From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
syzbot+9b33c9b118d77ff59b6f@syzkaller.appspotmail.com,
Jan Kara <jack@suse.cz>
Subject: [PATCH 5.4 19/22] reiserfs: Fix oops during mount
Date: Fri, 16 Oct 2020 11:07:47 +0200 [thread overview]
Message-ID: <20201016090438.265277325@linuxfoundation.org> (raw)
In-Reply-To: <20201016090437.308349327@linuxfoundation.org>
From: Jan Kara <jack@suse.cz>
commit c2bb80b8bdd04dfe32364b78b61b6a47f717af52 upstream.
With suitably crafted reiserfs image and mount command reiserfs will
crash when trying to verify that XATTR_ROOT directory can be looked up
in / as that recurses back to xattr code like:
xattr_lookup+0x24/0x280 fs/reiserfs/xattr.c:395
reiserfs_xattr_get+0x89/0x540 fs/reiserfs/xattr.c:677
reiserfs_get_acl+0x63/0x690 fs/reiserfs/xattr_acl.c:209
get_acl+0x152/0x2e0 fs/posix_acl.c:141
check_acl fs/namei.c:277 [inline]
acl_permission_check fs/namei.c:309 [inline]
generic_permission+0x2ba/0x550 fs/namei.c:353
do_inode_permission fs/namei.c:398 [inline]
inode_permission+0x234/0x4a0 fs/namei.c:463
lookup_one_len+0xa6/0x200 fs/namei.c:2557
reiserfs_lookup_privroot+0x85/0x1e0 fs/reiserfs/xattr.c:972
reiserfs_fill_super+0x2b51/0x3240 fs/reiserfs/super.c:2176
mount_bdev+0x24f/0x360 fs/super.c:1417
Fix the problem by bailing from reiserfs_xattr_get() when xattrs are not
yet initialized.
CC: stable@vger.kernel.org
Reported-by: syzbot+9b33c9b118d77ff59b6f@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/reiserfs/xattr.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/fs/reiserfs/xattr.c
+++ b/fs/reiserfs/xattr.c
@@ -674,6 +674,13 @@ reiserfs_xattr_get(struct inode *inode,
if (get_inode_sd_version(inode) == STAT_DATA_V1)
return -EOPNOTSUPP;
+ /*
+ * priv_root needn't be initialized during mount so allow initial
+ * lookups to succeed.
+ */
+ if (!REISERFS_SB(inode->i_sb)->priv_root)
+ return 0;
+
dentry = xattr_lookup(inode, name, XATTR_REPLACE);
if (IS_ERR(dentry)) {
err = PTR_ERR(dentry);
next prev parent reply other threads:[~2020-10-16 9:10 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-16 9:07 [PATCH 5.4 00/22] 5.4.72-rc1 review Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 01/22] perf cs-etm: Move definition of traceid_list global variable from header file Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 02/22] btrfs: dont pass system_chunk into can_overcommit Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 03/22] btrfs: take overcommit into account in inc_block_group_ro Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 04/22] ARM: 8939/1: kbuild: use correct nm executable Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 05/22] ACPI: Always build evged in Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 06/22] Bluetooth: A2MP: Fix not initializing all members Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 07/22] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 08/22] Bluetooth: MGMT: Fix not checking if BT_HS is enabled Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 09/22] Bluetooth: Consolidate encryption handling in hci_encrypt_cfm Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 10/22] Bluetooth: Fix update of connection state in `hci_encrypt_cfm` Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 11/22] Bluetooth: Disconnect if E0 is used for Level 4 Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 12/22] media: usbtv: Fix refcounting mixup Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 13/22] USB: serial: option: add Cellient MPL200 card Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 14/22] USB: serial: option: Add Telit FT980-KS composition Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 15/22] staging: comedi: check validity of wMaxPacketSize of usb endpoints found Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 16/22] USB: serial: pl2303: add device-id for HP GC device Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 17/22] USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 18/22] reiserfs: Initialize inode keys properly Greg Kroah-Hartman
2020-10-16 9:07 ` Greg Kroah-Hartman [this message]
2020-10-16 9:07 ` [PATCH 5.4 20/22] xen/events: dont use chip_data for legacy IRQs Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 21/22] crypto: bcm - Verify GCM/CCM key length in setkey Greg Kroah-Hartman
2020-10-16 9:07 ` [PATCH 5.4 22/22] crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA Greg Kroah-Hartman
2020-10-16 13:46 ` [PATCH 5.4 00/22] 5.4.72-rc1 review Jon Hunter
2020-10-16 19:02 ` Guenter Roeck
2020-10-17 7:18 ` Naresh Kamboju
2020-10-17 16:07 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201016090438.265277325@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jack@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+9b33c9b118d77ff59b6f@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).