* [PATCH] ntfs: check for valid standard information attribute
@ 2021-02-17 15:59 Rustam Kovhaev
2021-02-19 1:54 ` Anton Altaparmakov
0 siblings, 1 reply; 5+ messages in thread
From: Rustam Kovhaev @ 2021-02-17 15:59 UTC (permalink / raw)
To: anton, linux-ntfs-dev; +Cc: linux-kernel, gregkh, Rustam Kovhaev
we should check for valid STANDARD_INFORMATION attribute offset and
length before trying to access it
Reported-and-tested-by: syzbot+c584225dabdea2f71969@syzkaller.appspotmail.com
Signed-off-by: Rustam Kovhaev <rkovhaev@gmail.com>
Acked-by: Anton Altaparmakov <anton@tuxera.com>
Link: https://syzkaller.appspot.com/bug?extid=c584225dabdea2f71969
---
fs/ntfs/inode.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
index f7e4cbc26eaf..be4ff9386ec0 100644
--- a/fs/ntfs/inode.c
+++ b/fs/ntfs/inode.c
@@ -629,6 +629,12 @@ static int ntfs_read_locked_inode(struct inode *vi)
}
a = ctx->attr;
/* Get the standard information attribute value. */
+ if ((u8 *)a + le16_to_cpu(a->data.resident.value_offset)
+ + le32_to_cpu(a->data.resident.value_length) >
+ (u8 *)ctx->mrec + vol->mft_record_size) {
+ ntfs_error(vi->i_sb, "Corrupt standard information attribute in inode.");
+ goto unm_err_out;
+ }
si = (STANDARD_INFORMATION*)((u8*)a +
le16_to_cpu(a->data.resident.value_offset));
--
2.30.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] ntfs: check for valid standard information attribute
2021-02-17 15:59 [PATCH] ntfs: check for valid standard information attribute Rustam Kovhaev
@ 2021-02-19 1:54 ` Anton Altaparmakov
2021-02-19 18:49 ` Andrew Morton
0 siblings, 1 reply; 5+ messages in thread
From: Anton Altaparmakov @ 2021-02-19 1:54 UTC (permalink / raw)
To: Andrew Morton; +Cc: linux-ntfs-dev, linux-kernel, gregkh, Rustam Kovhaev
Hi Andrew,
Can you please push this one upstream? Thanks a lot in advance!
Best regards,
Anton
> On 17 Feb 2021, at 15:59, Rustam Kovhaev <rkovhaev@gmail.com> wrote:
>
> we should check for valid STANDARD_INFORMATION attribute offset and
> length before trying to access it
>
> Reported-and-tested-by: syzbot+c584225dabdea2f71969@syzkaller.appspotmail.com
> Signed-off-by: Rustam Kovhaev <rkovhaev@gmail.com>
> Acked-by: Anton Altaparmakov <anton@tuxera.com>
> Link: https://syzkaller.appspot.com/bug?extid=c584225dabdea2f71969
> ---
> fs/ntfs/inode.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
> index f7e4cbc26eaf..be4ff9386ec0 100644
> --- a/fs/ntfs/inode.c
> +++ b/fs/ntfs/inode.c
> @@ -629,6 +629,12 @@ static int ntfs_read_locked_inode(struct inode *vi)
> }
> a = ctx->attr;
> /* Get the standard information attribute value. */
> + if ((u8 *)a + le16_to_cpu(a->data.resident.value_offset)
> + + le32_to_cpu(a->data.resident.value_length) >
> + (u8 *)ctx->mrec + vol->mft_record_size) {
> + ntfs_error(vi->i_sb, "Corrupt standard information attribute in inode.");
> + goto unm_err_out;
> + }
> si = (STANDARD_INFORMATION*)((u8*)a +
> le16_to_cpu(a->data.resident.value_offset));
>
> --
> 2.30.0
>
--
Anton Altaparmakov <anton at tuxera.com> (replace at with @)
Lead in File System Development, Tuxera Inc., http://www.tuxera.com/
Linux NTFS maintainer
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] ntfs: check for valid standard information attribute
2021-02-19 1:54 ` Anton Altaparmakov
@ 2021-02-19 18:49 ` Andrew Morton
2021-02-22 14:18 ` Anton Altaparmakov
0 siblings, 1 reply; 5+ messages in thread
From: Andrew Morton @ 2021-02-19 18:49 UTC (permalink / raw)
To: Anton Altaparmakov; +Cc: linux-ntfs-dev, linux-kernel, gregkh, Rustam Kovhaev
On Fri, 19 Feb 2021 01:54:30 +0000 Anton Altaparmakov <anton@tuxera.com> wrote:
> Hi Andrew,
>
> Can you please push this one upstream? Thanks a lot in advance!
The changelog is a bit brief...
>
> > On 17 Feb 2021, at 15:59, Rustam Kovhaev <rkovhaev@gmail.com> wrote:
> >
> > we should check for valid STANDARD_INFORMATION attribute offset and
> > length before trying to access it
It's a kernel a crash and I assume it results from mounting a corrupted
filesystem?
I think it's worth a cc:stable, yes?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] ntfs: check for valid standard information attribute
2021-02-19 18:49 ` Andrew Morton
@ 2021-02-22 14:18 ` Anton Altaparmakov
2021-02-22 16:17 ` Rustam Kovhaev
0 siblings, 1 reply; 5+ messages in thread
From: Anton Altaparmakov @ 2021-02-22 14:18 UTC (permalink / raw)
To: Andrew Morton; +Cc: linux-ntfs-dev, linux-kernel, gregkh, Rustam Kovhaev
Hi Andrew,
Sorry for the delay in replying.
> On 19 Feb 2021, at 18:49, Andrew Morton <akpm@linux-foundation.org> wrote:
>
> On Fri, 19 Feb 2021 01:54:30 +0000 Anton Altaparmakov <anton@tuxera.com> wrote:
>
>> Hi Andrew,
>>
>> Can you please push this one upstream? Thanks a lot in advance!
>
> The changelog is a bit brief...
Yes you are right it is a bit brief. I guess I thought the syzkaller link was sufficient... Rustam would you like to resubmit with an improved/extended description?
>>> On 17 Feb 2021, at 15:59, Rustam Kovhaev <rkovhaev@gmail.com> wrote:
>>>
>>> we should check for valid STANDARD_INFORMATION attribute offset and
>>> length before trying to access it
>
> It's a kernel a crash and I assume it results from mounting a corrupted
> filesystem?
>
> I think it's worth a cc:stable, yes?
The problem is an invalid memory access due to corrupt on-disk metadata.
The issue with NTFS is that it is effectively a relational database so it is full of "struct X, field A" contains offset to "struct Y" so you get: "&struct Y = &struct X + X->A" and if the value of A is corrupt on-disk then your Y pointer is now pointing to random memory.
The patch fixes one such place by validating that Y pointer is within bounds of the structure/buffer it is in.
So I guess this could be worth a cc:stable? I guess we can add it and Greg / others can decide whether to put it into stable or not... Rustam when resubmitting with better description, please also add the "Cc: stable@vger.kernel.org" line together with the "Signed-off-by", etc lines (note no need to actually put this in CC: field of the email iteslf).
Best regards,
Anton
--
Anton Altaparmakov <anton at tuxera.com> (replace at with @)
Lead in File System Development, Tuxera Inc., http://www.tuxera.com/
Linux NTFS maintainer
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] ntfs: check for valid standard information attribute
2021-02-22 14:18 ` Anton Altaparmakov
@ 2021-02-22 16:17 ` Rustam Kovhaev
0 siblings, 0 replies; 5+ messages in thread
From: Rustam Kovhaev @ 2021-02-22 16:17 UTC (permalink / raw)
To: Anton Altaparmakov; +Cc: Andrew Morton, linux-ntfs-dev, linux-kernel, gregkh
On Mon, Feb 22, 2021 at 02:18:50PM +0000, Anton Altaparmakov wrote:
> Rustam would you like to resubmit with an improved/extended description?
sure thing, no problem!
> when resubmitting with better description, please also add the
> "Cc: stable@vger.kernel.org" line together with the "Signed-off-by",
> etc lines (note no need to actually put this in CC: field of the email
> iteslf).
i will do that, thanks Andrew and Anton
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-02-22 16:19 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-17 15:59 [PATCH] ntfs: check for valid standard information attribute Rustam Kovhaev
2021-02-19 1:54 ` Anton Altaparmakov
2021-02-19 18:49 ` Andrew Morton
2021-02-22 14:18 ` Anton Altaparmakov
2021-02-22 16:17 ` Rustam Kovhaev
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.