MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 15:03:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
4bb0122091
linux-yocto/fs/afs
History
Edward Adam Davis 8b3c655fa2
afs: Set vllist to NULL if addr parsing fails 
syzbot reported a bug in in afs_put_vlserverlist.

  kAFS: bad VL server IP address
  BUG: unable to handle page fault for address: fffffffffffffffa
  ...
  Oops: Oops: 0002 [#1] SMP KASAN PTI
  ...
  RIP: 0010:refcount_dec_and_test include/linux/refcount.h:450 [inline]
  RIP: 0010:afs_put_vlserverlist+0x3a/0x220 fs/afs/vl_list.c:67
  ...
  Call Trace:
   <TASK>
   afs_alloc_cell fs/afs/cell.c:218 [inline]
   afs_lookup_cell+0x12a5/0x1680 fs/afs/cell.c:264
   afs_cell_init+0x17a/0x380 fs/afs/cell.c:386
   afs_proc_rootcell_write+0x21f/0x290 fs/afs/proc.c:247
   proc_simple_write+0x114/0x1b0 fs/proc/generic.c:825
   pde_write fs/proc/inode.c:330 [inline]
   proc_reg_write+0x23d/0x330 fs/proc/inode.c:342
   vfs_write+0x25c/0x1180 fs/read_write.c:682
   ksys_write+0x12a/0x240 fs/read_write.c:736
   do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
   do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
   entry_SYSCALL_64_after_hwframe+0x77/0x7f

Because afs_parse_text_addrs() parses incorrectly, its return value -EINVAL
is assigned to vllist, which results in -EINVAL being used as the vllist
address when afs_put_vlserverlist() is executed.

Set the vllist value to NULL when a parsing error occurs to avoid this
issue.

Fixes: e2c2cb8ef0 ("afs: Simplify cell record handling")
Reported-by: syzbot+5c042fbab0b292c98fc6@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=5c042fbab0b292c98fc6
Tested-by: syzbot+5c042fbab0b292c98fc6@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/4119365.1753108011@warthog.procyon.org.uk
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
2025-07-23 13:54:34 +02:00
..
addr_list.c afs: Use the per-peer app data provided by rxrpc 2025-03-10 09:47:15 +00:00
addr_prefs.c afs: Fix check for NULL terminator 2025-07-23 13:54:05 +02:00
afs_cm.h
afs_fs.h
afs_vl.h afs: Fix the maximum cell name length 2025-01-07 15:55:25 +01:00
afs.h afs: Fix the maximum cell name length 2025-01-07 15:55:25 +01:00
callback.c afs: Add more tracepoints to do with tracking validity 2024-12-20 22:34:06 +01:00
cell.c afs: Set vllist to NULL if addr parsing fails 2025-07-23 13:54:34 +02:00
cm_security.c afs: Use rxgk RESPONSE to pass token for callback channel 2025-04-14 17:36:42 -07:00
cmservice.c afs: Use the per-peer app data provided by rxrpc 2025-03-10 09:47:15 +00:00
dir_edit.c afs: Use the contained hashtable to search a directory 2024-12-20 22:34:09 +01:00
dir_search.c afs: Use the contained hashtable to search a directory 2024-12-20 22:34:09 +01:00
dir_silly.c VFS: rename lookup_one_len family to lookup_noperm and remove permission check 2025-04-08 11:24:36 +02:00
dir.c VFS: rename lookup_one_len family to lookup_noperm and remove permission check 2025-04-08 11:24:36 +02:00
dynroot.c afs: Fix afs_dynroot_readdir() to not use the RCU read lock 2025-04-11 15:24:29 +02:00
file.c afs: Add a tracepoint for afs_read_receive() 2024-12-20 22:34:09 +01:00
flock.c afs: adapt to breakup of struct file_lock 2024-02-05 13:11:42 +01:00
fs_operation.c afs: Make {Y,}FS.FetchData an asynchronous operation 2024-12-20 22:34:08 +01:00
fs_probe.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
fsclient.c afs: Fix afs_server ref accounting 2025-03-10 09:47:15 +00:00
inode.c afs: Locally initialise the contents of a new symlink on creation 2024-12-20 22:34:09 +01:00
internal.h afs: Use rxgk RESPONSE to pass token for callback channel 2025-04-14 17:36:42 -07:00
Kconfig afs: Use rxgk RESPONSE to pass token for callback channel 2025-04-14 17:36:42 -07:00
main.c rxrpc: Allow CHALLENGEs to the passed to the app for a RESPONSE 2025-04-14 17:36:41 -07:00
Makefile rxrpc: Allow CHALLENGEs to the passed to the app for a RESPONSE 2025-04-14 17:36:41 -07:00
misc.c rxrpc: Add the security index for yfs-rxgk 2025-04-14 17:36:41 -07:00
mntpt.c saner calling conventions for ->d_automount() 2025-05-05 13:42:49 -04:00
proc.c afs: Use the per-peer app data provided by rxrpc 2025-03-10 09:47:15 +00:00
protocol_afs.h
protocol_uae.h
protocol_yfs.h
rotate.c afs: Add more tracepoints to do with tracking validity 2024-12-20 22:34:06 +01:00
rxrpc.c afs: Use rxgk RESPONSE to pass token for callback channel 2025-04-14 17:36:42 -07:00
security.c fs: port ->permission() to pass mnt_idmap 2023-01-19 09:24:28 +01:00
server_list.c afs: Fix afs_server ref accounting 2025-03-10 09:47:15 +00:00
server.c afs: Use rxgk RESPONSE to pass token for callback channel 2025-04-14 17:36:42 -07:00
super.c afs: Drop the net parameter from afs_unuse_cell() 2025-03-10 09:47:15 +00:00
validation.c afs: Add more tracepoints to do with tracking validity 2024-12-20 22:34:06 +01:00
vl_alias.c afs: Drop the net parameter from afs_unuse_cell() 2025-03-10 09:47:15 +00:00
vl_list.c afs: Dispatch vlserver probes in priority order 2024-01-01 16:37:27 +00:00
vl_probe.c afs: Keep a record of the current fileserver endpoint state 2024-01-01 16:37:27 +00:00
vl_rotate.c afs: Simplify cell record handling 2025-03-10 09:47:15 +00:00
vlclient.c vfs-6.14-rc1.netfs 2025-01-20 09:29:11 -08:00
volume.c afs: Improve afs_volume tracing to display a debug ID 2025-03-10 09:47:15 +00:00
write.c netfs: Fix undifferentiation of DIO reads from unbuffered reads 2025-05-23 10:35:03 +02:00
xattr.c afs: Add __counted_by for struct afs_acl and use struct_size() 2023-12-01 09:51:43 -08:00
xdr_fs.h afs: Fix directory format encoding struct 2024-12-20 22:34:04 +01:00
yfsclient.c vfs-6.14-rc1.afs 2025-01-20 11:40:48 -08:00