Re: fix fs/quota/dquot.c oops error

From: Jan Kara
Date: Mon Nov 02 2020 - 10:04:42 EST

Next message: Sakari Ailus: "Re: [PATCH v5 1/4] dt-bindings: media: imx258: add bindings for IMX258 sensor"
Previous message: Christian König: "Re: [PATCH] drm/amd: move DRM_ERROR log out of the mutex protect area"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon 02-11-20 16:38:00, 1 wrote:
> An oops error will appear if you follow the steps below:
> 1.gcc -o test test.c
> 2.sudo ./test
>
>
> The error can be found in the dmesg file , in the function of
> "dquot_add_space". Because a pointer named "dquot" is illegal , so it
> need to use functions to detect the pointer. Through the test, it is
> found that this function named "access_ok" meets the requirements.

Thanks for the patch but it is not correct. A proper fix for this syzbot
reproducer is to add more sanity checking into quota code to verify quota
file headers are not corrupted. Because these corrupted headers cause bogus
return values from get_free_blk() and possibly other quota functions which
then confuse __dquot_initialize().

Honza

--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR

Next message: Sakari Ailus: "Re: [PATCH v5 1/4] dt-bindings: media: imx258: add bindings for IMX258 sensor"
Previous message: Christian König: "Re: [PATCH] drm/amd: move DRM_ERROR log out of the mutex protect area"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]