linux/fs/ext4
Theodore Ts'o b87c7cdf2b ext4: fix invalid free tracking in ext4_xattr_move_to_block()
In ext4_xattr_move_to_block(), the value of the extended attribute
which we need to move to an external block may be allocated by
kvmalloc() if the value is stored in an external inode.  So at the end
of the function the code tried to check if this was the case by
testing entry->e_value_inum.

However, at this point, the pointer to the xattr entry is no longer
valid, because it was removed from the original location where it had
been stored.  So we could end up calling kvfree() on a pointer which
was not allocated by kvmalloc(); or we could also potentially leak
memory by not freeing the buffer when it should be freed.  Fix this by
storing whether it should be freed in a separate variable.

Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20230430160426.581366-1-tytso@mit.edu
Link: https://syzkaller.appspot.com/bug?id=5c2aee8256e30b55ccf57312c16d88417adbd5e1
Link: https://syzkaller.appspot.com/bug?id=41a6b5d4917c0412eb3b3c3c604965bed7d7420b
Reported-by: syzbot+64b645917ce07d89bde5@syzkaller.appspotmail.com
Reported-by: syzbot+0d042627c4f2ad332195@syzkaller.appspotmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2023-05-13 18:05:04 -04:00
..
.kunitconfig ext4: add .kunitconfig fragment to enable ext4-specific tests 2021-02-11 23:16:30 -05:00
acl.c fs: port acl to mnt_idmap 2023-01-19 09:24:28 +01:00
acl.h fs: port ->set_acl() to pass mnt_idmap 2023-01-19 09:24:27 +01:00
balloc.c ext4: allow ext4_get_group_info() to fail 2023-05-13 18:02:46 -04:00
bitmap.c ext4: remove useless conditional branch code 2023-04-19 23:39:08 -04:00
block_validity.c ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() 2022-02-25 21:34:56 -05:00
crypto.c ext4: refactor and move ext4_ioctl_get_encryption_pwsalt() 2022-05-21 22:24:24 -04:00
dir.c ext4: fix spelling errors in comments 2022-05-11 15:19:06 -04:00
ext4_extents.h ext4: fix sparse warnings 2021-08-30 23:36:50 -04:00
ext4_jbd2.c ext4: split ext4_journal_start trace for debug 2022-12-01 10:46:54 -05:00
ext4_jbd2.h ext4: split ext4_journal_start trace for debug 2022-12-01 10:46:54 -05:00
ext4.h ext4: allow ext4_get_group_info() to fail 2023-05-13 18:02:46 -04:00
extents_status.c ext4: fix reserved cluster accounting in __es_remove_extent() 2022-12-09 00:58:04 -05:00
extents_status.h
extents.c ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline 2023-04-28 12:56:35 -04:00
fast_commit.c ext4: use ext4_fc_tl_mem in fast-commit replay path 2023-02-09 10:43:23 -05:00
fast_commit.h ext4: add missing validation of fast-commit record lengths 2022-12-08 21:49:24 -05:00
file.c fs: add FMODE_DIO_PARALLEL_WRITE flag 2023-04-03 07:14:20 -06:00
fsmap.c ext4: fix another off-by-one fsmap error on 1k block filesystems 2023-03-07 20:20:48 -05:00
fsmap.h ext4: fsmap: fix the block/inode bitmap comment 2021-06-24 09:48:29 -04:00
fsync.c ext4: Drop special handling of journalled data from ext4_sync_file() 2023-04-14 19:56:53 -04:00
hash.c unicode: clean up the Kconfig symbol confusion 2022-01-20 19:57:24 -05:00
ialloc.c ext4: allow ext4_get_group_info() to fail 2023-05-13 18:02:46 -04:00
indirect.c ext4: fix error code return to user-space in ext4_get_branch() 2022-12-08 21:49:24 -05:00
inline.c - Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of 2023-04-27 19:42:02 -07:00
inode-test.c fs: ext4: Modify inode-test.c to use KUnit parameterized testing feature 2020-12-02 16:07:25 -07:00
inode.c Some ext4 regression and bug fixes for -rc1 2023-05-01 11:00:04 -07:00
ioctl.c Bug fixes and regressions for ext4, the most serious of which is a 2023-03-12 08:55:55 -07:00
Kconfig ext: EXT4_KUNIT_TESTS should depend on EXT4_FS instead of selecting it 2021-02-11 23:12:59 -05:00
Makefile ext4: move ext4 crypto code to its own file crypto.c 2022-05-21 22:24:24 -04:00
mballoc.c ext4: remove a BUG_ON in ext4_mb_release_group_pa() 2023-05-13 18:05:04 -04:00
mballoc.h ext4: Remove the logic to trim inode PAs 2023-04-06 01:13:13 -04:00
migrate.c ext4: fix warning in 'ext4_da_release_space' 2022-11-06 01:07:59 -04:00
mmp.c ext4: fix lockdep warning when enabling MMP 2023-05-07 21:11:18 -04:00
move_extent.c - Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of 2023-04-27 19:42:02 -07:00
namei.c ext4: fix possible double unlock when moving a directory 2023-03-17 21:53:52 -04:00
orphan.c ext4: remove trailing newline from ext4_msg() message 2022-12-08 21:49:23 -05:00
page-io.c ext4: remove unneeded check of nr_to_submit 2023-04-19 23:38:33 -04:00
readpage.c ext4: Use a folio iterator in __read_end_io() 2023-04-06 13:39:52 -04:00
resize.c ext4: remove unused group parameter in ext4_block_bitmap_csum_set 2023-03-23 23:00:08 -04:00
super.c ext4: allow ext4_get_group_info() to fail 2023-05-13 18:02:46 -04:00
symlink.c fs: port ->getattr() to pass mnt_idmap 2023-01-19 09:24:25 +01:00
sysfs.c ext4: Remove the logic to trim inode PAs 2023-04-06 01:13:13 -04:00
truncate.h ext4: Convert to use mapping->invalidate_lock 2021-07-13 14:29:00 +02:00
verity.c - Nick Piggin's "shoot lazy tlbs" series, to improve the peformance of 2023-04-27 19:42:02 -07:00
xattr_hurd.c fs: port xattr to mnt_idmap 2023-01-19 09:24:28 +01:00
xattr_security.c fs: port xattr to mnt_idmap 2023-01-19 09:24:28 +01:00
xattr_trusted.c fs: port xattr to mnt_idmap 2023-01-19 09:24:28 +01:00
xattr_user.c fs: port xattr to mnt_idmap 2023-01-19 09:24:28 +01:00
xattr.c ext4: fix invalid free tracking in ext4_xattr_move_to_block() 2023-05-13 18:05:04 -04:00
xattr.h ext4: remove EA inode entry from mbcache on inode eviction 2022-08-02 23:56:25 -04:00