MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-07-05 13:25:20 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
0c935c049b
linux-yocto/fs
History
Ryusuke Konishi 607dc724b1 nilfs2: handle errors that nilfs_prepare_chunk() may return 
commit ee70999a988b8abc3490609142f50ebaa8344432 upstream.

Patch series "nilfs2: fix issues with rename operations".

This series fixes BUG_ON check failures reported by syzbot around rename
operations, and a minor behavioral issue where the mtime of a child
directory changes when it is renamed instead of moved.


This patch (of 2):

The directory manipulation routines nilfs_set_link() and
nilfs_delete_entry() rewrite the directory entry in the folio/page
previously read by nilfs_find_entry(), so error handling is omitted on the
assumption that nilfs_prepare_chunk(), which prepares the buffer for
rewriting, will always succeed for these.  And if an error is returned, it
triggers the legacy BUG_ON() checks in each routine.

This assumption is wrong, as proven by syzbot: the buffer layer called by
nilfs_prepare_chunk() may call nilfs_get_block() if necessary, which may
fail due to metadata corruption or other reasons.  This has been there all
along, but improved sanity checks and error handling may have made it more
reproducible in fuzzing tests.

Fix this issue by adding missing error paths in nilfs_set_link(),
nilfs_delete_entry(), and their caller nilfs_rename().

Link: https://lkml.kernel.org/r/20250111143518.7901-1-konishi.ryusuke@gmail.com
Link: https://lkml.kernel.org/r/20250111143518.7901-2-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+32c3706ebf5d95046ea1@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=32c3706ebf5d95046ea1
Reported-by: syzbot+1097e95f134f37d9395c@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=1097e95f134f37d9395c
Fixes: 2ba466d74e ("nilfs2: directory entry operations")
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-13 12:51:12 +01:00
..
9p 9p: add missing locking around taking dentry fid list 2024-10-17 15:11:47 +02:00
adfs
affs affs: initialize fsdata in affs_truncate() 2023-02-01 08:27:06 +01:00
afs afs: Fix the server_list to unuse a displaced server rather than putting it 2025-03-13 12:50:56 +01:00
autofs autofs: fix memory leak of waitqueues in autofs_catatonic_mode 2023-09-23 11:09:54 +02:00
befs
bfs
btrfs btrfs: avoid monopolizing a core when activating a swap file 2025-03-13 12:50:47 +01:00
cachefiles cachefiles: fix memory leak in cachefiles_add_cache() 2024-03-06 14:38:50 +00:00
ceph ceph: give up on paths longer than PATH_MAX 2025-01-23 17:15:48 +01:00
cifs smb: client: Add check for next_buffer in receive_encrypted_standard() 2025-03-13 12:51:01 +01:00
coda coda: Avoid partial allocation of sig_inputArgs 2023-03-10 09:39:50 +01:00
configfs configfs: fix possible memory leak in configfs_create_dir() 2022-12-31 13:14:15 +01:00
cramfs
crypto fscrypt: fix keyring memory leak on mount failure 2022-11-10 18:15:37 +01:00
debugfs debugfs: fix automount d_fsdata usage 2024-01-25 14:52:27 -08:00
devpts fsnotify: fix fsnotify hooks in pseudo filesystems 2022-02-01 17:27:01 +01:00
dlm dlm: fix plock lookup when using multiple lockspaces 2023-09-19 12:22:52 +02:00
ecryptfs ecryptfs: Fix buffer size for tag 66 packet 2024-06-16 13:39:16 +02:00
efivarfs efivarfs: Fix error on non-existent file 2025-01-09 13:28:32 +01:00
efs
erofs erofs: fix incorrect symlink detection in fast symlink 2025-01-09 13:28:30 +01:00
exfat exfat: fix soft lockup in exfat_clear_bitmap 2025-03-13 12:51:07 +01:00
exportfs exportfs: use pr_debug for unreachable debug statements 2024-04-10 16:19:21 +02:00
ext2 ext2: Verify bitmap and itable block numbers before using them 2024-08-19 05:45:12 +02:00
ext4 ext4: fix FS_IOC_GETFSMAP handling 2024-12-14 19:51:12 +01:00
f2fs f2fs: fix to wait dio completion 2025-03-13 12:50:46 +01:00
fat fat: fix uninitialized variable 2024-10-22 15:40:40 +02:00
freevxfs
fscache fscache: Remove an unused static variable 2021-10-04 22:13:12 +01:00
fuse fuse: use unsigned type for getxattr/listxattr size truncation 2024-09-12 11:07:44 +02:00
gfs2 gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag 2025-02-01 18:24:00 +01:00
hfs hfs: Sanity check the root record 2025-01-23 17:16:00 +01:00
hfsplus hfsplus: don't query the device logical block size multiple times 2024-12-14 19:50:43 +01:00
hostfs
hpfs
hugetlbfs fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super 2024-03-06 14:38:50 +00:00
iomap iomap: update ki_pos a little later in iomap_dio_complete 2023-12-08 08:48:05 +01:00
isofs isofs: handle CDs with bad root inode but good Joliet root directory 2024-04-13 13:01:44 +02:00
jbd2 jbd2: flush filesystem device before updating tail sequence 2025-01-23 17:15:48 +01:00
jffs2 jffs2: Fix rtime decompressor 2024-12-14 19:51:44 +01:00
jfs jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree 2024-12-14 19:51:39 +01:00
kernfs fs/kernfs/dir: obey S_ISGID 2024-02-23 08:54:51 +01:00
ksmbd ksmbd: fix integer overflows on 32 bit systems 2025-03-13 12:50:48 +01:00
lockd nfsd: stop setting ->pg_stats for unused stats 2024-09-04 13:23:30 +02:00
minix minix: fix bug when opening a file with O_DIRECT 2022-04-13 20:59:10 +02:00
netfs netfs: fix parameter of cleanup() 2021-12-29 12:28:59 +01:00
nfs pnfs/flexfiles: retry getting layout segment for reads 2025-03-13 12:50:32 +01:00
nfs_common nfs: Fix kerneldoc warning shown up by W=1 2021-10-04 22:02:17 +01:00
nfsd NFSD: fix hang in nfsd4_shutdown_callback 2025-03-13 12:50:34 +01:00
nilfs2 nilfs2: handle errors that nilfs_prepare_chunk() may return 2025-03-13 12:51:12 +01:00
nls fs/nls: make load_nls() take a const parameter 2023-09-19 12:22:27 +02:00
notify fsnotify: fix sending inotify event with unexpected filename 2024-12-14 19:51:13 +01:00
ntfs ntfs: check overflow when iterating ATTR_RECORDs 2022-11-26 09:24:52 +01:00
ntfs3 fs/ntfs3: Additional check in ntfs_file_release 2025-02-01 18:24:01 +01:00
ocfs2 ocfs2: check dir i_size in ocfs2_find_entry 2025-03-13 12:50:34 +01:00
omfs
openpromfs openpromfs: finish conversion to the new mount API 2024-06-16 13:39:16 +02:00
orangefs orangefs: fix a oob in orangefs_debug_write 2025-03-13 12:50:37 +01:00
overlayfs ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up 2025-03-13 12:50:55 +01:00
proc sysctl: share unsigned long const values 2025-03-13 12:49:50 +01:00
pstore pstore/blk: trivial typo fixes 2025-03-13 12:49:51 +01:00
qnx4 qnx4: work around gcc false positive warning bug 2021-09-21 08:36:48 -07:00
qnx6
quota quota: flush quota_release_work upon quota writeback 2024-12-14 19:51:22 +01:00
ramfs shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs 2023-07-23 13:47:33 +02:00
reiserfs reiserfs: Check the return value from __getblk() 2023-09-19 12:22:30 +02:00
romfs
smbfs_common cifs: Fix crash on unload of cifs_arc4.ko 2021-12-14 10:57:12 +01:00
squashfs Squashfs: check the inode number is not the invalid value of zero 2025-03-13 12:51:09 +01:00
sysfs fs: sysfs: Fix reference leak in sysfs_break_active_protection() 2024-04-27 17:05:28 +02:00
sysv sysv: don't call sb_bread() with pointers_lock held 2024-04-13 13:01:44 +02:00
tracefs tracefs: Add missing lockdown check to tracefs_create_dir() 2023-09-23 11:10:02 +02:00
ubifs ubifs: skip dumping tnc tree when zroot is null 2025-03-13 12:50:11 +01:00
udf udf: Avoid directory type conversion failure due to ENOMEM 2024-11-17 15:06:26 +01:00
ufs
unicode Revert "unicode: Don't special case ignorable code points" 2024-12-14 19:51:44 +01:00
vboxsf vboxsf: Avoid an spurious warning if load_nls_xxx() fails 2024-04-10 16:19:38 +02:00
verity fsverity: skip PKCS#7 parser when keyring is empty 2023-09-19 12:22:52 +02:00
xfs xfs: Add error handling for xfs_reflink_cancel_cow_range 2025-03-13 12:50:30 +01:00
zonefs zonefs: Improve error handling 2024-03-01 13:21:43 +01:00
aio.c fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion 2024-04-10 16:18:46 +02:00
anon_inodes.c
attr.c attr: block mode changes of symlinks 2023-09-23 11:10:01 +02:00
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c fs: binfmt_elf_efpic: don't use missing interpreter's properties 2024-09-04 13:23:24 +02:00
binfmt_elf.c fs/binfmt_elf: Fix memory leak in load_elf_binary() 2022-11-03 23:59:12 +09:00
binfmt_flat.c binfmt_flat: Fix integer overflow bug on 32 bit systems 2025-03-13 12:50:24 +01:00
binfmt_misc.c binfmt_misc: cleanup on filesystem umount 2024-09-04 13:23:22 +02:00
binfmt_script.c
buffer.c mm: fs: initialize fsdata passed to write_begin/write_end interface 2022-11-26 09:24:51 +01:00
char_dev.c chardev: fix error handling in cdev_device_add() 2022-12-31 13:14:30 +01:00
compat_binfmt_elf.c
coredump.c coredump: Use the vma snapshot in fill_files_note 2022-04-08 14:24:18 +02:00
d_path.c
dax.c fsdax: Fix infinite loop in dax_iomap_rw() 2022-09-28 11:11:56 +02:00
dcache.c fs: better handle deep ancestor chains in is_subdir() 2024-07-27 10:46:13 +02:00
direct-io.c
drop_caches.c
eventfd.c eventfd: prevent underflow for eventfd semaphores 2023-09-19 12:22:30 +02:00
eventpoll.c epoll: Add synchronous wakeup support for ep_poll_callback 2025-01-09 13:28:36 +01:00
exec.c exec: don't WARN for racy path_noexec check 2024-11-01 01:52:35 +01:00
fcntl.c fs: Fix file_set_fowner LSM hook inconsistencies 2024-10-17 15:11:15 +02:00
fhandle.c do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak 2024-03-26 18:21:14 -04:00
file_table.c fs: fix proc_handler for sysctl_nr_open 2025-03-13 12:49:50 +01:00
file.c fs: fix missing declaration of init_files 2025-01-23 17:16:00 +01:00
filesystems.c
fs_context.c fs: avoid empty option when generating legacy mount string 2023-07-23 13:47:34 +02:00
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs 2023-11-20 11:08:13 +01:00
fsopen.c
init.c
inode.c fs: move inode sysctls to its own file 2025-03-13 12:49:50 +01:00
internal.h nfs: use vfs setgid helper 2023-08-30 16:18:19 +02:00
ioctl.c lsm: new security_file_ioctl_compat() hook 2024-02-23 08:54:25 +01:00
Kconfig NFSD: Remove CONFIG_NFSD_V3 2024-04-10 16:19:01 +02:00
Kconfig.binfmt
kernel_read_file.c vfs: check fd has read access in kernel_read_file_from_fd() 2021-10-18 20:22:03 -10:00
libfs.c libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value 2022-12-31 13:14:03 +01:00
locks.c filelock: Fix fcntl/close race recovery compat path 2024-07-27 10:46:17 +02:00
Makefile io_uring: move to separate directory 2022-12-14 11:37:31 +01:00
mbcache.c mbcache: Avoid nesting of cache->c_list_lock under bit locks 2023-01-12 11:59:20 +01:00
mount.h
mpage.c
namei.c rename(): fix the locking of subdirectories 2024-02-23 08:54:26 +01:00
namespace.c mount: handle OOM on mnt_warn_timestamp_expiry 2024-10-17 15:10:44 +02:00
no-block.c
nsfs.c
open.c openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) 2024-11-01 01:52:37 +01:00
pipe.c fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() 2024-04-10 16:19:42 +02:00
pnode.c pnode: terminate at peers of source 2023-01-12 11:58:47 +01:00
pnode.h
posix_acl.c fs: fix acl translation 2022-07-02 16:41:17 +02:00
proc_namespace.c fs: add is_idmapped_mnt() helper 2022-07-02 16:41:14 +02:00
read_write.c vfs: fix copy_file_range() averts filesystem freeze protection 2022-12-19 12:36:39 +01:00
readdir.c
remap_range.c fs/remap: constrain dedupe of EOF blocks 2022-07-21 21:24:14 +02:00
select.c select: Fix unbalanced user_access_end() 2025-03-13 12:49:51 +01:00
seq_file.c rxrpc: Fix locking issue 2022-07-12 16:35:08 +02:00
signalfd.c signalfd: use wake_up_pollfree() 2021-12-14 10:57:15 +01:00
splice.c Revert "fs: check FMODE_LSEEK to control internal pipe splicing" 2022-10-26 12:34:17 +02:00
stack.c
stat.c stat: fix inconsistency between struct stat and struct compat_stat 2022-04-27 14:38:57 +02:00
statfs.c statfs: enforce statfs[64] structure initialization 2023-05-24 17:36:54 +01:00
super.c fs: explicitly unregister per-superblock BDIs 2024-10-17 15:10:43 +02:00
sync.c vfs: make sync_filesystem return errors from ->sync_fs 2022-04-27 14:38:50 +02:00
timerfd.c
userfaultfd.c Fix userfaultfd_api to return EINVAL as expected 2024-07-18 13:07:42 +02:00
utimes.c
xattr.c fs: don't audit the capability check in simple_xattr_list() 2022-12-31 13:14:01 +01:00