mirror of
https://github.com/torvalds/linux.git
synced 2026-03-08 04:04:43 +01:00
005d4b0d33
syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to [1], the permissions field was treated as reserved in Mac OS 8 and 9. According to [2], the reserved field was explicitly initialized with 0, and that field must remain 0 as long as reserved. Therefore, when the "mode" field is not 0 (i.e. no longer reserved), the file must be S_IFDIR if dir == 1, and the file must be one of S_IFREG/S_IFLNK/S_IFCHR/ S_IFBLK/S_IFIFO/S_IFSOCK if dir == 0. Reported-by: syzbot <syzbot+895c23f6917da440ed0d@syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=895c23f6917da440ed0d Link: https://developer.apple.com/library/archive/technotes/tn/tn1150.html#HFSPlusPermissions [1] Link: https://developer.apple.com/library/archive/technotes/tn/tn1150.html#ReservedAndPadFields [2] Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Viacheslav Dubeyko <slava@dubeyko.com> Signed-off-by: Viacheslav Dubeyko <slava@dubeyko.com> Link: https://lore.kernel.org/r/04ded9f9-73fb-496c-bfa5-89c4f5d1d7bb@I-love.SAKURA.ne.jp Signed-off-by: Viacheslav Dubeyko <slava@dubeyko.com> |
||
|---|---|---|
| .. | ||
| attributes.c | ||
| bfind.c | ||
| bitmap.c | ||
| bnode.c | ||
| brec.c | ||
| btree.c | ||
| catalog.c | ||
| dir.c | ||
| extents.c | ||
| hfsplus_fs.h | ||
| hfsplus_raw.h | ||
| inode.c | ||
| ioctl.c | ||
| Kconfig | ||
| Makefile | ||
| options.c | ||
| part_tbl.c | ||
| super.c | ||
| tables.c | ||
| unicode.c | ||
| wrapper.c | ||
| xattr.c | ||
| xattr.h | ||
| xattr_security.c | ||
| xattr_trusted.c | ||
| xattr_user.c | ||