Hello all!
Is this the expected fix for the issue?
Shouldn't the value be sanitized somehow?
This is intended to be an "honest" question - I am not an experienced kernel nor filesystem programmer, just wondering...
Enrico
On Sun, 2 Oct 2022, Tetsuo Handa wrote:
Date: Sun, 2 Oct 2022 16:37:34
From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
To: Konstantin Komarov <almaz.alexandrovich@xxxxxxxxxxxxxxxxxxxx>
Cc: syzbot <syzbot+fa4648a5446460b7b963@xxxxxxxxxxxxxxxxxxxxxxxxx>,
syzkaller-bugs@xxxxxxxxxxxxxxxx, ntfs3@xxxxxxxxxxxxxxx,
Kari Argillander <kari.argillander@xxxxxxxxx>
Subject: Re: [syzbot] WARNING in wnd_init
syzbot is reporting too large allocation at wnd_init() [1], for a crafted
filesystem can become wnd->nwnd close to UINT_MAX. Add __GFP_NOWARN in
order to avoid too large allocation warning, than exhausting memory by
using kvcalloc().
Link: https://syzkaller.appspot.com/bug?extid=fa4648a5446460b7b963 [1]
Reported-by: syzot <syzbot+fa4648a5446460b7b963@xxxxxxxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
---
fs/ntfs3/bitmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ntfs3/bitmap.c b/fs/ntfs3/bitmap.c
index 5d44ceac855b..90f3c4e84856 100644
--- a/fs/ntfs3/bitmap.c
+++ b/fs/ntfs3/bitmap.c
@@ -661,7 +661,7 @@ int wnd_init(struct wnd_bitmap *wnd, struct super_block *sb, size_t nbits)
if (!wnd->bits_last)
wnd->bits_last = wbits;
- wnd->free_bits = kcalloc(wnd->nwnd, sizeof(u16), GFP_NOFS);
+ wnd->free_bits = kcalloc(wnd->nwnd, sizeof(u16), GFP_NOFS | __GFP_NOWARN);
if (!wnd->free_bits)
return -ENOMEM;
--
2.34.1
