Hello all! Is this the expected fix for the issue? Shouldn't the value be sanitized somehow? This is intended to be an "honest" question - I am not an experienced kernel nor filesystem programmer, just wondering... Enrico On Sun, 2 Oct 2022, Tetsuo Handa wrote:
Date: Sun, 2 Oct 2022 16:37:34 From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> To: Konstantin Komarov <almaz.alexandrovich@xxxxxxxxxxxxxxxxxxxx> Cc: syzbot <syzbot+fa4648a5446460b7b963@xxxxxxxxxxxxxxxxxxxxxxxxx>, syzkaller-bugs@xxxxxxxxxxxxxxxx, ntfs3@xxxxxxxxxxxxxxx, Kari Argillander <kari.argillander@xxxxxxxxx> Subject: Re: [syzbot] WARNING in wnd_init syzbot is reporting too large allocation at wnd_init() [1], for a crafted filesystem can become wnd->nwnd close to UINT_MAX. Add __GFP_NOWARN in order to avoid too large allocation warning, than exhausting memory by using kvcalloc(). Link: https://syzkaller.appspot.com/bug?extid=fa4648a5446460b7b963 [1] Reported-by: syzot <syzbot+fa4648a5446460b7b963@xxxxxxxxxxxxxxxxxxxxxxxxx> Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> --- fs/ntfs3/bitmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ntfs3/bitmap.c b/fs/ntfs3/bitmap.c index 5d44ceac855b..90f3c4e84856 100644 --- a/fs/ntfs3/bitmap.c +++ b/fs/ntfs3/bitmap.c @@ -661,7 +661,7 @@ int wnd_init(struct wnd_bitmap *wnd, struct super_block *sb, size_t nbits) if (!wnd->bits_last) wnd->bits_last = wbits; - wnd->free_bits = kcalloc(wnd->nwnd, sizeof(u16), GFP_NOFS); + wnd->free_bits = kcalloc(wnd->nwnd, sizeof(u16), GFP_NOFS | __GFP_NOWARN); if (!wnd->free_bits) return -ENOMEM; -- 2.34.1