diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-08-11 18:35:24 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-08-12 10:58:00 -0700 |
| commit | da27e0a0e5f655f0d58d4e153c3182bb2b290f64 (patch) | |
| tree | 22150b2eb3f869f6e5f1df84dda39522d1089c6e /fs/qnx4/README | |
| parent | 2fb3244f0a58ceb3d866ac63f644dfa31cae430f (diff) | |
| download | linux-da27e0a0e5f655f0d58d4e153c3182bb2b290f64.tar.gz linux-da27e0a0e5f655f0d58d4e153c3182bb2b290f64.tar.bz2 linux-da27e0a0e5f655f0d58d4e153c3182bb2b290f64.zip | |
fs/minix: check return value of sb_getblk()
Patch series "fs/minix: fix syzbot bugs and set s_maxbytes".
This series fixes all syzbot bugs in the minix filesystem:
KASAN: null-ptr-deref Write in get_block
KASAN: use-after-free Write in get_block
KASAN: use-after-free Read in get_block
WARNING in inc_nlink
KMSAN: uninit-value in get_block
WARNING in drop_nlink
It also fixes the minix filesystem to set s_maxbytes correctly, so that
userspace sees the correct behavior when exceeding the max file size.
This patch (of 6):
sb_getblk() can fail, so check its return value.
This fixes a NULL pointer dereference.
Originally from Qiujun Huang.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: syzbot+4a88b2b9dc280f47baf4@syzkaller.appspotmail.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Qiujun Huang <anenbupt@gmail.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200628060846.682158-1-ebiggers@kernel.org
Link: http://lkml.kernel.org/r/20200628060846.682158-2-ebiggers@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/qnx4/README')
0 files changed, 0 insertions, 0 deletions