc+0x8b/0xa0
[  139.047255]  ? __kmalloc_node+0x68/0x150
[  139.051264]  ? kvmalloc_node+0x2d/0x120
[  139.055301]  ? vmemdup_user+0x2b/0xa0
[  139.058584]  __vfs_setxattr+0x121/0x170
[  139.062617]  ? __pfx___vfs_setxattr+0x10/0x10
[  139.066282]  __vfs_setxattr_noperm+0x97/0x300
[  139.070061]  __vfs_setxattr_locked+0x145/0x170
[  139.073580]  vfs_setxattr+0x137/0x2a0
[  139.076641]  ? __pfx_vfs_setxattr+0x10/0x10
[  139.080223]  ? __kasan_check_write+0x18/0x20
[  139.084234]  do_setxattr+0xce/0x150
[  139.087768]  setxattr+0x126/0x140
[  139.091250]  ? __pfx_setxattr+0x10/0x10
[  139.094948]  ? __virt_addr_valid+0xcb/0x140
[  139.097838]  ? __call_rcu_common.constprop.0+0x1c7/0x330
[  139.102688]  ? debug_smp_processor_id+0x1b/0x30
[  139.105985]  ? kasan_quarantine_put+0x5b/0x190
[  139.109980]  ? putname+0x84/0xa0
[  139.113886]  ? __kasan_slab_free+0x11e/0x1b0
[  139.117961]  ? putname+0x84/0xa0
[  139.121316]  ? preempt_count_sub+0x1c/0xd0
[  139.124427]  ? __mnt_want_write+0xae/0x100
[  139.127836]  ? mnt_want_write+0x8f/0x150
[  139.130954]  path_setxattr+0x164/0x180
[  139.133998]  ? __pfx_path_setxattr+0x10/0x10
[  139.137853]  ? __pfx_ksys_pwrite64+0x10/0x10
[  139.141299]  ? debug_smp_processor_id+0x1b/0x30
[  139.145714]  ? fpregs_assert_state_consistent+0x6b/0x80
[  139.150796]  __x64_sys_setxattr+0x71/0x90
[  139.155407]  do_syscall_64+0x3f/0x90
[  139.159035]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  139.163843] RIP: 0033:0x7f108cae4469
[  139.166481] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 088
[  139.183764] RSP: 002b:00007fff87588388 EFLAGS: 00000286 ORIG_RAX: 00000000000000bc
[  139.190657] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f108cae4469
[  139.196586] RDX: 00007fff875883b0 RSI: 00007fff875883d1 RDI: 00007fff875883b6
[  139.201716] RBP: 00007fff8758c530 R08: 0000000000000001 R09: 00007fff8758c618
[  139.207940] R10: 0000000000000006 R11: 0000000000000286 R12: 00000000004004c0
[  139.214007] R13: 00007fff8758c610 R14: 0000000000000000 R15: 0000000000000000

Signed-off-by: Edward Lo <loyuantsung@gmail.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
2023-07-03 00:21:22 +04:00
..
9p
Including fixes from netfilter.
2023-05-05 19:12:01 -07:00
adfs
fs: port ->setattr() to pass mnt_idmap
2023-01-19 09:24:02 +01:00
affs
for-6.3/dio-2023-02-16
2023-02-20 14:10:36 -08:00
afs
afs: Fix waiting for writeback then skipping folio
2023-06-19 14:30:58 +01:00
autofs
fs: port ->permission() to pass mnt_idmap
2023-01-19 09:24:28 +01:00
befs
befs: Convert befs_symlink_read_folio() to use a folio
2022-08-02 12:34:03 -04:00
bfs
fs: port inode_init_owner() to mnt_idmap
2023-01-19 09:24:28 +01:00
btrfs
for-6.4-rc7-tag
2023-06-23 16:09:53 -07:00
cachefiles
fs/cachefiles: simplify one-level sysctl registration for cachefiles_sysctls
2023-04-13 11:49:35 -07:00
ceph
ceph: fix use-after-free bug for inodes when flushing capsnaps
2023-06-08 08:56:25 +02:00
coda
sysctl-6.4-rc1
2023-04-27 16:52:33 -07:00
configfs
fs: consolidate duplicate dt_type helpers
2023-04-03 09:23:54 +02:00
cramfs
fs/cramfs/inode.c: initialize file_ra_state
2023-03-02 21:54:23 -08:00
crypto
fscrypt: optimize fscrypt_initialize()
2023-04-06 11:16:39 -07:00
debugfs
ARM: SoC drivers for 6.3
2023-02-27 10:04:49 -08:00
devpts
devpts: simplify two-level sysctl registration for pty_kern_table
2023-03-13 12:36:34 +01:00
dlm
Networking changes for 6.4.
2023-04-26 16:07:23 -07:00
ecryptfs
fs: drop unused posix acl handlers
2023-03-06 09:57:12 +01:00
efivarfs
A healthy mix of EFI contributions this time:
2023-02-23 14:41:48 -08:00
efs
erofs
erofs: use HIPRI by default if per-cpu kthreads are enabled
2023-05-23 16:57:08 +08:00
exfat
Description for this pull request:
2023-03-01 08:42:27 -08:00
exportfs
fs: port ->permission() to pass mnt_idmap
2023-01-19 09:24:28 +01:00
ext2
\n
2023-04-26 09:07:46 -07:00
ext4
ext4: drop the call to ext4_error() from ext4_get_group_info()
2023-06-14 22:24:05 -04:00
f2fs
f2fs update for 6.4-rc1
2023-04-26 09:42:10 -07:00
fat
There is no particular theme here - mainly quick hits all over the tree.
2023-02-23 17:55:40 -08:00
freevxfs
There is no particular theme here - mainly quick hits all over the tree.
2023-02-23 17:55:40 -08:00
fscache
fscache: Use clear_and_wake_up_bit() in fscache_create_volume_work()
2023-01-30 12:51:54 +00:00
fuse
Driver core changes for 6.4-rc1
2023-04-27 11:53:57 -07:00
gfs2
gfs2: Don't get stuck writing page onto itself under direct I/O
2023-06-01 14:55:43 +02:00
hfs
There is no particular theme here - mainly quick hits all over the tree.
2023-02-23 17:55:40 -08:00
hfsplus
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
2023-04-12 11:29:32 +02:00
hostfs
um: hostfs: define our own API boundary
2023-04-20 23:04:40 +02:00
hpfs
fs: port ->rename() to pass mnt_idmap
2023-01-19 09:24:26 +01:00
hugetlbfs
mm: move 'mmap_min_addr' logic from callers into vm_unmapped_area()
2023-04-21 14:52:05 -07:00
iomap
New code for 6.4:
2023-04-29 10:35:48 -07:00
isofs
- hfs and hfsplus kmap API modernization from Fabio Francesco
2022-10-12 11:00:22 -07:00
jbd2
jdb2: Don't refuse invalidation of already invalidated buffers
2023-04-14 19:38:50 -04:00
jffs2
fs: rename generic posix acl handlers
2023-03-06 09:57:13 +01:00
jfs
write_one_page series
2023-04-24 19:20:27 -07:00
kernfs
Driver core changes for 6.4-rc1
2023-04-27 11:53:57 -07:00
lockd
nfsd-6.4 fixes:
2023-05-17 09:56:01 -07:00
minix
Merge branch 'work.minix' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2023-02-24 19:01:15 -08:00
netfs
- Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of
2023-04-27 19:42:02 -07:00
nfs
NFSv4.2: Fix a potential double free with READ_PLUS
2023-05-19 17:11:59 -04:00
nfs_common
NFSv4.2: remove MODULE_LICENSE in non-modules
2023-04-13 13:13:52 -07:00
nfsd
nfsd-6.4 fixes:
2023-06-02 13:38:55 -04:00
nilfs2
nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
2023-06-19 13:19:35 -07:00
nls
notify
inotify: Avoid reporting event with invalid wd
2023-04-25 12:36:55 +02:00
ntfs
ntfs: simplfy one-level sysctl registration for ntfs_sysctls
2023-04-13 11:49:35 -07:00
ntfs3
fs/ntfs3: Return error for inconsistent extended attributes
2023-07-03 00:21:22 +04:00
ocfs2
ocfs2: check new file size on fallocate call
2023-06-12 11:31:52 -07:00
omfs
fs: port inode_init_owner() to mnt_idmap
2023-01-19 09:24:28 +01:00
openpromfs
orangefs
- Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of
2023-04-27 19:42:02 -07:00
overlayfs
ovl: check for ->listxattr() support
2023-03-06 09:57:13 +01:00
proc
sysctl: remove register_sysctl_paths()
2023-05-02 19:24:16 -07:00
pstore
pstore update for v6.4-rc1
2023-04-27 17:03:40 -07:00
qnx4
qnx4: credit contributors in CREDITS
2023-03-14 12:56:30 -06:00
qnx6
qnx6: credit contributor and mark filesystem orphan
2023-03-14 12:56:30 -06:00
quota
quota: mark PRINT_QUOTA_WARNING as BROKEN
2023-04-14 13:06:50 +02:00
ramfs
mm, treewide: redefine MAX_ORDER sanely
2023-04-05 19:42:46 -07:00
reiserfs
\n
2023-04-26 09:07:46 -07:00
romfs
mm/nommu: factor out check for NOMMU shared mappings into is_nommu_shared_mapping()
2023-01-18 17:12:56 -08:00
smb
four smb3 server fixes, all also for stable
2023-06-20 11:50:40 -07:00
squashfs
revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
2023-02-03 17:52:25 -08:00
sysfs
sysv
sysv: switch to put_and_unmap_page()
2023-03-12 20:03:41 -04:00
tracefs
fs: port ->mkdir() to pass mnt_idmap
2023-01-19 09:24:26 +01:00
ubifs
ubifs: Fix memleak when insert_old_idx() failed
2023-04-23 23:36:38 +02:00
udf
udf: use wrapper i_blocksize() in udf_discard_prealloc()
2023-03-13 11:16:16 +01:00
ufs
ufs: don't flush page immediately for DIRSYNC directories
2023-03-28 16:20:14 -07:00
unicode
unicode: remove MODULE_LICENSE in non-modules
2023-04-13 13:13:54 -07:00
vboxsf
fs: port ->rename() to pass mnt_idmap
2023-01-19 09:24:26 +01:00
verity
fsverity: reject FS_IOC_ENABLE_VERITY on mode 3 fds
2023-04-11 19:23:23 -07:00
xfs
xfs: collect errors from inodegc for unlinked inode recovery
2023-06-05 14:48:15 +10:00
zonefs
zonefs: Do not propagate iomap_dio_rw() ENOTBLK error to user space
2023-03-30 20:56:02 +09:00
aio.c
Merge branch 'mm-hotfixes-stable' into mm-stable
2023-02-10 15:34:48 -08:00
anon_inodes.c
dynamic_dname(): drop unused dentry argument
2022-08-20 11:34:04 -04:00
attr.c
nfs: use vfs setgid helper
2023-03-30 08:51:48 +02:00
bad_inode.c
fs: port ->permission() to pass mnt_idmap
2023-01-19 09:24:28 +01:00
binfmt_elf_fdpic.c
ELF: fix all "Elf" typos
2023-04-08 13:45:37 -07:00
binfmt_elf_test.c
binfmt_elf.c
Mainly singleton patches all over the place. Series of note are:
2023-04-27 19:57:00 -07:00
binfmt_flat.c
binfmt_misc.c
binfmt_misc: fix shift-out-of-bounds in check_special_flags
2022-12-02 13:57:04 -08:00
binfmt_script.c
buffer.c
- Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of
2023-04-27 19:42:02 -07:00
char_dev.c
chardev: fix error handling in cdev_device_add()
2022-12-02 17:48:59 +01:00
compat_binfmt_elf.c
coredump.c
fork, vhost: Use CLONE_THREAD to fix freezer/ps regression
2023-06-01 17:15:33 -04:00
d_path.c
d_path.c: typo fix...
2022-08-20 11:34:33 -04:00
dax.c
fsdax: force clear dirty mark if CoW
2023-04-05 18:06:23 -07:00
dcache.c
tmpfile API change
2022-10-10 19:45:17 -07:00
direct-io.c
__blockdev_direct_IO(): get rid of submit_io callback
2023-03-05 20:27:41 -05:00
drop_caches.c
eventfd.c
eventfd: use wait_event_interruptible_locked_irq() helper
2023-04-06 10:01:50 +02:00
eventpoll.c
epoll: ep_autoremove_wake_function should use list_del_init_careful
2023-06-12 11:31:52 -07:00
exec.c
tracing updates for 6.4:
2023-04-28 15:57:53 -07:00
fcntl.c
fs.idmapped.v6.3
2023-02-20 11:53:11 -08:00
fhandle.c
do_sys_name_to_handle(): constify path
2022-09-01 17:36:39 -04:00
file_table.c
filelock: move file locking definitions to separate header file
2023-01-11 06:52:32 -05:00
file.c
fs: prevent out-of-bounds array speculation when closing a file descriptor
2023-03-09 22:46:21 -05:00
filesystems.c
fs_context.c
fs_parser.c
ext4: journal_path mount options should follow links
2022-12-01 10:46:54 -05:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
for-6.4/block-2023-05-06
2023-05-06 08:28:58 -07:00
fsopen.c
init.c
fs: port ->permission() to pass mnt_idmap
2023-01-19 09:24:28 +01:00
inode.c
- Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of
2023-04-27 19:42:02 -07:00
internal.h
five ksmbd server fixes, and new lock_rename_child VFS helper routine
2023-04-29 11:10:39 -07:00
ioctl.c
fs: port inode_owner_or_capable() to mnt_idmap
2023-01-19 09:24:29 +01:00
Kconfig
smb: move client and server files to common directory fs/smb
2023-05-24 16:29:21 -05:00
Kconfig.binfmt
Xtensa updates for v6.1
2022-10-10 14:21:11 -07:00
kernel_read_file.c
libfs.c
fs: consolidate duplicate dt_type helpers
2023-04-03 09:23:54 +02:00
locks.c
filelocks: use mount idmapping for setlease permission check
2023-03-09 22:36:12 +01:00
Makefile
smb: move client and server files to common directory fs/smb
2023-05-24 16:29:21 -05:00
mbcache.c
ext4: fix deadlock due to mbcache entry corruption
2022-12-08 21:49:25 -05:00
mnt_idmapping.c
fs: move mnt_idmap
2023-01-19 09:24:30 +01:00
mount.h
mpage.c
mpage: use folios in bio end_io handler
2023-04-18 16:30:02 -07:00
namei.c
five ksmbd server fixes, and new lock_rename_child VFS helper routine
2023-04-29 11:10:39 -07:00
namespace.c
fget() to fdget() conversions
2023-04-24 19:14:20 -07:00
no-block.c
nsfs.c
kill the last remaining user of proc_ns_fget()
2023-04-20 22:55:35 -04:00
open.c
open: return EINVAL for O_DIRECTORY | O_CREAT
2023-03-22 11:06:55 +01:00
pipe.c
pipe: check for IOCB_NOWAIT alongside O_NONBLOCK
2023-05-12 17:17:27 +02:00
pnode.c
pnode: pass mountpoint directly
2023-04-06 14:53:38 +02:00
pnode.h
posix_acl.c
acl: don't depend on IOP_XATTR
2023-03-06 09:59:20 +01:00
proc_namespace.c
read_write.c
iov_iter: add iter_iov_addr() and iter_iov_len() helpers
2023-03-30 08:12:29 -06:00
readdir.c
Change calling conventions for filldir_t
2022-08-17 17:25:04 -04:00
remap_range.c
fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap
2023-01-19 09:24:29 +01:00
select.c
seq_file.c
use less confusing names for iov_iter direction initializers
2022-11-25 13:01:55 -05:00
signalfd.c
splice.c
pipe-nonblock-2023-05-06
2023-05-06 08:15:20 -07:00
stack.c
stat.c
fs.idmapped.v6.3
2023-02-20 11:53:11 -08:00
statfs.c
statfs: enforce statfs[64] structure initialization
2023-05-17 15:20:17 +02:00
super.c
Revert "mm: shrinkers: convert shrinker_rwsem to mutex"
2023-06-19 13:19:33 -07:00
sync.c
sysctls.c
timerfd.c
userfaultfd.c
mm/uffd: allow vma to merge as much as possible
2023-06-12 11:31:50 -07:00
utimes.c
fs.idmapped.v6.3
2023-02-20 11:53:11 -08:00
xattr.c
fs: don't call posix_acl_listxattr in generic_listxattr
2023-05-17 15:25:20 +02:00