Patch "fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list()" has been added to the 6.4-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 07 Aug 2023 10:50:15 +0200

This is a note to let you know that I've just added the patch titled

    fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list()

to the 6.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     fs-ntfs3-use-__gfp_nowarn-allocation-at-ntfs_load_attr_list.patch
and it can be found in the queue-6.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From ea303f72d70ce2f0b0aa94ab127085289768c5a6 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 28 Mar 2023 20:05:16 +0900
Subject: fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list()

From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>

commit ea303f72d70ce2f0b0aa94ab127085289768c5a6 upstream.

syzbot is reporting too large allocation at ntfs_load_attr_list(), for
a crafted filesystem can have huge data_size.

Reported-by: syzbot <syzbot+89dbb3a789a5b9711793@xxxxxxxxxxxxxxxxxxxxxxxxx>
Link: https://syzkaller.appspot.com/bug?extid=89dbb3a789a5b9711793
Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/ntfs3/attrlist.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/fs/ntfs3/attrlist.c
+++ b/fs/ntfs3/attrlist.c
@@ -52,7 +52,7 @@ int ntfs_load_attr_list(struct ntfs_inod
 
 	if (!attr->non_res) {
 		lsize = le32_to_cpu(attr->res.data_size);
-		le = kmalloc(al_aligned(lsize), GFP_NOFS);
+		le = kmalloc(al_aligned(lsize), GFP_NOFS | __GFP_NOWARN);
 		if (!le) {
 			err = -ENOMEM;
 			goto out;
@@ -80,7 +80,7 @@ int ntfs_load_attr_list(struct ntfs_inod
 		if (err < 0)
 			goto out;
 
-		le = kmalloc(al_aligned(lsize), GFP_NOFS);
+		le = kmalloc(al_aligned(lsize), GFP_NOFS | __GFP_NOWARN);
 		if (!le) {
 			err = -ENOMEM;
 			goto out;


Patches currently in stable-queue which might be from penguin-kernel@xxxxxxxxxxxxxxxxxxx are

queue-6.4/debugobjects-recheck-debug_objects_enabled-before-reporting.patch
queue-6.4/fs-ntfs3-use-__gfp_nowarn-allocation-at-ntfs_load_attr_list.patch
queue-6.4/kasan-kmsan-remove-__gfp_kswapd_reclaim-usage-from-kasan-kmsan.patch






