Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/fs
History
Jeongjun Park 0fd898e505 nilfs2: fix OOB in nilfs_set_de_type 
commit c4a7dc9523b59b3e73fd522c73e95e072f876b16 upstream.

The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is
defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function,
which uses this array, specifies the index to read from the array in the
same way as "(mode & S_IFMT) >> S_SHIFT".

static void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode
 *inode)
{
	umode_t mode = inode->i_mode;

	de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob
}

However, when the index is determined this way, an out-of-bounds (OOB)
error occurs by referring to an index that is 1 larger than the array size
when the condition "mode & S_IFMT == S_IFMT" is satisfied.  Therefore, a
patch to resize the nilfs_type_by_mode array should be applied to prevent
OOB errors.

Link: https://lkml.kernel.org/r/20240415182048.7144-1-konishi.ryusuke@gmail.com
Reported-by: syzbot+2e22057de05b9f3b30d8@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=2e22057de05b9f3b30d8
Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-11-19 11:32:23 +01:00
..
9p Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
adfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
affs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
afs afs: Revert "afs: Hide silly-rename files from userspace" 2024-11-19 08:44:57 +01:00
autofs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
befs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
bfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
btrfs btrfs: record delayed inode root in transaction 2024-11-19 11:32:21 +01:00
cachefiles cachefiles: fix memory leak in cachefiles_add_cache() 2024-11-18 23:18:30 +01:00
ceph ceph: prevent use-after-free in encode_cap_msg() 2024-11-18 12:13:33 +01:00
cifs cifs: add a warning when the in-flight count goes negative 2024-11-18 22:25:35 +01:00
coda Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
configfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cramfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
crypto Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
debugfs debugfs: fix automount d_fsdata usage 2024-11-18 12:12:12 +01:00
devpts Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dlm Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ecryptfs ecryptfs: Reject casefold directory inodes 2024-11-18 12:13:11 +01:00
efivarfs efivarfs: force RO when remounting if SetVariable is not supported 2024-11-18 12:12:25 +01:00
efs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
erofs BACKPORT: erofs: fix lz4 inplace decompression 2024-11-17 17:41:30 +01:00
exfat exfat: support handle zero-size directory 2024-11-18 11:43:14 +01:00
exportfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ext2 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ext4 ext4: forbid commit inconsistent quota data when errors=remount-ro 2024-11-19 09:23:14 +01:00
f2fs f2fs: compress: fix to check unreleased compressed cluster 2024-11-19 08:44:57 +01:00
fat fat: fix uninitialized field in nostale filehandles 2024-11-19 09:22:16 +01:00
freevxfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fscache Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fuse fuse: don't unhash root 2024-11-19 09:22:18 +01:00
gfs2 gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump 2024-11-18 12:12:27 +01:00
hfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hfsplus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hostfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hpfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hugetlbfs fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super 2024-11-18 23:18:30 +01:00
incfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
iomap Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
isofs isofs: handle CDs with bad root inode but good Joliet root directory 2024-11-19 09:23:14 +01:00
jbd2 jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint 2024-11-18 22:25:36 +01:00
jffs2 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
jfs jfs: fix array-index-out-of-bounds in diNewExt 2024-11-18 12:13:10 +01:00
kernfs fs/kernfs/dir: obey S_ISGID 2024-11-18 12:13:20 +01:00
lockd Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
minix Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nfs nfs: fix UAF in direct writes 2024-11-19 09:22:34 +01:00
nfs_common Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nfsd nfsd: lock_rename() needs both directories to live on the same fs 2024-11-18 12:10:57 +01:00
nilfs2 nilfs2: fix OOB in nilfs_set_de_type 2024-11-19 11:32:23 +01:00
nls Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
notify Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ntfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ocfs2 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
omfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
openpromfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
orangefs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
overlayfs ima: detect changes to the backing overlay file 2024-11-18 11:43:25 +01:00
proc watchdog: move softlockup_panic back to early_param 2024-11-18 11:43:21 +01:00
pstore pstore/zone: Add a null pointer check to the psz_kmsg_read 2024-11-19 09:23:13 +01:00
qnx4 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
qnx6 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
quota quota: Fix rcu annotations of inode dquot pointers 2024-11-19 08:44:52 +01:00
ramfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
reiserfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
romfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sdfat Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
squashfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sysfs fs: sysfs: Fix reference leak in sysfs_break_active_protection() 2024-11-19 11:32:23 +01:00
sysv sysv: don't call sb_bread() with pointers_lock held 2024-11-19 09:23:14 +01:00
tracefs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ubifs ubifs: Set page uptodate in the correct place 2024-11-19 09:22:16 +01:00
udf Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ufs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
unicode Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vboxsf vboxsf: Avoid an spurious warning if load_nls_xxx() fails 2024-11-19 09:22:46 +01:00
verity Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
zonefs zonefs: Improve error handling 2024-11-18 22:25:32 +01:00
aio.c fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion 2024-11-19 09:22:39 +01:00
anon_inodes.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
attr.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
bad_inode.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_aout.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_elf.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_elf_fdpic.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_em86.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_flat.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_misc.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_script.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
block_dev.c block: Don't invalidate pagecache for invalid falloc modes 2024-11-18 12:12:06 +01:00
buffer.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
char_dev.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
compat_binfmt_elf.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
coredump.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
d_path.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dax.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dcache.c fast_dput(): handle underflows gracefully 2024-11-18 12:13:17 +01:00
dcookies.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
direct-io.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dlog_hook.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
drop_caches.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
eventfd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
eventpoll.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
exec.c exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() 2024-11-19 09:22:41 +01:00
fcntl.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fhandle.c do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak 2024-11-19 08:44:37 +01:00
file.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
file_table.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
filesystems.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fs-writeback.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fs_context.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fs_parser.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fs_pin.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fs_struct.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fs_types.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fsopen.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
init.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
inode.c fs: add ctime accessors infrastructure 2024-11-18 12:11:13 +01:00
internal.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ioctl.c lsm: new security_file_ioctl_compat() hook 2024-11-18 12:12:58 +01:00
Kconfig Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig.binfmt Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kernel_read_file.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
libfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
locks.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mbcache.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mount.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mpage.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
namei.c rename(): fix the locking of subdirectories 2024-11-18 12:12:59 +01:00
namespace.c fs: indicate request originates from old mount API 2024-11-18 12:12:26 +01:00
no-block.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nsfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
open.c security: samsung: defex_lsm: nuke 2024-06-15 16:20:49 -03:00
pipe.c pipe: wakeup wr_wait after setting max_usage 2024-11-18 12:13:04 +01:00
pnode.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pnode.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
posix_acl.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
proc_namespace.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
read_write.c security: samsung: defex_lsm: nuke 2024-06-15 16:20:49 -03:00
readdir.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
remap_range.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
select.c fs/select: rework stack allocation hack for clang 2024-11-19 08:44:37 +01:00
seq_file.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
signalfd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
splice.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
stack.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
stat.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
statfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
super.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sync.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
timerfd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
userfaultfd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
utimes.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xattr.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00