From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Vasily Averin <vvs@virtuozzo.com>,
Theodore Tso <tytso@mit.edu>,
stable@kernel.org
Subject: [PATCH 4.9 61/83] ext4: fix possible leak of sbi->s_group_desc_leak in error path
Date: Mon, 19 Nov 2018 17:29:27 +0100 [thread overview]
Message-ID: <20181119162624.398404872@linuxfoundation.org> (raw)
In-Reply-To: <20181119162612.046511542@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Theodore Ts'o <tytso@mit.edu>
commit 9e463084cdb22e0b56b2dfbc50461020409a5fd3 upstream.
Fixes: bfe0a5f47ada ("ext4: add more mount time checks of the superblock")
Reported-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 4.18
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3897,6 +3897,14 @@ static int ext4_fill_super(struct super_
sbi->s_groups_count = blocks_count;
sbi->s_blockfile_groups = min_t(ext4_group_t, sbi->s_groups_count,
(EXT4_MAX_BLOCK_FILE_PHYS / EXT4_BLOCKS_PER_GROUP(sb)));
+ if (((u64)sbi->s_groups_count * sbi->s_inodes_per_group) !=
+ le32_to_cpu(es->s_inodes_count)) {
+ ext4_msg(sb, KERN_ERR, "inodes count not valid: %u vs %llu",
+ le32_to_cpu(es->s_inodes_count),
+ ((u64)sbi->s_groups_count * sbi->s_inodes_per_group));
+ ret = -EINVAL;
+ goto failed_mount;
+ }
db_count = (sbi->s_groups_count + EXT4_DESC_PER_BLOCK(sb) - 1) /
EXT4_DESC_PER_BLOCK(sb);
if (ext4_has_feature_meta_bg(sb)) {
@@ -3916,14 +3924,6 @@ static int ext4_fill_super(struct super_
ret = -ENOMEM;
goto failed_mount;
}
- if (((u64)sbi->s_groups_count * sbi->s_inodes_per_group) !=
- le32_to_cpu(es->s_inodes_count)) {
- ext4_msg(sb, KERN_ERR, "inodes count not valid: %u vs %llu",
- le32_to_cpu(es->s_inodes_count),
- ((u64)sbi->s_groups_count * sbi->s_inodes_per_group));
- ret = -EINVAL;
- goto failed_mount;
- }
bgl_lock_init(sbi->s_blockgroup_lock);
next prev parent reply other threads:[~2018-11-20 3:19 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-19 16:28 [PATCH 4.9 00/83] 4.9.138-stable review Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 01/83] powerpc/eeh: Fix possible null deref in eeh_dump_dev_log() Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 02/83] tty: check name length in tty_find_polling_driver() Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 03/83] ARM: imx_v6_v7_defconfig: Select CONFIG_TMPFS_POSIX_ACL Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 04/83] powerpc/nohash: fix undefined behaviour when testing page size support Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 05/83] drm/omap: fix memory barrier bug in DMM driver Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 06/83] media: pci: cx23885: handle adding to list failure Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 07/83] MIPS: kexec: Mark CPU offline before disabling local IRQ Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 08/83] powerpc/boot: Ensure _zimage_start is a weak symbol Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 09/83] MIPS/PCI: Call pcie_bus_configure_settings() to set MPS/MRRS Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 10/83] sc16is7xx: Fix for multi-channel stall Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 11/83] media: tvp5150: fix width alignment during set_selection() Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 12/83] powerpc/selftests: Wait all threads to join Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 13/83] 9p locks: fix glock.client_id leak in do_lock Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 14/83] 9p: clear dangling pointers in p9stat_free Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 15/83] cdrom: fix improper type cast, which can leat to information leak Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 16/83] scsi: qla2xxx: Fix incorrect port speed being set for FC adapters Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 17/83] scsi: qla2xxx: shutdown chip if reset fail Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 18/83] fuse: Fix use-after-free in fuse_dev_do_read() Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 19/83] fuse: Fix use-after-free in fuse_dev_do_write() Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 20/83] fuse: fix blocked_waitq wakeup Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 21/83] fuse: set FR_SENT while locked Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 22/83] mm: do not bug_on on incorrect length in __mm_populate() Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 23/83] e1000: avoid null pointer dereference on invalid stat type Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 24/83] e1000: fix race condition between e1000_down() and e1000_watchdog Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 25/83] bna: ethtool: Avoid reading past end of buffer Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 26/83] parisc: Align os_hpmc_size on word boundary Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 27/83] parisc: Fix HPMC handler by increasing size to multiple of 16 bytes Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 28/83] parisc: Fix exported address of os_hpmc handler Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 29/83] MIPS: Loongson-3: Fix CPU UART irq delivery problem Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 30/83] MIPS: Loongson-3: Fix BRIDGE " Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 31/83] xtensa: add NOTES section to the linker script Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 32/83] xtensa: make sure bFLT stack is 16 byte aligned Greg Kroah-Hartman
2018-11-19 16:28 ` [PATCH 4.9 33/83] xtensa: fix boot parameters address translation Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 34/83] clk: s2mps11: Fix matching when built as module and DT node contains compatible Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 35/83] clk: at91: Fix division by zero in PLL recalc_rate() Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 36/83] clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 37/83] libceph: bump CEPH_MSG_MAX_DATA_LEN Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 38/83] Revert "ceph: fix dentry leak in splice_dentry()" Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 39/83] mach64: fix display corruption on big endian machines Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 40/83] mach64: fix image corruption due to reading accelerator registers Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 41/83] reset: hisilicon: fix potential NULL pointer dereference Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 42/83] vhost/scsi: truncate T10 PI iov_iter to prot_bytes Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 43/83] ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 44/83] mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 45/83] netfilter: conntrack: fix calculation of next bucket number in early_drop Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 46/83] mtd: docg3: dont set conflicting BCH_CONST_PARAMS option Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 47/83] of, numa: Validate some distance map rules Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 48/83] termios, tty/tty_baudrate.c: fix buffer overrun Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 49/83] arch/alpha, termios: implement BOTHER, IBSHIFT and termios2 Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 50/83] Btrfs: fix cur_offset in the error case for nocow Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 51/83] Btrfs: fix data corruption due to cloning of eof block Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 52/83] clockevents/drivers/i8253: Add support for PIT shutdown quirk Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 53/83] ext4: add missing brelse() update_backups()s error path Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 54/83] ext4: add missing brelse() in set_flexbg_block_bitmap()s " Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 55/83] ext4: add missing brelse() add_new_gdb_meta_bg()s " Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 56/83] ext4: avoid potential extra brelse in setup_new_flex_group_blocks() Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 57/83] ext4: fix possible inode leak in the retry loop of ext4_resize_fs() Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 58/83] ext4: avoid buffer leak in ext4_orphan_add() after prior errors Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 59/83] ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 60/83] ext4: avoid possible double brelse() in add_new_gdb() on error path Greg Kroah-Hartman
2018-11-19 16:29 ` Greg Kroah-Hartman [this message]
2018-11-19 16:29 ` [PATCH 4.9 62/83] ext4: fix possible leak of s_journal_flag_rwsem in " Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 63/83] ext4: release bs.bh before re-using in ext4_xattr_block_find() Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 64/83] ext4: fix buffer leak in ext4_xattr_move_to_block() on error path Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 65/83] ext4: fix buffer leak in __ext4_read_dirblock() " Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 66/83] mount: Retest MNT_LOCKED in do_umount Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 67/83] mount: Dont allow copying MNT_UNBINDABLE|MNT_LOCKED mounts Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 68/83] mount: Prevent MNT_DETACH from disconnecting locked mounts Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 69/83] sunrpc: correct the computation for page_ptr when truncating Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 70/83] nfsd: COPY and CLONE operations require the saved filehandle to be set Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 71/83] rtc: hctosys: Add missing range error reporting Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 72/83] fuse: fix use-after-free in fuse_direct_IO() Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 73/83] fuse: fix leaked notify reply Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 74/83] configfs: replace strncpy with memcpy Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 75/83] lib/ubsan.c: dont mark __ubsan_handle_builtin_unreachable as noreturn Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 76/83] hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 77/83] mm: migration: fix migration of huge PMD shared pages Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 78/83] drm/rockchip: Allow driver to be shutdown on reboot/kexec Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 79/83] drm/dp_mst: Check if primary mstb is null Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 80/83] drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 81/83] drm/i915/execlists: Force write serialisation into context image vs execution Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 82/83] KVM: arm64: Fix caching of host MDCR_EL2 value Greg Kroah-Hartman
2018-11-19 16:29 ` [PATCH 4.9 83/83] ovl: check whiteout in ovl_create_over_whiteout() Greg Kroah-Hartman
2018-11-19 23:31 ` [PATCH 4.9 00/83] 4.9.138-stable review kernelci.org bot
2018-11-20 0:16 ` shuah
2018-11-20 8:11 ` Naresh Kamboju
2018-11-20 10:54 ` Jon Hunter
2018-11-20 20:39 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181119162624.398404872@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=vvs@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).