From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, stable@kernel.org,
Zhihao Cheng <chengzhihao1@huawei.com>,
Theodore Tso <tytso@mit.edu>
Subject: [PATCH 5.10 011/104] ext4: zero i_disksize when initializing the bootloader inode
Date: Wed, 15 Mar 2023 13:11:42 +0100 [thread overview]
Message-ID: <20230315115732.497161841@linuxfoundation.org> (raw)
In-Reply-To: <20230315115731.942692602@linuxfoundation.org>
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit f5361da1e60d54ec81346aee8e3d8baf1be0b762 upstream.
If the boot loader inode has never been used before, the
EXT4_IOC_SWAP_BOOT inode will initialize it, including setting the
i_size to 0. However, if the "never before used" boot loader has a
non-zero i_size, then i_disksize will be non-zero, and the
inconsistency between i_size and i_disksize can trigger a kernel
warning:
WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319
CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa
RIP: 0010:ext4_file_write_iter+0xbc7/0xd10
Call Trace:
vfs_write+0x3b1/0x5c0
ksys_write+0x77/0x160
__x64_sys_write+0x22/0x30
do_syscall_64+0x39/0x80
Reproducer:
1. create corrupted image and mount it:
mke2fs -t ext4 /tmp/foo.img 200
debugfs -wR "sif <5> size 25700" /tmp/foo.img
mount -t ext4 /tmp/foo.img /mnt
cd /mnt
echo 123 > file
2. Run the reproducer program:
posix_memalign(&buf, 1024, 1024)
fd = open("file", O_RDWR | O_DIRECT);
ioctl(fd, EXT4_IOC_SWAP_BOOT);
write(fd, buf, 1024);
Fix this by setting i_disksize as well as i_size to zero when
initiaizing the boot loader inode.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217159
Cc: stable@kernel.org
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Link: https://lore.kernel.org/r/20230308032643.641113-1-chengzhihao1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ioctl.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -180,6 +180,7 @@ static long swap_inode_boot_loader(struc
ei_bl->i_flags = 0;
inode_set_iversion(inode_bl, 1);
i_size_write(inode_bl, 0);
+ EXT4_I(inode_bl)->i_disksize = inode_bl->i_size;
inode_bl->i_mode = S_IFREG;
if (ext4_has_feature_extents(sb)) {
ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
next prev parent reply other threads:[~2023-03-15 12:23 UTC|newest]
Thread overview: 114+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-15 12:11 [PATCH 5.10 000/104] 5.10.175-rc1 review Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 001/104] fs: prevent out-of-bounds array speculation when closing a file descriptor Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 002/104] fork: allow CLONE_NEWTIME in clone3 flags Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 003/104] x86/CPU/AMD: Disable XSAVES on AMD family 0x17 Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 004/104] drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 005/104] drm/connector: print max_requested_bpc in state debugfs Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 006/104] ext4: fix cgroup writeback accounting with fs-layer encryption Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 007/104] ext4: fix RENAME_WHITEOUT handling for inline directories Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 008/104] ext4: fix another off-by-one fsmap error on 1k block filesystems Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 009/104] ext4: move where set the MAY_INLINE_DATA flag is set Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 010/104] ext4: fix WARNING in ext4_update_inline_data Greg Kroah-Hartman
2023-03-15 12:11 ` Greg Kroah-Hartman [this message]
2023-03-15 12:11 ` [PATCH 5.10 012/104] nfc: change order inside nfc_se_io error path Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 013/104] udf: Fix off-by-one error when discarding preallocation Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 014/104] irq: Fix typos in comments Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 015/104] irqdomain: Look for existing mapping only once Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 016/104] irqdomain: Refactor __irq_domain_alloc_irqs() Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 017/104] irqdomain: Fix mapping-creation race Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 018/104] irqdomain: Change the type of size in __irq_domain_add() to be consistent Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 019/104] irqdomain: Fix domain registration race Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 020/104] iommu/vt-d: Fix lockdep splat in intel_pasid_get_entry() Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 021/104] iommu/vt-d: Fix PASID directory pointer coherency Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 022/104] arm64: efi: Make efi_rt_lock a raw_spinlock Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 023/104] RISC-V: Avoid dereferening NULL regs in die() Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 024/104] riscv: Avoid enabling interrupts " Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 025/104] riscv: Add header include guards to insn.h Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 026/104] scsi: core: Remove the /proc/scsi/${proc_name} directory earlier Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 027/104] ext4: Fix possible corruption when moving a directory Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.10 028/104] drm/nouveau/kms/nv50-: remove unused functions Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 029/104] drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 030/104] drm/msm: Fix potential invalid ptr free Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 031/104] drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 032/104] drm/msm: Document and rename preempt_lock Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 033/104] drm/msm/a5xx: fix the emptyness check in the preempt code Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 034/104] drm/msm/a5xx: fix context faults during ring switch Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 035/104] bgmac: fix *initial* chip reset to support BCM5358 Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 036/104] nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 037/104] powerpc: dts: t1040rdb: fix compatible string for Rev A boards Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 038/104] ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 039/104] selftests: nft_nat: ensuring the listening side is up before starting the client Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 040/104] net: usb: lan78xx: Remove lots of set but unused ret variables Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 041/104] net: lan78xx: fix accessing the LAN7800s internal phy specific registers from the MAC driver Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 042/104] net: caif: Fix use-after-free in cfusbl_device_notify() Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 043/104] net: stmmac: add to set device wake up flag when stmmac init phy Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 044/104] net: phylib: get rid of unnecessary locking Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 045/104] bnxt_en: Avoid order-5 memory allocation for TPA data Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 046/104] netfilter: ctnetlink: revert to dumping mark regardless of event type Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 047/104] netfilter: tproxy: fix deadlock due to missing BH disable Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 048/104] btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 049/104] net: ethernet: mtk_eth_soc: fix RX data corruption issue Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 050/104] scsi: megaraid_sas: Update max supported LD IDs to 240 Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 051/104] platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 052/104] net/smc: fix fallback failed while sendmsg with fastopen Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 053/104] SUNRPC: Fix a server shutdown leak Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 054/104] riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 055/104] RISC-V: Dont check text_mutex during stop_machine Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 056/104] ext4: Fix deadlock during directory rename Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 057/104] iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 058/104] PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 059/104] watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 060/104] tpm/eventlog: Dont abort tpm_read_log on faulty ACPI address Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 061/104] block, bfq: fix possible uaf for bfqq->bic Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 062/104] block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 063/104] block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC" Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 064/104] block, bfq: replace 0/1 with false/true in bic apis Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 065/104] block, bfq: fix uaf for bfqq in bic_set_bfqq() Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 066/104] clk: qcom: mmcc-apq8084: remove spdm clocks Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 067/104] MIPS: Fix a compilation issue Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 068/104] powerpc: Check !irq instead of irq == NO_IRQ and remove NO_IRQ Greg Kroah-Hartman
2023-03-15 12:31 ` Christophe Leroy
2023-03-15 12:12 ` [PATCH 5.10 069/104] powerpc/kcsan: Exclude udelay to prevent recursive instrumentation Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 070/104] alpha: fix R_ALPHA_LITERAL reloc for large modules Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 071/104] macintosh: windfarm: Use unsigned type for 1-bit bitfields Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 072/104] PCI: Add SolidRun vendor ID Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 073/104] PCI: Avoid FLR for SolidRun SNET DPU rev 1 Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 074/104] scripts: handle BrokenPipeError for python scripts Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 075/104] media: ov5640: Fix analogue gain control Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 076/104] media: rc: gpio-ir-recv: add remove function Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 077/104] ipmi/watchdog: replace atomic_add() and atomic_sub() Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 078/104] ipmi:watchdog: Set panic count to proper value on a panic Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 079/104] skbuff: Fix nfct leak on napi stolen Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 080/104] drm/i915: Dont use BAR mappings for ring buffers with LLC Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 081/104] sched/uclamp: Make task_fits_capacity() use util_fits_cpu() Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 082/104] sched/uclamp: Fix fits_capacity() check in feec() Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 083/104] sched/uclamp: Make select_idle_capacity() use util_fits_cpu() Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 084/104] sched/uclamp: Make asym_fits_capacity() " Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 085/104] sched/uclamp: Make cpu_overutilized() " Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 086/104] sched/uclamp: Cater for uclamp in find_energy_efficient_cpu()s early exit condition Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 087/104] sched/fair: Detect capacity inversion Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.10 088/104] sched/fair: Consider capacity inversion in util_fits_cpu() Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 089/104] sched/uclamp: Fix a uninitialized variable warnings Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 090/104] sched/fair: Fixes for capacity inversion detection Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 091/104] ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 092/104] ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 093/104] ext4: add strict range checks while freeing blocks Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 094/104] ext4: block range must be validated before use in ext4_mb_clear_bb() Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 095/104] arch: fix broken BuildID for arm64 and riscv Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 096/104] powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 097/104] powerpc/vmlinux.lds: Dont discard .rela* for relocatable builds Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 098/104] s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 099/104] sh: define RUNTIME_DISCARD_EXIT Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 100/104] UML: " Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 101/104] KVM: nVMX: Dont use Enlightened MSR Bitmap for L3 Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 102/104] KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 103/104] KVM: VMX: Fix crash due to uninitialized current_vmcs Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.10 104/104] s390/dasd: add missing discipline function Greg Kroah-Hartman
2023-03-15 14:21 ` [PATCH 5.10 000/104] 5.10.175-rc1 review Chris Paterson
2023-03-15 14:23 ` Guenter Roeck
2023-03-15 14:26 ` Guenter Roeck
2023-03-16 7:56 ` Greg Kroah-Hartman
2023-03-15 20:18 ` Florian Fainelli
2023-03-15 23:17 ` Daniel Díaz
2023-03-15 23:58 ` Shuah Khan
2023-03-16 0:00 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230315115732.497161841@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=chengzhihao1@huawei.com \
--cc=patches@lists.linux.dev \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).