From: Greg Kroah-Hartman Date: Fri, 9 Sep 2016 14:11:10 +0000 (+0200) Subject: 3.14-stable patches X-Git-Tag: v3.14.79~12 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5bdf2d4f64eef0e1014f2598db2146055091df6e;p=thirdparty%2Fkernel%2Fstable-queue.git 3.14-stable patches added patches: ext4-validate-that-metadata-blocks-do-not-overlap-superblock.patch --- diff --git a/queue-3.14/ext4-validate-that-metadata-blocks-do-not-overlap-superblock.patch b/queue-3.14/ext4-validate-that-metadata-blocks-do-not-overlap-superblock.patch new file mode 100644 index 00000000000..ff83d808087 --- /dev/null +++ b/queue-3.14/ext4-validate-that-metadata-blocks-do-not-overlap-superblock.patch @@ -0,0 +1,78 @@ +From 829fa70dddadf9dd041d62b82cd7cea63943899d Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Mon, 1 Aug 2016 00:51:02 -0400 +Subject: ext4: validate that metadata blocks do not overlap superblock + +From: Theodore Ts'o + +commit 829fa70dddadf9dd041d62b82cd7cea63943899d upstream. + +A number of fuzzing failures seem to be caused by allocation bitmaps +or other metadata blocks being pointed at the superblock. + +This can cause kernel BUG or WARNings once the superblock is +overwritten, so validate the group descriptor blocks to make sure this +doesn't happen. + +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/super.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -2071,6 +2071,7 @@ void ext4_group_desc_csum_set(struct sup + + /* Called at mount-time, super-block is locked */ + static int ext4_check_descriptors(struct super_block *sb, ++ ext4_fsblk_t sb_block, + ext4_group_t *first_not_zeroed) + { + struct ext4_sb_info *sbi = EXT4_SB(sb); +@@ -2101,6 +2102,11 @@ static int ext4_check_descriptors(struct + grp = i; + + block_bitmap = ext4_block_bitmap(sb, gdp); ++ if (block_bitmap == sb_block) { ++ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " ++ "Block bitmap for group %u overlaps " ++ "superblock", i); ++ } + if (block_bitmap < first_block || block_bitmap > last_block) { + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " + "Block bitmap for group %u not in group " +@@ -2108,6 +2114,11 @@ static int ext4_check_descriptors(struct + return 0; + } + inode_bitmap = ext4_inode_bitmap(sb, gdp); ++ if (inode_bitmap == sb_block) { ++ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " ++ "Inode bitmap for group %u overlaps " ++ "superblock", i); ++ } + if (inode_bitmap < first_block || inode_bitmap > last_block) { + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " + "Inode bitmap for group %u not in group " +@@ -2115,6 +2126,11 @@ static int ext4_check_descriptors(struct + return 0; + } + inode_table = ext4_inode_table(sb, gdp); ++ if (inode_table == sb_block) { ++ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " ++ "Inode table for group %u overlaps " ++ "superblock", i); ++ } + if (inode_table < first_block || + inode_table + sbi->s_itb_per_group - 1 > last_block) { + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " +@@ -3869,7 +3885,7 @@ static int ext4_fill_super(struct super_ + goto failed_mount2; + } + } +- if (!ext4_check_descriptors(sb, &first_not_zeroed)) { ++ if (!ext4_check_descriptors(sb, logical_sb_block, &first_not_zeroed)) { + ext4_msg(sb, KERN_ERR, "group descriptors corrupted!"); + goto failed_mount2; + } diff --git a/queue-3.14/series b/queue-3.14/series index b2a72bcc0e8..3566af00f1d 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -3,3 +3,4 @@ be2iscsi-fix-bogus-warn_on-length-check.patch hid-hid-input-add-parentheses-to-quell-gcc-warning.patch alsa-oxygen-fix-logical-not-parentheses-warning.patch stb6100-fix-buffer-length-check-in-stb6100_write_reg_range.patch +ext4-validate-that-metadata-blocks-do-not-overlap-superblock.patch