CVE-2023-53294

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix null-ptr-deref on inode->iop in ntfslookup()

Syzbot reported a null-ptr-deref bug:

ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) ntfs3: loop0: Mark volume as dirty due to NTFS errors general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] RIP: 0010:dflagsfor_inode fs/dcache.c:1980 [inline] RIP: 0010:__dadd+0x5ce/0x800 fs/dcache.c:2796 Call Trace: <TASK> dsplicealias+0x122/0x3b0 fs/dcache.c:3191 lookupopen fs/namei.c:3391 [inline] openlastlookups fs/namei.c:3481 [inline] pathopenat+0x10e6/0x2df0 fs/namei.c:3688 dofilpopen+0x264/0x4f0 fs/namei.c:3718 dosysopenat2+0x124/0x4e0 fs/open.c:1310 dosys_open fs/open.c:1326 [inline] __dosysopen fs/open.c:1334 [inline] __sesysopen fs/open.c:1330 [inline] __x64sysopen+0x221/0x270 fs/open.c:1330 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x3d/0xb0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x63/0xcd

If the MFT record of ntfs inode is not a base record, inode->i_op can be NULL. And a null-ptr-deref may happen:

ntfslookup() dirsearchu() # inode->iop is set to NULL dsplicealias() __dadd() dflagsforinode() # inode->iop->getlink null-ptr-deref

Fix this by adding a Check on inode->iop before calling the dsplice_alias() function.