fs/ntfs3: Fix general protection fault in run_is_mapped_full

commit a33fb016e49e37aafab18dc3c8314d6399cb4727 upstream.

Fixed deleating of a non-resident attribute in ntfs_create_inode()
rollback.

Reported-by: syzbot+9af29acd8f27fbce94bc@syzkaller.appspotmail.com
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Bin Lan <bin.lan.cn@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
index 026ed43c0670424c42caf99b2290e074046f792b..057aa3cec90252a7f7abc3ded4c20e6d1f0e1ac1 100644 (file)
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -1646,6 +1646,15 @@ out7:
                          le16_to_cpu(new_de->key_size), sbi);
        /* ni_unlock(dir_ni); will be called later. */
 out6:
+       attr = ni_find_attr(ni, NULL, NULL, ATTR_EA, NULL, 0, NULL, NULL);
+       if (attr && attr->non_res) {
+               /* Delete ATTR_EA, if non-resident. */
+               struct runs_tree run;
+               run_init(&run);
+               attr_set_size(ni, ATTR_EA, NULL, 0, &run, 0, NULL, false, NULL);
+               run_close(&run);
+       }
+
        if (rp_inserted)
                ntfs_remove_reparse(sbi, IO_REPARSE_TAG_SYMLINK, &new_de->ref);