This is a note to let you know that I've just added the patch titled
fs/ntfs3: Fix NULL dereference in ni_write_inode
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
fs-ntfs3-fix-null-dereference-in-ni_write_inode.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 63d7078b2a30d58c5fd46c6290de2eb73314d423
Author: Abdun Nihaal <abdun.nihaal@xxxxxxxxx>
Date: Sun Oct 30 12:32:51 2022 +0530
fs/ntfs3: Fix NULL dereference in ni_write_inode
[ Upstream commit 8dae4f6341e335a09575be60b4fdf697c732a470 ]
Syzbot reports a NULL dereference in ni_write_inode.
When creating a new inode, if allocation fails in mi_init function
(called in mi_format_new function), mi->mrec is set to NULL.
In the error path of this inode creation, mi->mrec is later
dereferenced in ni_write_inode.
Add a NULL check to prevent NULL dereference.
Link: https://syzkaller.appspot.com/bug?extid=f45957555ed4a808cc7a
Reported-and-tested-by: syzbot+f45957555ed4a808cc7a@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Abdun Nihaal <abdun.nihaal@xxxxxxxxx>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c
index 1f0e230ec9e2c..d260260900241 100644
--- a/fs/ntfs3/frecord.c
+++ b/fs/ntfs3/frecord.c
@@ -3255,6 +3255,9 @@ int ni_write_inode(struct inode *inode, int sync, const char *hint)
return 0;
}
+ if (!ni->mi.mrec)
+ goto out;
+
if (is_rec_inuse(ni->mi.mrec) &&
!(sbi->flags & NTFS_FLAGS_LOG_REPLAYING) && inode->i_nlink) {
bool modified = false;
