Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2654661pxa; Mon, 17 Aug 2020 15:38:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyg/6319OVFTVtPLlRYSdOy2z4pnpPUag7j6U6rlGmy2RWFERQluo6PKs2sMK7SQ7XCQBDM X-Received: by 2002:a17:906:b110:: with SMTP id u16mr16887875ejy.483.1597703886972; Mon, 17 Aug 2020 15:38:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597703886; cv=none; d=google.com; s=arc-20160816; b=sxg4758QVGC4n7dm3hLRQV7aT4ZHGdb5Y7E/omGO6iGMjTBvNLd8HxIih3lKU7oV/G hafR5HGb8siBZm1EgQDQK39/LYYEt1Ji6yU5UFn6G0X/EsTserxVZNDsepyM0uwBCyyA OQ6XIUJWAu6mY6Ixs5V3+6pDrgEmUVzgtwhObZNx1LoUfHG54odWG2vdoyMo1moPMkSf sRAKWu8Ap5BhUB7l3eyCyGDOrpfuS7zaFO3sfibuRkCJ86uDEE+wNUemYPUFfjihw952 frmVPOS2YHKJgEblmMeZlh8VwEmQ1WyRATcMvG+E9xexZFu63RMxLiSaomnF/liJDpJs KibA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=MT5BoYiGzT+JhT3fW32G69R3LjBt+gG4RsLNqIRQUxI=; b=oT7GOw8w9m4t2/bIFu6iz18DQjC+Q/bMMukqxq48c1QwxX9M/URN9TFqm0GVsYKW9a 4idHEJeJ4YPg3rJwLV91ueoENBTwjwNiVROairB79BdpFYrQfxoli4YsV10M0WuFWTc+ xZpwnGATlYRNcSer/HL8PAZqFB3c/ay+G3CSx7CGLRowJZuWxj0rgkxAy+I9khaKCuFj CwZPpGlslyNOsYIMH5A+LMv4a2j1URVt918Kxo0YdpNTmh3gdloa6rhWuDxZx/KDKcW7 PNNY4/5Pi1c243xKiAfM9DIZV5p3OGwI8CUxfTucfk6tes44qSlwf2B9GvRH0NMnurgp 3nIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=W8iGz5TA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p62si13073504edb.9.2020.08.17.15.37.44; Mon, 17 Aug 2020 15:38:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=W8iGz5TA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388294AbgHQRiX (ORCPT + 99 others); Mon, 17 Aug 2020 13:38:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:55792 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731133AbgHQQRN (ORCPT ); Mon, 17 Aug 2020 12:17:13 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 457012245C; Mon, 17 Aug 2020 16:17:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597681020; bh=10jsHML1yfzSljuKWYJg2C1g0WyzWLBu9ooMOo5TVOQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=W8iGz5TA97iaXx/PnsRumDbWMHZgfM7vuOSbUyQg3jcAJoY3F30v6BY+ndgivxNuh FOCKPwU7nUffTeN0G44CjAy4GrvoPOauf9jUXaCWXxNdlVh44l+6iMiAFNUK6x0fPg jgie0ZTnXh4xFeLR9Y4n4Lhmc/MW6OjzQuGmR5iA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+a9ac3de1b5de5fb10efc@syzkaller.appspotmail.com, syzbot+df958cf5688a96ad3287@syzkaller.appspotmail.com, Eric Biggers , Andrew Morton , Alexander Viro , Qiujun Huang , Linus Torvalds Subject: [PATCH 4.19 151/168] fs/minix: dont allow getting deleted inodes Date: Mon, 17 Aug 2020 17:18:02 +0200 Message-Id: <20200817143741.211672047@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200817143733.692105228@linuxfoundation.org> References: <20200817143733.692105228@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers commit facb03dddec04e4aac1bb2139accdceb04deb1f3 upstream. If an inode has no links, we need to mark it bad rather than allowing it to be accessed. This avoids WARNINGs in inc_nlink() and drop_nlink() when doing directory operations on a fuzzed filesystem. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+a9ac3de1b5de5fb10efc@syzkaller.appspotmail.com Reported-by: syzbot+df958cf5688a96ad3287@syzkaller.appspotmail.com Signed-off-by: Eric Biggers Signed-off-by: Andrew Morton Cc: Alexander Viro Cc: Qiujun Huang Cc: Link: http://lkml.kernel.org/r/20200628060846.682158-3-ebiggers@kernel.org Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- fs/minix/inode.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- a/fs/minix/inode.c +++ b/fs/minix/inode.c @@ -471,6 +471,13 @@ static struct inode *V1_minix_iget(struc iget_failed(inode); return ERR_PTR(-EIO); } + if (raw_inode->i_nlinks == 0) { + printk("MINIX-fs: deleted inode referenced: %lu\n", + inode->i_ino); + brelse(bh); + iget_failed(inode); + return ERR_PTR(-ESTALE); + } inode->i_mode = raw_inode->i_mode; i_uid_write(inode, raw_inode->i_uid); i_gid_write(inode, raw_inode->i_gid); @@ -504,6 +511,13 @@ static struct inode *V2_minix_iget(struc iget_failed(inode); return ERR_PTR(-EIO); } + if (raw_inode->i_nlinks == 0) { + printk("MINIX-fs: deleted inode referenced: %lu\n", + inode->i_ino); + brelse(bh); + iget_failed(inode); + return ERR_PTR(-ESTALE); + } inode->i_mode = raw_inode->i_mode; i_uid_write(inode, raw_inode->i_uid); i_gid_write(inode, raw_inode->i_gid);