Patch "gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     gfs2-fix-kernel-null-pointer-dereference-in-gfs2_rgr.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit c05e01171108a0ac853edbe679c364ce54fb0236
Author: Osama Muhammad <osmtendev@xxxxxxxxx>
Date:   Mon Nov 6 21:21:29 2023 +0500

    gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
    
    [ Upstream commit 8877243beafa7c6bfc42022cbfdf9e39b25bd4fa ]
    
    Syzkaller has reported a NULL pointer dereference when accessing
    rgd->rd_rgl in gfs2_rgrp_dump().  This can happen when creating
    rgd->rd_gl fails in read_rindex_entry().  Add a NULL pointer check in
    gfs2_rgrp_dump() to prevent that.
    
    Reported-and-tested-by: syzbot+da0fc229cc1ff4bb2e6d@xxxxxxxxxxxxxxxxxxxxxxxxx
    Link: https://syzkaller.appspot.com/bug?extid=da0fc229cc1ff4bb2e6d
    Fixes: 72244b6bc752 ("gfs2: improve debug information when lvb mismatches are found")
    Signed-off-by: Osama Muhammad <osmtendev@xxxxxxxxx>
    Signed-off-by: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c
index 9308190895c8..307b952a41f8 100644
--- a/fs/gfs2/rgrp.c
+++ b/fs/gfs2/rgrp.c
@@ -2306,7 +2306,7 @@ void gfs2_rgrp_dump(struct seq_file *seq, struct gfs2_rgrpd *rgd,
 		       (unsigned long long)rgd->rd_addr, rgd->rd_flags,
 		       rgd->rd_free, rgd->rd_free_clone, rgd->rd_dinodes,
 		       rgd->rd_requested, rgd->rd_reserved, rgd->rd_extfail_pt);
-	if (rgd->rd_sbd->sd_args.ar_rgrplvb) {
+	if (rgd->rd_sbd->sd_args.ar_rgrplvb && rgd->rd_rgl) {
 		struct gfs2_rgrp_lvb *rgl = rgd->rd_rgl;
 
 		gfs2_print_dbg(seq, "%s  L: f:%02x b:%u i:%u\n", fs_id_buf,




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux