On Mon, Jan 02, 2023 at 02:58:33PM +0000, Shigeru Yoshida wrote: > syzbot reported use-after-free in ext4_find_extent() [1]. If there is > a corrupted file system, this can cause invalid memory access. > > This patch fixes the issue by verifying extent header. > > Reported-by: syzbot+bf4bb7731ef73b83a3b4@xxxxxxxxxxxxxxxxxxxxxxxxx > Link: https://syzkaller.appspot.com/bug?id=cd95cb722bfa1234ac4c78345c8953ee2e7170d0 [1] > Signed-off-by: Shigeru Yoshida <syoshida@xxxxxxxxxx> > --- > fs/ext4/extents.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c > index 9de1c9d1a13d..79bfa583ab1d 100644 > --- a/fs/ext4/extents.c > +++ b/fs/ext4/extents.c > @@ -901,6 +901,9 @@ ext4_find_extent(struct inode *inode, ext4_lblk_t block, > ret = -EFSCORRUPTED; > goto err; > } > + ret = ext4_ext_check(inode, eh, depth, 0); > + if (ret) > + goto err; This patch probably does not address the root cause of the problem. Please see the discussion on the very similar patch https://lore.kernel.org/linux-ext4/20221230062931.2344157-1-tudor.ambarus@xxxxxxxxxx/T/#u - Eric
