shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-10 21:07:02 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
2f43c68d05913871ada85cec87760bc1049cdfbb
linux/fs
History
Gao Xiang 8a0fa49a77 UPSTREAM: erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails 
If z_erofs_gbuf_growsize() partially fails on a global buffer due to
memory allocation failure or fault injection (as reported by syzbot [1]),
new pages need to be freed by comparing to the existing pages to avoid
memory leaks.

However, the old gbuf->pages[] array may not be large enough, which can
lead to null-ptr-deref or out-of-bound access.

Fix this by checking against gbuf->nrpages in advance.

[1] https://lore.kernel.org/r/000000000000f7b96e062018c6e3@google.com

Bug: 361157912
Reported-by: syzbot+242ee56aaa9585553766@syzkaller.appspotmail.com
Fixes: d6db47e571dc ("erofs: do not use pagepool in z_erofs_gbuf_growsize()")
Cc: <stable@vger.kernel.org> # 6.10+
Reviewed-by: Chunhai Guo <guochunhai@vivo.com>
Reviewed-by: Sandeep Dhavale <dhavale@google.com>
Change-Id: I5d6c8f63959db4a7e5bbf14da9b4c9ba04322c8c
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Link: https://lore.kernel.org/r/20240820085619.1375963-1-hsiangkao@linux.alibaba.com
(cherry picked from commit 0005e01e1e875c5e27130c5e2ed0189749d1e08a)
Signed-off-by: Sandeep Dhavale <dhavale@google.com>
2024-09-03 19:40:13 +00:00
..
9p
fs/9p: drop inodes immediately on non-.L too
2024-05-17 11:56:09 +02:00
adfs
affs
affs: initialize fsdata in affs_truncate()
2023-02-01 08:34:08 +01:00
afs
Reapply "Merge tag 'android14-6.1.75_r00' into android14-6.1"
2024-04-02 19:49:12 +00:00
autofs
autofs: fix memory leak of waitqueues in autofs_catatonic_mode
2023-09-23 11:10:59 +02:00
befs
befs: Convert befs_symlink_read_folio() to use a folio
2022-08-02 12:34:03 -04:00
bfs
btrfs
Merge 6.1.91 into android14-6.1-lts
2024-07-24 09:24:58 +00:00
cachefiles
Reapply "Merge tag 'android14-6.1.75_r00' into android14-6.1"
2024-04-02 19:49:12 +00:00
ceph
Reapply "Merge tag 'android14-6.1.75_r00' into android14-6.1"
2024-04-02 19:49:12 +00:00
coda
coda: Avoid partial allocation of sig_inputArgs
2023-03-10 09:33:52 +01:00
configfs
configfs: fix possible memory leak in configfs_create_dir()
2022-12-31 13:32:22 +01:00
cramfs
UPSTREAM: mm: replace vma->vm_flags direct modifications with modifier calls
2023-06-07 14:24:57 +00:00
crypto
BACKPORT: fscrypt: support crypto data unit size less than filesystem block size
2023-12-06 17:54:14 +00:00
debugfs
Reapply "Merge tag 'android14-6.1.75_r00' into android14-6.1"
2024-04-02 19:49:12 +00:00
devpts
dlm
fs: dlm: don't put dlm_local_addrs on heap
2024-02-16 19:06:29 +01:00
ecryptfs
ecryptfs: Fix buffer size for tag 66 packet
2024-06-12 11:03:04 +02:00
efivarfs
Reapply "Merge tag 'android14-6.1.75_r00' into android14-6.1"
2024-04-02 19:49:12 +00:00
efs
erofs
UPSTREAM: erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails
2024-09-03 19:40:13 +00:00
exfat
exfat: support handle zero-size directory
2023-11-28 17:07:00 +00:00
exportfs
exportfs: use pr_debug for unreachable debug statements
2024-03-06 14:45:15 +00:00
ext2
ext2: fix datatype of block number in ext2_xattr_set2()
2023-09-23 11:11:05 +02:00
ext4
Merge 6.1.93 into android14-6.1-lts
2024-08-12 08:40:51 +00:00
f2fs
Merge tag 'android14-6.1.93_r00' into android14-6.1
2024-08-27 11:55:58 +00:00
fat
fat: fix uninitialized field in nostale filehandles
2024-04-03 15:19:27 +02:00
freevxfs
freevxfs: Convert vxfs_immed_read_folio() to use a folio
2022-08-02 12:34:03 -04:00
fscache
netfs, fscache: Prevent Oops in fscache_put_cache()
2024-01-31 16:17:04 -08:00
fuse
Merge tag 'android14-6.1.84_r00' into android14-6.1
2024-07-01 09:55:11 +00:00
gfs2
gfs2: Fix "ignore unlock failures after withdraw"
2024-06-12 11:03:10 +02:00
hfs
hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
2023-03-10 09:34:07 +01:00
hfsplus
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
2023-05-24 17:32:34 +01:00
hostfs
hostfs: move from strlcpy with unused retval to strscpy
2022-09-19 22:46:25 +02:00
hpfs
hugetlbfs
Revert "mm/hugetlb: add hugetlb_folio_subpool() helpers"
2024-07-24 09:28:00 +00:00
incfs
ANDROID: Incremental fs: Retry page faults on non-fatal errors
2024-07-24 16:18:16 +00:00
iomap
Revert "iomap: write iomap validity checks"
2024-07-24 17:09:00 +00:00
isofs
isofs: handle CDs with bad root inode but good Joliet root directory
2024-04-13 13:05:06 +02:00
jbd2
Reapply "Merge tag 'android14-6.1.75_r00' into android14-6.1"
2024-04-02 19:49:12 +00:00
jffs2
jffs2: prevent xattr node from overflowing the eraseblock
2024-06-12 11:03:06 +02:00
jfs
jfs: fix array-index-out-of-bounds in diNewExt
2024-02-05 20:12:48 +00:00
kernfs
fs/kernfs/dir: obey S_ISGID
2024-02-05 20:12:58 +00:00
lockd
lockd: fix file selection in nlmsvc_cancel_blocked
2024-03-06 14:45:16 +00:00
minix
vfs: open inside ->tmpfile()
2022-09-24 07:00:00 +02:00
netfs
netfs: Only call folio_start_fscache() one time for each folio
2023-10-06 14:56:32 +02:00
nfs
pNFS/filelayout: fixup pNfs allocation modes
2024-06-12 11:03:51 +02:00
nfs_common
nfsd
nfsd: don't allow nfsd threads to be signalled.
2024-05-25 16:21:30 +02:00
nilfs2
nilfs2: fix out-of-range warning
2024-06-12 11:03:04 +02:00
nls
Revert "fs/nls: make load_nls() take a const parameter"
2023-11-01 14:32:18 +00:00
notify
ANDROID: fuse: Skip canonical path logic if ENOSYS
2024-07-31 19:01:32 +00:00
ntfs
Merge tag 'mm-nonmm-stable-2022-10-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2022-10-12 11:00:22 -07:00
ntfs3
Merge 6.1.93 into android14-6.1-lts
2024-08-12 08:40:51 +00:00
ocfs2
Merge 6.1.53 into android14-6.1-lts
2023-09-18 09:57:37 +00:00
omfs
openpromfs
openpromfs: finish conversion to the new mount API
2024-06-12 11:03:03 +02:00
orangefs
Merge 6.1.86 into android14-6.1-lts
2024-06-18 14:42:05 +00:00
overlayfs
Merge 6.1.93 into android14-6.1-lts
2024-08-12 08:40:51 +00:00
proc
Merge branch 'android14-6.1' into branch 'android14-6.1-lts'
2024-05-22 10:50:52 +00:00
pstore
Merge 6.1.86 into android14-6.1-lts
2024-06-18 14:42:05 +00:00
qnx4
qnx6
fs/qnx6: delete unnecessary checks before brelse()
2022-09-11 21:55:07 -07:00
quota
quota: Fix rcu annotations of inode dquot pointers
2024-03-26 18:20:47 -04:00
ramfs
shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs
2023-07-19 16:22:11 +02:00
reiserfs
reiserfs: Check the return value from __getblk()
2023-09-13 09:42:27 +02:00
romfs
smb
ksmbd: ignore trailing slashes in share paths
2024-06-12 11:02:57 +02:00
squashfs
revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
2023-02-22 12:59:50 +01:00
sysfs
fs: sysfs: Fix reference leak in sysfs_break_active_protection()
2024-04-27 17:07:16 +02:00
sysv
sysv: don't call sb_bread() with pointers_lock held
2024-04-13 13:05:05 +02:00
tracefs
tracefs: Add missing lockdown check to tracefs_create_dir()
2023-09-23 11:11:12 +02:00
ubifs
ubifs: Set page uptodate in the correct place
2024-04-03 15:19:27 +02:00
udf
udf: initialize newblock to 0
2023-09-13 09:43:05 +02:00
ufs
ufs: replace ll_rw_block()
2022-09-11 20:26:07 -07:00
unicode
vboxsf
vboxsf: Avoid an spurious warning if load_nls_xxx() fails
2024-04-10 16:28:25 +02:00
verity
Merge 6.1.53 into android14-6.1-lts
2023-09-18 09:57:37 +00:00
xfs
Revert "xfs: use iomap_valid method to detect stale cached iomaps"
2024-07-26 09:02:42 +00:00
zonefs
zonefs: Improve error handling
2024-02-23 09:12:45 +01:00
aio.c
Merge 6.1.84 into android14-6.1-lts
2024-05-16 17:29:02 +00:00
anon_inodes.c
dynamic_dname(): drop unused dentry argument
2022-08-20 11:34:04 -04:00
attr.c
attr: block mode changes of symlinks
2023-09-23 11:11:10 +02:00
bad_inode.c
vfs: open inside ->tmpfile()
2022-09-24 07:00:00 +02:00
binfmt_elf_fdpic.c
fs: binfmt_elf_efpic: fix personality for ELF-FDPIC
2023-10-06 14:57:06 +02:00
binfmt_elf_test.c
binfmt_elf.c
BACKPORT: mm: always expand the stack with the mmap write lock held
2023-07-27 11:47:21 +00:00
binfmt_flat.c
binfmt_misc.c
binfmt_misc: fix shift-out-of-bounds in check_special_flags
2022-12-31 13:32:57 +01:00
binfmt_script.c
buffer.c
fscrypt: support decrypting data from large folios
2023-02-27 19:45:05 -08:00
char_dev.c
chardev: fix error handling in cdev_device_add()
2022-12-31 13:32:41 +01:00
compat_binfmt_elf.c
coredump.c
coredump: Move dump_emit_page() to kill unused warning
2023-02-22 12:59:50 +01:00
d_path.c
d_path.c: typo fix...
2022-08-20 11:34:33 -04:00
dax.c
Merge branch 'for-6.0/dax' into libnvdimm-fixes
2022-09-24 18:14:12 -07:00
dcache.c
fast_dput(): handle underflows gracefully
2024-02-05 20:12:54 +00:00
direct-io.c
block: remove PSI accounting from the bio layer
2022-09-20 08:24:38 -06:00
drop_caches.c
FROMGIT: fs: drop_caches: draining pages before dropping caches
2023-08-10 10:47:24 +00:00
eventfd.c
eventfd: prevent underflow for eventfd semaphores
2023-09-13 09:42:27 +02:00
eventpoll.c
epoll: be better about file lifetimes
2024-06-12 11:03:03 +02:00
exec.c
ANDROID: sched: Add android_vh_set_task_comm
2024-08-26 19:43:55 +00:00
fcntl.c
fs: Fix rw_hint validation
2024-03-26 18:20:28 -04:00
fhandle.c
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
2024-03-26 18:20:27 -04:00
file_table.c
locks: fix TOCTOU race when granting write lease
2022-08-16 10:59:54 -04:00
file.c
file: reinstate f_pos locking optimization for regular files
2023-08-11 12:08:23 +02:00
filesystems.c
fs_context.c
vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing
2023-09-13 09:42:28 +02:00
fs_parser.c
ext4: journal_path mount options should follow links
2023-01-07 11:11:59 +01:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs
2023-11-20 11:51:50 +01:00
fsopen.c
init.c
inode.c
Reapply "Merge tag 'android14-6.1.75_r00' into android14-6.1"
2024-04-02 19:49:12 +00:00
internal.h
nfs: use vfs setgid helper
2023-08-30 16:11:10 +02:00
ioctl.c
lsm: new security_file_ioctl_compat() hook
2024-01-31 16:17:00 -08:00
Kconfig
Merge 6.1.36 into android14-6.1-lts
2023-06-28 10:19:08 +00:00
Kconfig.binfmt
Merge tag 'xtensa-20221010' of https://github.com/jcmvbkbc/linux-xtensa
2022-10-10 14:21:11 -07:00
kernel_read_file.c
libfs.c
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
2022-12-31 13:31:58 +01:00
locks.c
filelock: add a new locks_inode_context accessor function
2024-03-06 14:45:16 +00:00
Makefile
Merge 6.1.36 into android14-6.1-lts
2023-06-28 10:19:08 +00:00
mbcache.c
ext4: fix deadlock due to mbcache entry corruption
2023-01-07 11:12:02 +01:00
mount.h
mpage.c
ANDROID: Revert "mm: remove cleancache"
2023-04-26 17:01:50 +00:00
namei.c
Merge 6.1.76 into android-6.1
2024-04-16 15:01:11 +00:00
namespace.c
Reapply "Merge tag 'android14-6.1.75_r00' into android14-6.1"
2024-04-02 19:49:12 +00:00
no-block.c
nsfs.c
dynamic_dname(): drop unused dentry argument
2022-08-20 11:34:04 -04:00
open.c
Merge 6.1.45 into android14-6.1-lts
2023-09-13 19:32:45 +00:00
pipe.c
fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()
2024-04-10 16:28:30 +02:00
pnode.c
pnode: terminate at peers of source
2023-01-04 11:29:01 +01:00
pnode.h
posix_acl.c
Merge tag 'mm-stable-2022-10-08' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2022-10-10 17:53:04 -07:00
proc_namespace.c
read_write.c
use less confusing names for iov_iter direction initializers
2023-02-09 11:28:04 +01:00
readdir.c
Change calling conventions for filldir_t
2022-08-17 17:25:04 -04:00
remap_range.c
Merge tag 'mm-stable-2022-08-03' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2022-08-05 16:32:45 -07:00
select.c
fs/select: rework stack allocation hack for clang
2024-03-26 18:20:28 -04:00
seq_file.c
ANDROID: export one function for mm metrics
2024-05-15 02:15:23 +00:00
signalfd.c
splice.c
Reapply "Merge tag 'android14-6.1.75_r00' into android14-6.1"
2024-04-02 19:49:12 +00:00
stack.c
stat.c
vfs: support STATX_DIOALIGN on block devices
2022-09-11 19:47:12 -05:00
statfs.c
statfs: enforce statfs[64] structure initialization
2023-05-24 17:32:51 +01:00
super.c
Merge 6.1.45 into android14-6.1-lts
2023-09-13 19:32:45 +00:00
sync.c
sysctls.c
timerfd.c
ANDROID: fs: Add vendor hooks for ep_create_wakeup_source & timerfd_create
2023-12-13 15:54:47 -08:00
userfaultfd.c
BACKPORT: userfaultfd: use per-vma locks in userfaultfd operations
2024-04-22 18:09:14 +00:00
utimes.c
xattr.c
fs: don't audit the capability check in simple_xattr_list()
2022-12-31 13:31:55 +01:00