On Mon, Jan 02, 2023 at 03:10:19PM -0800, Eric Biggers wrote: > On Mon, Jan 02, 2023 at 02:58:33PM +0000, Shigeru Yoshida wrote: > > syzbot reported use-after-free in ext4_find_extent() [1]. If there is > > a corrupted file system, this can cause invalid memory access. > > > > This patch fixes the issue by verifying extent header. > > > > Reported-by: syzbot+bf4bb7731ef73b83a3b4@xxxxxxxxxxxxxxxxxxxxxxxxx > > Link: https://syzkaller.appspot.com/bug?id=cd95cb722bfa1234ac4c78345c8953ee2e7170d0 [1] > > Signed-off-by: Shigeru Yoshida <syoshida@xxxxxxxxxx> > > --- > > fs/ext4/extents.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c > > index 9de1c9d1a13d..79bfa583ab1d 100644 > > --- a/fs/ext4/extents.c > > +++ b/fs/ext4/extents.c > > @@ -901,6 +901,9 @@ ext4_find_extent(struct inode *inode, ext4_lblk_t block, > > ret = -EFSCORRUPTED; > > goto err; > > } > > + ret = ext4_ext_check(inode, eh, depth, 0); > > + if (ret) > > + goto err; > > This patch probably does not address the root cause of the problem. Please see > the discussion on the very similar patch > https://lore.kernel.org/linux-ext4/20221230062931.2344157-1-tudor.ambarus@xxxxxxxxxx/T/#u Thank you so much for your comment!! I missed the discussion you mentioned. I'll check that. Regards, Shigeru > > - Eric >
