[PATCH openEuler-22.03-LTS-SP1] fs/ntfs3: Additional check in ntfs_file_release - Kernel

13 Nov 2024

From: Konstantin Komarov almaz.alexandrovich@paragon-software.com
mainline inclusion
from mainline-v6.12-rc3
commit 031d6f608290c847ba6378322d0986d08d1a645a
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB37A2
CVE: CVE-2024-50242
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Reported-by: syzbot+8c652f14a0fde76ff11d@syzkaller.appspotmail.com
Signed-off-by: Konstantin Komarov almaz.alexandrovich@paragon-software.com
Signed-off-by: Yifan Qiao qiaoyifan4@huawei.com
---
 fs/ntfs3/file.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index 28dc22e5e18a..fc45214b7ac4 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -1189,7 +1189,14 @@ static int ntfs_file_release(struct inode *inode, struct file *file)
/* If we are last writer on the inode, drop the block reservation. */
    if (sbi->options->prealloc && ((file->f_mode & FMODE_WRITE) &&
-				      atomic_read(&inode->i_writecount) == 1)) {
+	     atomic_read(&inode->i_writecount) == 1)
+	   /*
+	    * The only file when inode->i_fop = &ntfs_file_operations and
+	    * init_rwsem(&ni->file.run_lock) is not called explicitly is MFT.
+	    *
+	    * Add additional check here.
+	    */
+	    && inode->i_ino != MFT_REC_MFT) {
    	ni_lock(ni);
    	down_write(&ni->file.run_lock);
-- 
2.39.2


    