Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/fs/squashfs
History
Zhiyu Zhang d7147a3357 squashfs: fix invalid pointer dereference in squashfs_cache_delete 
When mounting a squashfs fails, squashfs_cache_init() may return an error
pointer (e.g., -ENOMEM) instead of NULL.  However, squashfs_cache_delete()
only checks for a NULL cache, and attempts to dereference the invalid
pointer.  This leads to a kernel crash (BUG: unable to handle kernel
paging request in squashfs_cache_delete).

This patch fixes the issue by checking IS_ERR(cache) before accessing it.

Link: https://lkml.kernel.org/r/20250306132855.2030-1-zhiyuzhang999@gmail.com
Fixes: 49ff29240e ("squashfs: make squashfs_cache_init() return ERR_PTR(-ENOMEM)")
Signed-off-by: Zhiyu Zhang <zhiyuzhang999@gmail.com>
Reported-by: Zhiyu Zhang <zhiyuzhang999@gmail.com>
Closes: https://lore.kernel.org/linux-fsdevel/CALf2hKvaq8B4u5yfrE+BYt7aNguao99mfWxHngA+=o5hwzjdOg@mail.gmail.com/
Tested-by: Zhiyu Zhang <zhiyuzhang999@gmail.com>
Reviewed-by: Phillip Lougher <phillip@squashfs.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 		2025-03-16 17:40:24 -07:00
..
Kconfig squashfs: update Kconfig information 2025-01-24 22:47:22 -08:00
Makefile
block.c squashfs: squashfs_read_data need to check if the length is 0 2023-12-06 16:12:45 -08:00
cache.c squashfs: fix invalid pointer dereference in squashfs_cache_delete 2025-03-16 17:40:24 -07:00
decompressor.c squashfs: don't include buffer_head.h 2023-06-09 17:44:14 -07:00
decompressor.h
decompressor_multi.c
decompressor_multi_percpu.c squashfs: fix percpu address space issues in decompressor_multi_percpu.c 2024-09-09 16:47:41 -07:00
decompressor_single.c
dir.c
export.c exportfs: make ->encode_fh() a mandatory method for NFS export 2023-10-28 16:15:15 +02:00
file.c squashfs: convert squashfs_fill_page() to take a folio 2025-01-24 22:47:22 -08:00
file_cache.c squashfs; convert squashfs_copy_cache() to take a folio 2025-01-24 22:47:22 -08:00
file_direct.c squashfs: convert squashfs_readpage_block() to take a folio 2025-01-24 22:47:22 -08:00
fragment.c
id.c
inode.c Squashfs: sanity check symbolic link size 2024-08-13 13:56:46 +02:00
lz4_wrapper.c
lzo_wrapper.c
namei.c Squashfs: remove deprecated strncpy by not copying the string 2024-04-25 21:07:05 -07:00
page_actor.c Squashfs: Update page_actor to not use page->index 2024-08-19 14:08:20 +02:00
page_actor.h Squashfs: Ensure all readahead pages have been used 2024-08-23 13:11:36 +02:00
squashfs.h squashfs: convert squashfs_fill_page() to take a folio 2025-01-24 22:47:22 -08:00
squashfs_fs.h Squashfs: fix handling and sanity checking of xattr_ids count 2023-01-31 16:44:10 -08:00
squashfs_fs_i.h
squashfs_fs_sb.h squashfs: cache partial compressed blocks 2023-06-09 17:44:14 -07:00
super.c squashfs: don't allocate read_page cache if SQUASHFS_FILE_DIRECT configured 2025-01-24 22:47:21 -08:00
symlink.c squashfs: convert squashfs_symlink_read_folio to use folio APIs 2024-05-08 08:41:28 -07:00
xattr.c squashfs: move squashfs_xattr_handlers to .rodata 2023-10-10 13:49:20 +02:00
xattr.h Squashfs: fix handling and sanity checking of xattr_ids count 2023-01-31 16:44:10 -08:00
xattr_id.c revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" 2023-02-03 17:52:25 -08:00
xz_wrapper.c
zlib_wrapper.c
zstd_wrapper.c