]> www.infradead.org Git - users/hch/block.git/commit
projects / users / hch / block.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: c604044) | patch
bcachefs: assign return error when iterating through layout
authorDiogo Jahchan Koike <djahchankoike@gmail.com>
Mon, 23 Sep 2024 22:22:14 +0000 (19:22 -0300)
committerKent Overstreet <kent.overstreet@linux.dev>
Sat, 28 Sep 2024 01:46:34 +0000 (21:46 -0400)
commit40d40c6bea19ff1e40fb3d33b35b354a5b35025f
tree050d4f42f67bbf5b50c3f6ea952113419958ff8btree
parentc6040447c56496f4929db2d73ee445d898dd8a98commit | diff
bcachefs: assign return error when iterating through layout

syzbot reported a null ptr deref in __copy_user [0]

In __bch2_read_super, when a corrupt backup superblock matches the
default opts offset, no error is assigned to ret and the freed superblock
gets through, possibly being assigned as the best sb in bch2_fs_open and
being later dereferenced, causing a fault. Assign EINVALID to ret when
iterating through layout.

[0]: https://syzkaller.appspot.com/bug?extid=18a5c5e8a9c856944876

Reported-by: syzbot+18a5c5e8a9c856944876@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=18a5c5e8a9c856944876
Signed-off-by: Diogo Jahchan Koike <djahchankoike@gmail.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
fs/bcachefs/super-io.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.