From 7af85d54e39733bb9a236b95ea5ed1ab8277d560 Mon Sep 17 00:00:00 2001 From: Dom Cobley Date: Tue, 11 Jun 2024 16:12:47 +0100 Subject: [PATCH] fs/ntfs3: Fix memory corruption when page_size changes The rework in fs/ntfs3: Reduce stack usage changes log->page_size but doesn't change the associated log->page_mask and log->page_bits. That results in the bytes value in read_log_page getting a negative value, which is bad when it is passed to memcpy. The kernel panic can be observed when connecting an ntfs formatted drive that has previously been connected to a Windows machine to a Raspberry Pi 5, which by defauilt uses a 16K kernel pagesize. Fixes: 865e7a7700d9 ("fs/ntfs3: Reduce stack usage") Signed-off-by: Dom Cobley --- fs/ntfs3/fslog.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ntfs3/fslog.c b/fs/ntfs3/fslog.c index 4085fe30bf481e..a4714ff85827e0 100644 --- a/fs/ntfs3/fslog.c +++ b/fs/ntfs3/fslog.c @@ -3907,6 +3907,8 @@ int log_replay(struct ntfs_inode *ni, bool *initialized) log->l_size = log->orig_file_size; log->page_size = norm_file_page(t32, &log->l_size, t32 == DefaultLogPageSize); + log->page_mask = log->page_size - 1; + log->page_bits = blksize_bits(log->page_size); } if (log->page_size != t32 ||