Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1439386imm; Wed, 20 Jun 2018 18:46:58 -0700 (PDT) X-Google-Smtp-Source: ADUXVKK+g2w0cX3FlnsyIlUSa8tW8i4laq4FEfMgW6GpXg7BftkQ2kgkQELhAOsj5AufcBSINE0N X-Received: by 2002:a62:6f86:: with SMTP id k128-v6mr25283540pfc.150.1529545618313; Wed, 20 Jun 2018 18:46:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529545618; cv=none; d=google.com; s=arc-20160816; b=NYAiAkuSsTbQuXHiymv+PGg2tC49Zuh4TrrXXek6cE2506U7VfILF+HD6eZuR0JcFN EAoKZCZxKRp4R9xhdgGzN85Z8hpsi2uyYaEOY/YjMHwZpEDXnXlX151m1YbV/GaKRgHV mvwd4g6mMUBOBzdLDZo88M9bm8/NZaHlxxPpUtNgfzSbSpf0R7AxJ2tiIcW05KAecW6f ndFlFgjJPf07bgMtNtQ7AFNzwbj8BS/IByoVKWgD10aAFY3Ij43GrFiStL10q6l9GCml OjzGN2SYHpYOndn3s3PudXf2M0mb9GU7U81u4OOLP4Yzywr0NtVGawK5SqBUu+2CruTW l0jQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=xsUjTc6yAlhkv5aUviPgwAySdCPI8SobxucJl3qyTx8=; b=T64iQdmCAVVH43kWrmK4XgUdMbYMpZoB6amYFz0yNh6rQzqPwapMOwe2VqrAb5pMsu X7T+I0hNfZYvr7Mtz2aMowPy5xRVqYh+9OkwObbd59I35g5vOeszmAVmIZMZhMcoYt37 Xl3BQykC20Xw/XVxi/bbU275422z0i9q/AWq46PzuZizMblnaPnZofFw8NRZ5vmDGeNX wz8EFnvq07b6l/l2Xd+KnjsxrWXb2yZJEvgmfw/B1frwfsQwwUK7BJbsBtK3shgx5KMg LsZb4U/Rm08hnUh33Q8USF9lE5O/HfsJyH4mjXTtVEUhClYJCG99QMOg8o+Mbx3NdyDG 0MOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ew4z6cvs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z185-v6si3765643pfb.257.2018.06.20.18.46.44; Wed, 20 Jun 2018 18:46:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ew4z6cvs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754310AbeFUBqE (ORCPT + 99 others); Wed, 20 Jun 2018 21:46:04 -0400 Received: from mail-qt0-f195.google.com ([209.85.216.195]:33528 "EHLO mail-qt0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754093AbeFUBqC (ORCPT ); Wed, 20 Jun 2018 21:46:02 -0400 Received: by mail-qt0-f195.google.com with SMTP id l10-v6so1518793qtj.0; Wed, 20 Jun 2018 18:46:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=xsUjTc6yAlhkv5aUviPgwAySdCPI8SobxucJl3qyTx8=; b=ew4z6cvsQIX1I9mVBBFjTslr/c0OtdFOHrA6U/E0Zek2WYoZS317Q9snXBORDJrolO zIybAXQhKmhrYZcgg+gHt59UQ6fFqOygyvQaTepG7+BNbfOYAKr6iRQxoiCojBcM29KH 0kuTXRC+2xru7eztMYfNu0TUI2m65RebRwXAXu2aY/m4ykz/WhHcqGk0Cw1u2AFDQDSD 6Ck7uxIVag+DZ66J+QhQvN685+gHoFusAtBDbOhQGDsEC2z+Tsxd4UhclpVz5KL2sMKI jhPiTxyrifdzKzUzlLlljtpB5C861cQPFFZxpipCqx3+WzVpjtijgW4YSExufctWju0Q zDEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=xsUjTc6yAlhkv5aUviPgwAySdCPI8SobxucJl3qyTx8=; b=sEZcN3GfAN6eMpHqhrK5sHGjpQS2qkTT0cwbw1VsNYbBozLOQVDtqLhAgtWL8pCfws 3ZkhxMS9BMpcjdorF37AHcAzfStypTP+0rxSHm3i4fu2HwSJLfyxOtfc/pJ2Y96RYKWe N1/7DQYHAoV3oAkacdqEkomhF7rh9sHIzoQROvVTuL4urgnhoVChRcYWNF9ny8jqc32P eLK/+FYJ8pNc8llXxnKPwTf2Piek+InXmQ00CSCfx2EZw7e2jUf1+fvONI+6rvPlWBJ7 v6qCaZ1QRe6rjJzFnoM+QyeaKftiIuCv7ICaTXPgCf8lJOBdo09jpcvF6drTjLKXBN6/ T6Uw== X-Gm-Message-State: APt69E0kX/1Mpbc773WzDGrr1o3u4NhGU63WlstiPlCeM29TyBW77q9B TCylTDH7YUtFGfFTQSlvn9w= X-Received: by 2002:ac8:491:: with SMTP id s17-v6mr21312788qtg.46.1529545561434; Wed, 20 Jun 2018 18:46:01 -0700 (PDT) Received: from eaf ([181.47.179.0]) by smtp.gmail.com with ESMTPSA id t6-v6sm2184920qtn.86.2018.06.20.18.45.58 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 20 Jun 2018 18:46:00 -0700 (PDT) Date: Wed, 20 Jun 2018 22:45:56 -0300 From: Ernesto =?utf-8?Q?A=2E_Fern=C3=A1ndez?= To: Tetsuo Handa Cc: syzbot , syzkaller-bugs@googlegroups.com, viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, akpm@linux-foundation.org Subject: Re: [PATCH] hfsplus: don't return 0 when fill_super() failed Message-ID: <20180621014555.4ul7w7wwkzbeifr6@eaf> References: <001a114467485371b605691053fc@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 15, 2018 at 07:08:24PM +0900, Tetsuo Handa wrote: > From f78a5fe168290cb9e009f4d907d04b5bfe277831 Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa > Date: Tue, 15 May 2018 11:38:38 +0900 > Subject: [PATCH] hfsplus: don't return 0 when fill_super() failed > > syzbot is reporting NULL pointer dereference at mount_fs() [1]. > This is because hfsplus_fill_super() is by error returning 0 when > hfsplus_fill_super() detected invalid filesystem image, and mount_bdev() > is returning NULL because dget(s->s_root) == NULL if s->s_root == NULL, > and mount_fs() is accessing root->d_sb because IS_ERR(root) == false > if root == NULL. Fix this by returning -EINVAL when hfsplus_fill_super() > detected invalid filesystem image. > > [1] https://syzkaller.appspot.com/bug?id=21acb6850cecbc960c927229e597158cf35f33d0 > > Signed-off-by: Tetsuo Handa > Reported-by: syzbot > Cc: Al Viro It's been too long. I think I should give up on my patch. Maybe a review can help your version get merged. Reviewed-by: Ernesto A. Fernández > --- > fs/hfsplus/super.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/fs/hfsplus/super.c b/fs/hfsplus/super.c > index 513c357..9e690ae 100644 > --- a/fs/hfsplus/super.c > +++ b/fs/hfsplus/super.c > @@ -524,8 +524,10 @@ static int hfsplus_fill_super(struct super_block *sb, void *data, int silent) > goto out_put_root; > if (!hfs_brec_read(&fd, &entry, sizeof(entry))) { > hfs_find_exit(&fd); > - if (entry.type != cpu_to_be16(HFSPLUS_FOLDER)) > + if (entry.type != cpu_to_be16(HFSPLUS_FOLDER)) { > + err = -EINVAL; > goto out_put_root; > + } > inode = hfsplus_iget(sb, be32_to_cpu(entry.folder.id)); > if (IS_ERR(inode)) { > err = PTR_ERR(inode); > -- > 1.8.3.1 > >