From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 04475EE4983
	for <linux-mm@archiver.kernel.org>; Fri, 18 Aug 2023 17:43:30 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 7023A94006C; Fri, 18 Aug 2023 13:43:30 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6B21D940012; Fri, 18 Aug 2023 13:43:30 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 578CC94006C; Fri, 18 Aug 2023 13:43:30 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id 4647C940012
	for <linux-mm@kvack.org>; Fri, 18 Aug 2023 13:43:30 -0400 (EDT)
Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id 0CF3140258
	for <linux-mm@kvack.org>; Fri, 18 Aug 2023 17:43:30 +0000 (UTC)
X-FDA: 81137947380.26.FCE413A
Received: from casper.infradead.org (casper.infradead.org [90.155.50.34])
	by imf28.hostedemail.com (Postfix) with ESMTP id AF19FC0007
	for <linux-mm@kvack.org>; Fri, 18 Aug 2023 17:43:27 +0000 (UTC)
Authentication-Results: imf28.hostedemail.com;
	dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=fRiKkJZr;
	spf=none (imf28.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1692380608;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=emG3qXIaO7YAlWV3oGlGfhgkQo9laxPdQNiw90Gx9Wc=;
	b=noqCsPGfuOi6fIfJA0/mIpOQftxXROfozRnVp0V+jLFwbeWeE8QyzOkmZciHmnj7fVxCO9
	HzUSEHz0pBx2nSmssEn7yfJ9/S4RSZQ/7w/g8tP1/nyCF3oJW4f5oDlieYoDfPIbE7DErI
	zX8CsqL2P0plMDNh4X03GJfjJev2WFQ=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1692380608; a=rsa-sha256;
	cv=none;
	b=G/wNBYiqS2Ck+uSH5JOMKUjqKQ8PIiTDfO5U+y8cZpfjBNd3FveOeDBRNCP15KM4RWPkU7
	444A5EOXIYNTgtYpySAOu7epnewhhChgivLGQ69egByKNBiHybZ9TaeblEHSOApmn+QKZC
	JmY+qw5DdFoCAhlpTcAiipORXhNnUMI=
ARC-Authentication-Results: i=1;
	imf28.hostedemail.com;
	dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=fRiKkJZr;
	spf=none (imf28.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org;
	dmarc=none
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version:
	References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description;
	bh=emG3qXIaO7YAlWV3oGlGfhgkQo9laxPdQNiw90Gx9Wc=; b=fRiKkJZrSVPeWrWwrRPnd/vSim
	4Vn0YBHUdC6Sd+z6WPjGYyiwUV8CXUKNkei8B6+n3dOkBEer3jYkMBCEbIBtNywosja1Fw0nQNeXT
	MvwgJmgcgkK4OJDITE5DE8pkZU4H4ayjcNdF6MWsYCI1lwLtyxW04c4TlzevCyfknnHoATTFu5xuk
	li6tPDD/kgEPC4isq0P+gJi1TL0Q9BI4l5iz3lVo8Un9b0EOUchCXL0U1WUv5Gf7LteKDYLlVATBu
	8dqASGdTDwwe+xjiC7WZ3OaJzpcaBmQDu7AWMILuDqculAeLxge/xjEmR2tqttKyIdCdgb8D5vaVl
	slLjPsUQ==;
Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux))
	id 1qX3V9-00An9w-Sj; Fri, 18 Aug 2023 17:43:11 +0000
Date: Fri, 18 Aug 2023 18:43:11 +0100
From: Matthew Wilcox <willy@infradead.org>
To: Kees Cook <keescook@chromium.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
	syzbot <syzbot+6ec38f7a8db3b3fb1002@syzkaller.appspotmail.com>,
	anton@tuxera.com, brauner@kernel.org, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	linux-ntfs-dev@lists.sourceforge.net,
	syzkaller-bugs@googlegroups.com, viro@zeniv.linux.org.uk
Subject: Re: [syzbot] [ntfs?] WARNING in do_open_execat
Message-ID: <ZN+tr1uluHSZqcIg@casper.infradead.org>
References: <000000000000c74d44060334d476@google.com>
 <87o7j471v8.fsf@email.froward.int.ebiederm.org>
 <202308181030.0DA3FD14@keescook>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <202308181030.0DA3FD14@keescook>
X-Stat-Signature: zikozi6z7fd5qhqi7phd3drjusnsycs4
X-Rspamd-Server: rspam10
X-Rspamd-Queue-Id: AF19FC0007
X-Rspam-User: 
X-HE-Tag: 1692380607-38979
X-HE-Meta: U2FsdGVkX19HUHLzaR3aly2Ksp9kj0jxStjPYgVHk72uyWuX18lZw/9kjZEHDTQ/RlkqxT80ed+UqA/hdT+2hCsKlDcoMjBumbA0axZ1dudagQGbpFDM81bHr6f/Y1dxiONONGpfyOfO9ut0v3w/XupUW/JnFs8wn8uTdsDOa0hhaM36VA2SMu4f7dzFAl0kE4d+oB7SHgRweOktdZcOXOybEmMbhgpo7Ids6KOWZ/YsUzlLsKdPIZwffwt2opseyo+ImRL/ZxchZm3GpHkJuvO8xv4e9wnXTSDK6VWH7R7I6VF9vm+UUb3aoTTfuNh34N+uAk8HPjbbATCDg4vqHwKCkWocd+XNPqfU/DEHDwJVhMImehT3cK+9Na7rZKr+3h7aUfCI95f3T2qvJlADT5MkW8xE79WqwZzPLXyCYvUrzQaHpuQs+xajJsnAYNfmcCEEn/9t7W2A8Jycx5g4Dl0pX0ZUPyXtUL4W1IPXRH7q+FsVpiYPHwwCV1sIt4ugG0pgGPdXl84RlSO7IfS8ESJGyWb4eiynsjybHXZWORMs75FNHnSoS5WwEy7aVkJ0j1gGEXTjDb1jdToTtKoTbi+Pj+UQJtH1DH0lVUmQaah1oJQnhPqgsUwf3Nhghf2BQME3qTE+y5mDvPjmnXRIass3LLeJXQ6DxWFZucf4k5DMjEqQCtR92Eq3d8OE3EdZjTgVd4AZPb3VV9uWEKz3yqy6+8J21Al8b4teQFG2vVQHXeGvksWz4fg0jJRPtbTJCRoQkoYqzLpd/dfkWRtXIjmPACgYOdgC1wjesuPDoltt0ZaYQBp6mrwPZQR3k7o4SoI1j28Tf3XG9/aXJQHcxFov8kNglm5APUpSKX8T8kbs6gvqKalS+JdgavIOy+XFDjOf54u30DZUhgb69iQCCbDgehOJ18aoHmGB+UYLF7GBm9jiAcgk5ibqwl2abBhe5Z/ZyoQSFL0xSi3DhB5
 Sdmd1feL
 NCciyUG6+dOFNXCMWGjLTHk9MV/2px4u15u9WqdBgNdi0JJsaPZY2B4uqmKiSnxHyAhQS0ayulomDaAiCVRwwJcL97A5MTGbpkwNDhPCazNFWic7d5eigOuw5PaVupo86m+wb7LsIJ9833lzOfzyT6JYK2d9MKYmcZYcnLteRBkqBWGvwxZLxpsrNATwb49t2N9dRPNcKAukYKtNK9x4G4ZUWrr3/FBC44ppn3SiGi2141/SQwwVE1PnLh+wjjoOXj+MF26zrWvEeHh+854DURnkYusYzZ1LOTDoobXYjbJDYgA8zE4OLZEcXhT+Moiy4USUkFiBvL1kWcqz5QeWHR8yjPMweWFafB+XhYkQ8UonwBbLsSQnhKP5Q+wY/NNAcsvX1ii0mj081q6G/H6pWHA/rgvZ3e8iQeuzFOYR534jdZqbFfVLQFFRptlKJzywm3ERKtkIAxF6dmJ/pVSTz1u7zBG71IaR4bwwn14nUVYXtFUAAt7UKI3zpRRX3aV3BLOTFO7XJLQfMq9sCIOfCWG3ue9VDsc5krRCEgnr2TSs/9UVP8plkh7SMedyISp1ONMdRnes+IM6hI21r1zZy+7zk82ES2izyb0xe5u+sZM3MG0INi3nTdXi20z/cDsgdb7G0o6sJrsS0KrsV7HY3Y8fsgWG6fhP4Y0qn7VSQlWIR4YrbwtBg5XFrEZX10gCBY3nXHeOHGXv/wb+3kZDqtkasChYwYxyKoYbv2nmytvVyPA6HMopZXUjfPN9RaX8cTwpW
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, Aug 18, 2023 at 10:33:26AM -0700, Kees Cook wrote:
> On Fri, Aug 18, 2023 at 11:26:51AM -0500, Eric W. Biederman wrote:
> > syzbot <syzbot+6ec38f7a8db3b3fb1002@syzkaller.appspotmail.com> writes:
> > 
> > > Hello,
> > >
> > > syzbot found the following issue on:
> > 
> > Not an issue.
> > Nothing to do with ntfs.
> > 
> > The code is working as designed and intended.
> > 
> > syzbot generated a malformed exec and the kernel made it
> > well formed and warned about it.
> > 
> > Human beings who run syzbot please mark this as not an issue in your
> > system.  The directions don't have a way to say that the code is working
> > as expected and designed.
> 
> WARN and BUG should not be reachable from userspace, so if this can be
> tripped we should take a closer look and likely fix it...
> 
> > > HEAD commit:    16931859a650 Merge tag 'nfsd-6.5-4' of git://git.kernel.or..
> > > git tree:       upstream
> > > console+strace: https://syzkaller.appspot.com/x/log.txt?x=13e2673da80000
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=aa796b6080b04102
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=6ec38f7a8db3b3fb1002
> > > compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> > > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=17cdbc65a80000
> > > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1262d8cfa80000
> > >
> > > Downloadable assets:
> > > disk image: https://storage.googleapis.com/syzbot-assets/eecc010800b4/disk-16931859.raw.xz
> > > vmlinux: https://storage.googleapis.com/syzbot-assets/f45ae06377a7/vmlinux-16931859.xz
> > > kernel image: https://storage.googleapis.com/syzbot-assets/68891896edba/bzImage-16931859.xz
> > > mounted in repro: https://storage.googleapis.com/syzbot-assets/4b6ab78b223a/mount_0.gz
> > >
> > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > Reported-by: syzbot+6ec38f7a8db3b3fb1002@syzkaller.appspotmail.com
> > >
> > > ntfs: volume version 3.1.
> > > process 'syz-executor300' launched './file1' with NULL argv: empty string added
> > > ------------[ cut here ]------------
> > > WARNING: CPU: 0 PID: 5020 at fs/exec.c:933 do_open_execat+0x18f/0x3f0 fs/exec.c:933
> 
> This is a double-check I left in place, since it shouldn't have been reachable:
> 
>         /*
>          * may_open() has already checked for this, so it should be
>          * impossible to trip now. But we need to be extra cautious
>          * and check again at the very end too.
>          */
>         err = -EACCES;
>         if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) ||
>                          path_noexec(&file->f_path)))
>                 goto exit;
> 
> So yes, let's figure this out...

When trying to figure it out, remember that ntfs corrupts random memory,
so all reports from syzbot that have "ntfs" in them should be discarded.
I tried to tell them that all this work they're doing testing ntfs3 is
pointless, but they won't listen.