Commit 4e2c0735 authored by Konstantin Komarov's avatar Konstantin Komarov Committed by Yongjian Sun
Browse files

fs/ntfs3: Unify inode corruption marking with _ntfs_bad_inode() 

mainline inclusion
from mainline-v6.12-rc3
commit 55ad333de0f80bc0caee10c6c27196cdcf8891bb
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBPC5A
CVE: CVE-2024-52560

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=55ad333de0f80bc0caee10c6c27196cdcf8891bb



--------------------------------

Also reworked error handling in a couple of places.

Signed-off-by: default avatarKonstantin Komarov <almaz.alexandrovich@paragon-software.com>
Conflicts:
		fs/ntfs3/attrib.c
[Context Changed for fs/ntfs3/attrib.c]
Signed-off-by: default avatarYongjian Sun <sunyongjian1@huawei.com>
parent 7f4c9906

fs/ntfs3/attrib.c

+1 −1
Original line number Diff line number Diff line
@@ -1421,7 +1421,7 @@ int attr_wof_frame_info(struct ntfs_inode *ni, struct ATTRIB *attr, 
	 */

	if (!attr->non_res) {

		if (vbo[1] + bytes_per_off > le32_to_cpu(attr->res.data_size)) {

			ntfs_inode_err(&ni->vfs_inode, "is corrupted");

			_ntfs_bad_inode(&ni->vfs_inode);

			return -EINVAL;

		}

		addr = resident_data(attr);

fs/ntfs3/dir.c

+1 −1
Original line number Diff line number Diff line
@@ -512,7 +512,7 @@ static int ntfs_readdir(struct file *file, struct dir_context *ctx) 
		ctx->pos = pos;

	} else if (err < 0) {

		if (err == -EINVAL)

			ntfs_inode_err(dir, "directory corrupted");

			_ntfs_bad_inode(dir);

		ctx->pos = eod;

	}

fs/ntfs3/frecord.c

+7 −5
Original line number Diff line number Diff line
@@ -148,8 +148,10 @@ int ni_load_mi_ex(struct ntfs_inode *ni, CLST rno, struct mft_inode **mi) 
		goto out;



	err = mi_get(ni->mi.sbi, rno, &r);

	if (err)

	if (err) {

		_ntfs_bad_inode(&ni->vfs_inode);

		return err;

	}



	ni_add_mi(ni, r);
@@ -239,8 +241,7 @@ struct ATTRIB *ni_find_attr(struct ntfs_inode *ni, struct ATTRIB *attr, 
	return attr;



out:

	ntfs_inode_err(&ni->vfs_inode, "failed to parse mft record");

	ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR);

	_ntfs_bad_inode(&ni->vfs_inode);

	return NULL;

}
@@ -332,6 +333,7 @@ struct ATTRIB *ni_load_attr(struct ntfs_inode *ni, enum ATTR_TYPE type, 
	    vcn <= le64_to_cpu(attr->nres.evcn))

		return attr;



	_ntfs_bad_inode(&ni->vfs_inode);

	return NULL;

}
@@ -1607,8 +1609,8 @@ int ni_delete_all(struct ntfs_inode *ni) 
		roff = le16_to_cpu(attr->nres.run_off);



		if (roff > asize) {

			_ntfs_bad_inode(&ni->vfs_inode);

			return -EINVAL;

			/* ni_enum_attr_ex checks this case. */

			continue;

		}



		/* run==1 means unpack and deallocate. */

fs/ntfs3/fsntfs.c

+5 −1
Original line number Diff line number Diff line
@@ -908,8 +908,12 @@ void ntfs_bad_inode(struct inode *inode, const char *hint) 


	ntfs_inode_err(inode, "%s", hint);

	make_bad_inode(inode);

	/* Avoid recursion if bad inode is $Volume. */

	if (inode->i_ino != MFT_REC_VOL &&

	    !(sbi->flags & NTFS_FLAGS_LOG_REPLAYING)) {

		ntfs_set_state(sbi, NTFS_DIRTY_ERROR);

	}

}



/*

 * ntfs_set_state

fs/ntfs3/index.c

+2 −4
Original line number Diff line number Diff line
@@ -1094,8 +1094,7 @@ int indx_read(struct ntfs_index *indx, struct ntfs_inode *ni, CLST vbn, 


ok:

	if (!index_buf_check(ib, bytes, &vbn)) {

		ntfs_inode_err(&ni->vfs_inode, "directory corrupted");

		ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR);

		_ntfs_bad_inode(&ni->vfs_inode);

		err = -EINVAL;

		goto out;

	}
@@ -1117,8 +1116,7 @@ int indx_read(struct ntfs_index *indx, struct ntfs_inode *ni, CLST vbn, 


out:

	if (err == -E_NTFS_CORRUPT) {

		ntfs_inode_err(&ni->vfs_inode, "directory corrupted");

		ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR);

		_ntfs_bad_inode(&ni->vfs_inode);

		err = -EINVAL;

	}