From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jan Kara <jack@suse.cz>,
Theodore Tso <tytso@mit.edu>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.4 15/33] ext4: fix checking of directory entry validity for inline directories
Date: Mon, 24 Aug 2020 10:31:11 +0200 [thread overview]
Message-ID: <20200824082347.295184080@linuxfoundation.org> (raw)
In-Reply-To: <20200824082346.498653578@linuxfoundation.org>
From: Jan Kara <jack@suse.cz>
[ Upstream commit 7303cb5bfe845f7d43cd9b2dbd37dbb266efda9b ]
ext4_search_dir() and ext4_generic_delete_entry() can be called both for
standard director blocks and for inline directories stored inside inode
or inline xattr space. For the second case we didn't call
ext4_check_dir_entry() with proper constraints that could result in
accepting corrupted directory entry as well as false positive filesystem
errors like:
EXT4-fs error (device dm-0): ext4_search_dir:1395: inode #28320400:
block 113246792: comm dockerd: bad entry in directory: directory entry too
close to block end - offset=0, inode=28320403, rec_len=32, name_len=8,
size=4096
Fix the arguments passed to ext4_check_dir_entry().
Fixes: 109ba779d6cc ("ext4: check for directory entries too close to block end")
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20200731162135.8080-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/namei.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index eb41fb189d4b3..faf142a6fa8bb 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -1279,8 +1279,8 @@ int ext4_search_dir(struct buffer_head *bh, char *search_buf, int buf_size,
ext4_match(fname, de)) {
/* found a match - just to be sure, do
* a full check */
- if (ext4_check_dir_entry(dir, NULL, de, bh, bh->b_data,
- bh->b_size, offset))
+ if (ext4_check_dir_entry(dir, NULL, de, bh, search_buf,
+ buf_size, offset))
return -1;
*res_dir = de;
return 1;
@@ -2312,7 +2312,7 @@ int ext4_generic_delete_entry(handle_t *handle,
de = (struct ext4_dir_entry_2 *)entry_buf;
while (i < buf_size - csum_size) {
if (ext4_check_dir_entry(dir, NULL, de, bh,
- bh->b_data, bh->b_size, i))
+ entry_buf, buf_size, i))
return -EFSCORRUPTED;
if (de == de_del) {
if (pde)
--
2.25.1
next prev parent reply other threads:[~2020-08-24 9:29 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-24 8:30 [PATCH 4.4 00/33] 4.4.234-rc1 review Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.4 01/33] drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.4 02/33] perf probe: Fix memory leakage when the probe point is not found Greg Kroah-Hartman
2020-08-24 8:30 ` [PATCH 4.4 03/33] net/compat: Add missing sock updates for SCM_RIGHTS Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 04/33] watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 05/33] watchdog: f71808e_wdt: remove use of wrong watchdog_info option Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 06/33] coredump: fix race condition between collapse_huge_page() and core dumping Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 07/33] khugepaged: khugepaged_test_exit() check mmget_still_valid() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 08/33] khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 09/33] btrfs: export helpers for subvolume name/id resolution Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 10/33] btrfs: dont show full path of bind mounts in subvol= Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 11/33] romfs: fix uninitialized memory leak in romfs_dev_read() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 12/33] mm: include CMA pages in lowmem_reserve at boot Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 13/33] mm, page_alloc: fix core hung in free_pcppages_bulk() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 14/33] ext4: clean up ext4_match() and callers Greg Kroah-Hartman
2020-08-24 8:31 ` Greg Kroah-Hartman [this message]
2020-08-24 8:31 ` [PATCH 4.4 16/33] media: budget-core: Improve exception handling in budget_register() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 17/33] media: vpss: clean up resources in init Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 18/33] Input: psmouse - add a newline when printing proto by sysfs Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 19/33] m68knommu: fix overwriting of bits in ColdFire V3 cache control Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 20/33] xfs: fix inode quota reservation checks Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 21/33] jffs2: fix UAF problem Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 22/33] scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 23/33] virtio_ring: Avoid loop when vq is broken in virtqueue_poll Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 24/33] xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 25/33] alpha: fix annotation of io{read,write}{16,32}be() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 26/33] ext4: fix potential negative array index in do_split() Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 27/33] ASoC: intel: Fix memleak in sst_media_open Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 28/33] powerpc: Allow 4224 bytes of stack expansion for the signal frame Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 29/33] epoll: Keep a reference on files added to the check list Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 30/33] do_epoll_ctl(): clean the failure exits up a bit Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 31/33] mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 32/33] xen: dont reschedule in preemption off sections Greg Kroah-Hartman
2020-08-24 8:31 ` [PATCH 4.4 33/33] omapfb: dss: Fix max fclk divider for omap36xx Greg Kroah-Hartman
2020-08-24 10:16 ` [PATCH 4.4 00/33] 4.4.234-rc1 review Jon Hunter
2020-08-26 8:09 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200824082347.295184080@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jack@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.