[PATCH] ext4: Add extend check to prevent BUG() in ext4_es_end

From: Tadeusz Struk
Date: Fri Sep 30 2022 - 16:26:09 EST

Next message: John Ogness: "Re: [PATCH printk 06/18] printk: Protect [un]register_console() with a mutex"
Previous message: Luis Chamberlain: "Re: [PATCH v2 1/2] module: Correct wake up of module_wq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Syzbot reported an issue with ext4 extents. The reproducer creates
a corrupted ext4 fs image in memory, and mounts it as a loop device.
It invokes the ext4_cache_extents() and ext4_find_extent(), which
eventually triggers a BUG() in ext4_es_end() causing a kernel crash.
It triggers on mainline, and every kernel version back to v4.14.
Add a call ext4_ext_check_inode() in ext4_find_extent() to prevent
the crash.

To: "Theodore Ts'o" <tytso@xxxxxxx>
Cc: "Andreas Dilger" <adilger.kernel@xxxxxxxxx>
Cc: <linux-ext4@xxxxxxxxxxxxxxx>
Cc: <linux-kernel@xxxxxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>

Link: https://syzkaller.appspot.com/bug?id=641e7a4b900015c5d7a729d6cc1fba7a928a88f9
Reported-by: syzbot+a22dc4b0744ac658ed9b@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Tadeusz Struk <tadeusz.struk@xxxxxxxxxx>
---
fs/ext4/extents.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 5235974126bd..c7b5a11e1abc 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -897,6 +897,12 @@ ext4_find_extent(struct inode *inode, ext4_lblk_t block,
goto err;
}

+ ret = ext4_ext_check_inode(inode);
+ if (ret) {
+ EXT4_ERROR_INODE(inode, "inode has invalid extent");
+ goto err;
+ }
+
if (path) {
ext4_ext_drop_refs(path);
if (depth > path[0].p_maxdepth) {
--
2.37.3

Next message: John Ogness: "Re: [PATCH printk 06/18] printk: Protect [un]register_console() with a mutex"
Previous message: Luis Chamberlain: "Re: [PATCH v2 1/2] module: Correct wake up of module_wq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]