From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
"Darrick J. Wong" <darrick.wong@oracle.com>,
Vegard Nossum <vegard.nossum@oracle.com>,
Theodore Tso <tytso@mit.edu>
Subject: [PATCH 4.7 01/41] ext4: verify extent header depth
Date: Sun, 14 Aug 2016 22:38:27 +0200 [thread overview]
Message-ID: <20160814202532.154215823@linuxfoundation.org> (raw)
In-Reply-To: <20160814202531.818402015@linuxfoundation.org>
4.7-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vegard Nossum <vegard.nossum@oracle.com>
commit 7bc9491645118c9461bd21099c31755ff6783593 upstream.
Although the extent tree depth of 5 should enough be for the worst
case of 2*32 extents of length 1, the extent tree code does not
currently to merge nodes which are less than half-full with a sibling
node, or to shrink the tree depth if possible. So it's possible, at
least in theory, for the tree depth to be greater than 5. However,
even in the worst case, a tree depth of 32 is highly unlikely, and if
the file system is maliciously corrupted, an insanely large eh_depth
can cause memory allocation failures that will trigger kernel warnings
(here, eh_depth = 65280):
JBD2: ext4.exe wants too many credits credits:195849 rsv_credits:0 max:256
------------[ cut here ]------------
WARNING: CPU: 0 PID: 50 at fs/jbd2/transaction.c:293 start_this_handle+0x569/0x580
CPU: 0 PID: 50 Comm: ext4.exe Not tainted 4.7.0-rc5+ #508
Stack:
604a8947 625badd8 0002fd09 00000000
60078643 00000000 62623910 601bf9bc
62623970 6002fc84 626239b0 900000125
Call Trace:
[<6001c2dc>] show_stack+0xdc/0x1a0
[<601bf9bc>] dump_stack+0x2a/0x2e
[<6002fc84>] __warn+0x114/0x140
[<6002fdff>] warn_slowpath_null+0x1f/0x30
[<60165829>] start_this_handle+0x569/0x580
[<60165d4e>] jbd2__journal_start+0x11e/0x220
[<60146690>] __ext4_journal_start_sb+0x60/0xa0
[<60120a81>] ext4_truncate+0x131/0x3a0
[<60123677>] ext4_setattr+0x757/0x840
[<600d5d0f>] notify_change+0x16f/0x2a0
[<600b2b16>] do_truncate+0x76/0xc0
[<600c3e56>] path_openat+0x806/0x1300
[<600c55c9>] do_filp_open+0x89/0xf0
[<600b4074>] do_sys_open+0x134/0x1e0
[<600b4140>] SyS_open+0x20/0x30
[<6001ea68>] handle_syscall+0x88/0x90
[<600295fd>] userspace+0x3fd/0x500
[<6001ac55>] fork_handler+0x85/0x90
---[ end trace 08b0b88b6387a244 ]---
[ Commit message modified and the extent tree depath check changed
from 5 to 32 -- tytso ]
Cc: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/extents.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -474,6 +474,10 @@ static int __ext4_ext_check(const char *
error_msg = "invalid extent entries";
goto corrupted;
}
+ if (unlikely(depth > 32)) {
+ error_msg = "too large eh_depth";
+ goto corrupted;
+ }
/* Verify checksum on non-root extent tree nodes */
if (ext_depth(inode) != depth &&
!ext4_extent_block_csum_verify(inode, eh)) {
next prev parent reply other threads:[~2016-08-14 20:44 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20160814204653uscas1p136630e2fd59612e56b31ed2096f71df2@uscas1p1.samsung.com>
2016-08-14 20:38 ` [PATCH 4.7 00/41] 4.7.1-stable review Greg Kroah-Hartman
2016-08-14 20:38 ` Greg Kroah-Hartman [this message]
2016-08-14 20:38 ` [PATCH 4.7 02/41] vfs: ioctl: prevent double-fetch in dedupe ioctl Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 03/41] vfs: fix deadlock in file_remove_privs() on overlayfs Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 04/41] udp: use sk_filter_trim_cap for udp{,6}_queue_rcv_skb Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 05/41] net/bonding: Enforce active-backup policy for IPoIB bonds Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 06/41] bridge: Fix incorrect re-injection of LLDP packets Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 07/41] net: ipv6: Always leave anycast and multicast groups on link down Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 08/41] sctp: fix BH handling on socket backlog Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 09/41] net/irda: fix NULL pointer dereference on memory allocation failure Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 10/41] net/sctp: terminate rhashtable walk correctly Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 11/41] qed: Fix setting/clearing bit in completion bitmap Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 12/41] macsec: ensure rx_sa is set when validation is disabled Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 13/41] tcp: consider recv buf for the initial window scale Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 14/41] arm: oabi compat: add missing access checks Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 15/41] KEYS: 64-bit MIPS needs to use compat_sys_keyctl for 32-bit userspace Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 16/41] IB/hfi1: Disable by default Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 17/41] apparmor: fix ref count leak when profile sha1 hash is read Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 18/41] random: strengthen input validation for RNDADDTOENTCNT Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 19/41] mm: memcontrol: fix swap counter leak on swapout from offline cgroup Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 20/41] mm: memcontrol: fix memcg id ref counter on swap charge move Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 21/41] x86/syscalls/64: Add compat_sys_keyctl for 32-bit userspace Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 22/41] block: fix use-after-free in seq file Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 23/41] sysv, ipc: fix security-layer leaking Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 24/41] radix-tree: account nodes to memcg only if explicitly requested Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 25/41] x86/microcode: Fix suspend to RAM with builtin microcode Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 26/41] x86/power/64: Fix hibernation return address corruption Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 27/41] fuse: fsync() did not return IO errors Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 28/41] fuse: fuse_flush must check mapping->flags for errors Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 29/41] fuse: fix wrong assignment of ->flags in fuse_send_init() Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 30/41] Revert "mm, mempool: only set __GFP_NOMEMALLOC if there are free elements" Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 31/41] fs/dcache.c: avoid soft-lockup in dput() Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 32/41] Revert "cpufreq: pcc-cpufreq: update default value of cpuinfo_transition_latency" Greg Kroah-Hartman
2016-08-14 20:38 ` [PATCH 4.7 33/41] crypto: gcm - Filter out async ghash if necessary Greg Kroah-Hartman
2016-08-14 20:39 ` [PATCH 4.7 34/41] crypto: scatterwalk - Fix test in scatterwalk_done Greg Kroah-Hartman
2016-08-14 20:39 ` [PATCH 4.7 35/41] serial: mvebu-uart: free the IRQ in ->shutdown() Greg Kroah-Hartman
2016-08-14 20:39 ` [PATCH 4.7 36/41] ext4: check for extents that wrap around Greg Kroah-Hartman
2016-08-14 20:39 ` [PATCH 4.7 37/41] ext4: fix deadlock during page writeback Greg Kroah-Hartman
2016-08-14 20:39 ` [PATCH 4.7 38/41] ext4: dont call ext4_should_journal_data() on the journal inode Greg Kroah-Hartman
2016-08-14 20:39 ` [PATCH 4.7 39/41] ext4: validate s_reserved_gdt_blocks on mount Greg Kroah-Hartman
2016-08-14 20:39 ` [PATCH 4.7 40/41] ext4: short-cut orphan cleanup on error Greg Kroah-Hartman
2016-08-14 20:39 ` [PATCH 4.7 41/41] ext4: fix reference counting bug on block allocation error Greg Kroah-Hartman
[not found] ` <57b11e62.eeb8c20a.9231a.76ad@mx.google.com>
2016-08-15 7:56 ` [PATCH 4.7 00/41] 4.7.1-stable review Greg Kroah-Hartman
2016-08-15 21:31 ` Kevin Hilman
2016-08-15 13:03 ` Guenter Roeck
2016-08-15 13:46 ` Greg Kroah-Hartman
2016-08-16 4:03 ` Shuah Khan
2016-08-16 10:48 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160814202532.154215823@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=darrick.wong@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox