Commit 5ad4fd8f authored Nov 13, 2024 by Konstantin Komarov Committed by Yifan Qiao Nov 13, 2024

fs/ntfs3: Additional check in ntfs_file_release

mainline inclusion
from mainline-v6.12-rc3
commit 031d6f608290c847ba6378322d0986d08d1a645a
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB37A2
CVE: CVE-2024-50242

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=031d6f608290c847ba6378322d0986d08d1a645a



--------------------------------

Reported-by:  <syzbot+8c652f14a0fde76ff11d@syzkaller.appspotmail.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Yifan Qiao <qiaoyifan4@huawei.com>

parent 400fd9cc

fs/ntfs3/file.c

+8 −1

Original line number	Diff line number	Diff line
		@@ -1189,7 +1189,14 @@ static int ntfs_file_release(struct inode inode, struct file file)

		/* If we are last writer on the inode, drop the block reservation. */
		if (sbi->options->prealloc && ((file->f_mode & FMODE_WRITE) &&
		atomic_read(&inode->i_writecount) == 1)) {
		atomic_read(&inode->i_writecount) == 1)
		/*
		* The only file when inode->i_fop = &ntfs_file_operations and
		* init_rwsem(&ni->file.run_lock) is not called explicitly is MFT.
		*
		* Add additional check here.
		*/
		&& inode->i_ino != MFT_REC_MFT) {
		ni_lock(ni);
		down_write(&ni->file.run_lock);