Received: by 2002:a05:6512:e85:0:0:0:0 with SMTP id bi5csp136850lfb; Thu, 23 Jun 2022 21:02:08 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vh07eU+xdS1+R/nMCJsvfoMojFQEh7eSPlBUTFNCpolCnYgyObUVBGDFqwQj9DSswBNbWa X-Received: by 2002:a17:90a:6809:b0:1ec:c213:56c8 with SMTP id p9-20020a17090a680900b001ecc21356c8mr1579051pjj.82.1656043328029; Thu, 23 Jun 2022 21:02:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656043328; cv=none; d=google.com; s=arc-20160816; b=UryHnykdBDzkgiKT0EYamCJO7HSngr7jzT1/1r4cChzzG+CBP+KD8uPet/4VTtosZy cbenOA5WG4aZUvFrV0IuU8u1hVCZ6/hg/mCVWDKiR46z0J7DnfRfgYARcw3SPOB//Ajv XWzG+VWx+vvjxnO4PtZc4rSSbTwG0YdXsrc9xldTWxuioZSAiCQQQbzVqaTqDSVLU1RX vHHmHzYShhGxxWltlbtHv/9C/kVUoJYEfKgo2uy5bGDF3AbFuMs/FCZFOw+59EYIYquQ Hk5Cwm+00m5S+YS5TVtJK9U+cBw9crtb5EUSzeEwxP5sy/QHie8N612ESnUqUMSh9cOj x83A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:subject:cc:to:from:date:message-id:dkim-signature; bh=aLjJG3wTDdhEgtq1ZKtCCF6LdFjXWGOjNdpJprykOdA=; b=b8Zw9dZAfQCL8FtAXGERCfvaSTs6tAcb9hlJNUf5eGEmxLfZFs76kjakiScv1rvdVx QzcEMQnqN1/hIKnOu4gVO9PvcwFpVVBw3Z5ciW6IJ+HqNXuXFYOiRCcmWOv6o2TOc8oG iPMlkjWWpdaEJ8Qf9CPP9cuU9TwQ281NGH0UdmG7gY0gv9N5iO5+CDuRJX6K1Wxnn89y XvxVcVj+wh7ntuB615e/FuwQ8Gf2jGamivzo9F6kAzc5ia0IauiUJ7rTmat5WIEV11lM T67gbvVARZwljCPO1g+Mfw+2+JL0Mhl8lxHgfCMd4RNmUj/ZZu+AfuxDBeBKusxEMV03 JzTQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=ZM1bUECx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x136-20020a63318e000000b00408caba6f33si1306641pgx.316.2022.06.23.21.01.22; Thu, 23 Jun 2022 21:02:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=ZM1bUECx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231202AbiFXD4A (ORCPT + 99 others); Thu, 23 Jun 2022 23:56:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40264 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229728AbiFXDz4 (ORCPT ); Thu, 23 Jun 2022 23:55:56 -0400 Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 31F315159E; Thu, 23 Jun 2022 20:55:56 -0700 (PDT) Received: by mail-pg1-x536.google.com with SMTP id d129so1253596pgc.9; Thu, 23 Jun 2022 20:55:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:from:to:cc:subject:references:mime-version :content-disposition:in-reply-to; bh=aLjJG3wTDdhEgtq1ZKtCCF6LdFjXWGOjNdpJprykOdA=; b=ZM1bUECxFa2yoUSkcaJn1sj2GOOIwzyJ9lQP4IWIXeIoHFS2b1SqfE9M0yGKlL0S29 FZWBnuXVNmCAgHYU7zhV7rd3panA+a5OVzPpNAwhg6qmRFnPYljgtZ/KcEEHyc3mQmwr bApTxzi2uUxj0+6etZ+FqXsmJso/hZhfYKJMaJ5Opp2ZiiPUAcmbbp8uGKgyNF+et1xS 9bhDpUvdglGyneVlAraINvOaasl9nYYnEfaRiaME2q6iwm+/pRek09a+BjO5vEh6UcIx 4KJCjaArPcGNAKrJ4eKCz17Eh2bsTSsgzdhfX4b66F/I9kPsCf1tQoy00DckBGTth7PY o5zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:from:to:cc:subject:references :mime-version:content-disposition:in-reply-to; bh=aLjJG3wTDdhEgtq1ZKtCCF6LdFjXWGOjNdpJprykOdA=; b=7AXzKOuzedt9gfXggQYeYbWE3ZPlj7wOzj+YU8+cKk0rvFrWkf93CRzxXxEdgJIOHi q81fXTXpXK+6pnuuWssSkFsjHDlHf449E/xGEb8ZGfW3F6jgAdgTIo2yYl/Z2HfuBLvB bnVoVKhcG1zCPTqF9eSsg0udEv2BlteK6tSTrGTO6GYcA+EaWoJrWbKXdTimHzE6/rEs lwm/3N528Vt47TfIQS0dvetQs3c42Y5ejDD6aSCvwa97/dRxuoCinCwiXUv0JMOmpR+o rSh3vgLH91kqxqYGWWh0RtnSAo3J+/qDaQn+3BfR5PBwXa6FkWwpTKl6Pvpyxgy9nguC yuPg== X-Gm-Message-State: AJIora9hEsMz72f1GueG6yHWtX4iGOSrD2KIIdp7IACNisX28s7Kn0H8 xs1L0HAk8YvMFcaAptTGxQTlegoldbg= X-Received: by 2002:a63:3c12:0:b0:40d:66f:8241 with SMTP id j18-20020a633c12000000b0040d066f8241mr10181476pga.612.1656042955417; Thu, 23 Jun 2022 20:55:55 -0700 (PDT) Received: from localhost ([193.203.214.57]) by smtp.gmail.com with ESMTPSA id a4-20020a170902710400b0016a1c61c603sm588280pll.154.2022.06.23.20.55.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Jun 2022 20:55:54 -0700 (PDT) Message-ID: <62b535ca.1c69fb81.b0647.1529@mx.google.com> X-Google-Original-Message-ID: <20220624035553.GA980944@cgel.zte@gmail.com> Date: Fri, 24 Jun 2022 03:55:53 +0000 From: CGEL To: Namjae Jeon Cc: Eric Biggers , xu.xin16@zte.com.cn, anton@tuxera.com, linux-ntfs-dev@lists.sourceforge.net, stable@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Zeal Robot , syzbot+6a5a7672f663cce8b156@syzkaller.appspotmail.com, Songyi Zhang , Yang Yang , Jiang Xuexin , Zhang wenya Subject: Re: [PATCH v2] fs/ntfs: fix BUG_ON of ntfs_read_block() References: <20220623033635.973929-1-xu.xin16@zte.com.cn> <20220623094956.977053-1-xu.xin16@zte.com.cn> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 24, 2022 at 11:33:28AM +0900, Namjae Jeon wrote: > 2022-06-24 2:08 GMT+09:00, Eric Biggers : > > On Thu, Jun 23, 2022 at 09:49:56AM +0000, cgel.zte@gmail.com wrote: > >> From: xu xin > >> > >> As the bug description at > >> https://lore.kernel.org/lkml/20220623033635.973929-1-xu.xin16@zte.com.cn/ > >> attckers can use this bug to crash the system. > >> > >> So to avoid panic, remove the BUG_ON, and use ntfs_warning to output a > >> warning to the syslog and return instead until someone really solve > >> the problem. > >> > >> Cc: stable@vger.kernel.org > >> Reported-by: Zeal Robot > >> Reported-by: syzbot+6a5a7672f663cce8b156@syzkaller.appspotmail.com > >> Reviewed-by: Songyi Zhang > >> Reviewed-by: Yang Yang > >> Reviewed-by: Jiang Xuexin > >> Reviewed-by: Zhang wenya > >> Signed-off-by: xu xin > >> --- > >> > >> Change for v2: > >> - Use ntfs_warning instead of WARN(). > >> - Add the tag Cc: stable@vger.kernel.org. > >> --- > >> fs/ntfs/aops.c | 7 ++++++- > >> 1 file changed, 6 insertions(+), 1 deletion(-) > >> > >> diff --git a/fs/ntfs/aops.c b/fs/ntfs/aops.c > >> index 5f4fb6ca6f2e..84d68efb4ace 100644 > >> --- a/fs/ntfs/aops.c > >> +++ b/fs/ntfs/aops.c > >> @@ -183,7 +183,12 @@ static int ntfs_read_block(struct page *page) > >> vol = ni->vol; > >> > >> /* $MFT/$DATA must have its complete runlist in memory at all times. */ > >> - BUG_ON(!ni->runlist.rl && !ni->mft_no && !NInoAttr(ni)); > >> + if (unlikely(!ni->runlist.rl && !ni->mft_no && !NInoAttr(ni))) { > >> + ntfs_warning(vi->i_sb, "Error because ni->runlist.rl, ni->mft_no, " > >> + "and NInoAttr(ni) is null."); > >> + unlock_page(page); > >> + return -EINVAL; > >> + } > > > > A better warning message that doesn't rely on implementation details > > (struct > > field and macro names) would be "Runlist of $MFT/$DATA is not cached". > > Also, > > why does this situation happen in the first place? Is there a way to > > prevent > > this situation in the first place? > > ntfs_mapping_pairs_decompress() should return error pointer instead of NULL. > Callers is checking error value using IS_ERR(). and the mapping pairs > array of @MFT entry is empty, I think it's corrupted, it should cause > mount failure. > > I haven't checked if this patch fix the problem. Xu, Can you check it ? > I have test it and it fixes the problem. Thanks. > diff --git a/fs/ntfs/runlist.c b/fs/ntfs/runlist.c > index 97932fb5179c..31263fe0772f 100644 > --- a/fs/ntfs/runlist.c > +++ b/fs/ntfs/runlist.c > @@ -766,8 +766,11 @@ runlist_element > *ntfs_mapping_pairs_decompress(const ntfs_volume *vol, > return ERR_PTR(-EIO); > } > /* If the mapping pairs array is valid but empty, nothing to do. */ > - if (!vcn && !*buf) > + if (!vcn && !*buf) { > + if (!old_rl) > + return ERR_PTR(-EIO); > return old_rl; > + } > /* Current position in runlist array. */ > rlpos = 0; > /* Allocate first page and set current runlist size to one page. */ > > > > > - Eric > >