tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

squashfs: verify inode mode when loading from disk

The inode mode loaded from corrupted disk might by error contain the file
type bits. Since the file type bits are set by squashfs_read_inode()
using bitwise OR, the file type bits must not be set by
squashfs_new_inode() from squashfs_read_inode(); otherwise, an invalid
file type bits later confuses may_open().

Link: https://lkml.kernel.org/r/f63d8d11-2254-4fc3-9292-9a43a93b374e@I-love.SAKURA.ne.jp
Reported-by: syzbot <syzbot+895c23f6917da440ed0d@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=895c23f6917da440ed0d
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Phillip Lougher <phillip@squashfs.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Tetsuo Handa and committed by
Andrew Morton bc107a61 6c0022d6

+4
+4
fs/squashfs/inode.c
··· 68 68 inode->i_mode = le16_to_cpu(sqsh_ino->mode); 69 69 inode->i_size = 0; 70 70 71 + /* File type must not be set at this moment, for it will later be set by the caller. */ 72 + if (inode->i_mode & S_IFMT) 73 + err = -EIO; 74 + 71 75 return err; 72 76 } 73 77