From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
syzbot+9b33c9b118d77ff59b6f@syzkaller.appspotmail.com,
Jan Kara <jack@suse.cz>
Subject: [PATCH 4.19 18/21] reiserfs: Fix oops during mount
Date: Fri, 16 Oct 2020 11:07:37 +0200 [thread overview]
Message-ID: <20201016090438.181624388@linuxfoundation.org> (raw)
In-Reply-To: <20201016090437.301376476@linuxfoundation.org>
From: Jan Kara <jack@suse.cz>
commit c2bb80b8bdd04dfe32364b78b61b6a47f717af52 upstream.
With suitably crafted reiserfs image and mount command reiserfs will
crash when trying to verify that XATTR_ROOT directory can be looked up
in / as that recurses back to xattr code like:
xattr_lookup+0x24/0x280 fs/reiserfs/xattr.c:395
reiserfs_xattr_get+0x89/0x540 fs/reiserfs/xattr.c:677
reiserfs_get_acl+0x63/0x690 fs/reiserfs/xattr_acl.c:209
get_acl+0x152/0x2e0 fs/posix_acl.c:141
check_acl fs/namei.c:277 [inline]
acl_permission_check fs/namei.c:309 [inline]
generic_permission+0x2ba/0x550 fs/namei.c:353
do_inode_permission fs/namei.c:398 [inline]
inode_permission+0x234/0x4a0 fs/namei.c:463
lookup_one_len+0xa6/0x200 fs/namei.c:2557
reiserfs_lookup_privroot+0x85/0x1e0 fs/reiserfs/xattr.c:972
reiserfs_fill_super+0x2b51/0x3240 fs/reiserfs/super.c:2176
mount_bdev+0x24f/0x360 fs/super.c:1417
Fix the problem by bailing from reiserfs_xattr_get() when xattrs are not
yet initialized.
CC: stable@vger.kernel.org
Reported-by: syzbot+9b33c9b118d77ff59b6f@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/reiserfs/xattr.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/fs/reiserfs/xattr.c
+++ b/fs/reiserfs/xattr.c
@@ -665,6 +665,13 @@ reiserfs_xattr_get(struct inode *inode,
if (get_inode_sd_version(inode) == STAT_DATA_V1)
return -EOPNOTSUPP;
+ /*
+ * priv_root needn't be initialized during mount so allow initial
+ * lookups to succeed.
+ */
+ if (!REISERFS_SB(inode->i_sb)->priv_root)
+ return 0;
+
dentry = xattr_lookup(inode, name, XATTR_REPLACE);
if (IS_ERR(dentry)) {
err = PTR_ERR(dentry);
next prev parent reply other threads:[~2020-10-16 9:14 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-16 9:07 [PATCH 4.19 00/21] 4.19.152-rc1 review Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 01/21] perf cs-etm: Move definition of traceid_list global variable from header file Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 02/21] ARM: 8858/1: vdso: use $(LD) instead of $(CC) to link VDSO Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 03/21] ARM: 8939/1: kbuild: use correct nm executable Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 04/21] ARM: 8867/1: vdso: pass --be8 to linker if necessary Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 05/21] Bluetooth: A2MP: Fix not initializing all members Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 06/21] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 07/21] Bluetooth: MGMT: Fix not checking if BT_HS is enabled Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 08/21] Bluetooth: Consolidate encryption handling in hci_encrypt_cfm Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 09/21] Bluetooth: Fix update of connection state in `hci_encrypt_cfm` Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 10/21] Bluetooth: Disconnect if E0 is used for Level 4 Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 11/21] media: usbtv: Fix refcounting mixup Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 12/21] USB: serial: option: add Cellient MPL200 card Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 13/21] USB: serial: option: Add Telit FT980-KS composition Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 14/21] staging: comedi: check validity of wMaxPacketSize of usb endpoints found Greg Kroah-Hartman
2020-10-16 13:06 ` Pavel Machek
2020-10-17 8:12 ` Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 15/21] USB: serial: pl2303: add device-id for HP GC device Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 16/21] USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 17/21] reiserfs: Initialize inode keys properly Greg Kroah-Hartman
2020-10-16 9:07 ` Greg Kroah-Hartman [this message]
2020-10-16 9:07 ` [PATCH 4.19 19/21] drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 20/21] crypto: bcm - Verify GCM/CCM key length in setkey Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 4.19 21/21] crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA Greg Kroah-Hartman
2020-10-16 10:33 ` [PATCH 4.19 00/21] 4.19.152-rc1 review Pavel Machek
2020-10-17 11:32 ` Greg Kroah-Hartman
2020-10-16 13:46 ` Jon Hunter
2020-10-16 19:01 ` Guenter Roeck
2020-10-17 9:41 ` Salvatore Bonaccorso
2020-10-17 9:49 ` Greg Kroah-Hartman
2020-10-17 11:11 ` Salvatore Bonaccorso
2020-10-17 7:31 ` Naresh Kamboju
2020-10-17 16:09 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201016090438.181624388@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jack@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+9b33c9b118d77ff59b6f@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).