shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-03-30 14:27:43 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
fc762c999768aeda504c0a69795be5cd73dfee00
linux/fs
History
Randall Huang ae3787d433 f2fs: fix to avoid accessing xattr across the boundary 
[ Upstream commit 2777e65437 ]

When we traverse xattr entries via __find_xattr(),
if the raw filesystem content is faked or any hardware failure occurs,
out-of-bound error can be detected by KASAN.
Fix the issue by introducing boundary check.

[   38.402878] c7   1827 BUG: KASAN: slab-out-of-bounds in f2fs_getxattr+0x518/0x68c
[   38.402891] c7   1827 Read of size 4 at addr ffffffc0b6fb35dc by task
[   38.402935] c7   1827 Call trace:
[   38.402952] c7   1827 [<ffffff900809003c>] dump_backtrace+0x0/0x6bc
[   38.402966] c7   1827 [<ffffff9008090030>] show_stack+0x20/0x2c
[   38.402981] c7   1827 [<ffffff900871ab10>] dump_stack+0xfc/0x140
[   38.402995] c7   1827 [<ffffff9008325c40>] print_address_description+0x80/0x2d8
[   38.403009] c7   1827 [<ffffff900832629c>] kasan_report_error+0x198/0x1fc
[   38.403022] c7   1827 [<ffffff9008326104>] kasan_report_error+0x0/0x1fc
[   38.403037] c7   1827 [<ffffff9008325000>] __asan_load4+0x1b0/0x1b8
[   38.403051] c7   1827 [<ffffff90085fcc44>] f2fs_getxattr+0x518/0x68c
[   38.403066] c7   1827 [<ffffff90085fc508>] f2fs_xattr_generic_get+0xb0/0xd0
[   38.403080] c7   1827 [<ffffff9008395708>] __vfs_getxattr+0x1f4/0x1fc
[   38.403096] c7   1827 [<ffffff9008621bd0>] inode_doinit_with_dentry+0x360/0x938
[   38.403109] c7   1827 [<ffffff900862d6cc>] selinux_d_instantiate+0x2c/0x38
[   38.403123] c7   1827 [<ffffff900861b018>] security_d_instantiate+0x68/0x98
[   38.403136] c7   1827 [<ffffff9008377db8>] d_splice_alias+0x58/0x348
[   38.403149] c7   1827 [<ffffff900858d16c>] f2fs_lookup+0x608/0x774
[   38.403163] c7   1827 [<ffffff900835eacc>] lookup_slow+0x1e0/0x2cc
[   38.403177] c7   1827 [<ffffff9008367fe0>] walk_component+0x160/0x520
[   38.403190] c7   1827 [<ffffff9008369ef4>] path_lookupat+0x110/0x2b4
[   38.403203] c7   1827 [<ffffff900835dd38>] filename_lookup+0x1d8/0x3a8
[   38.403216] c7   1827 [<ffffff900835eeb0>] user_path_at_empty+0x54/0x68
[   38.403229] c7   1827 [<ffffff9008395f44>] SyS_getxattr+0xb4/0x18c
[   38.403241] c7   1827 [<ffffff9008084200>] el0_svc_naked+0x34/0x38

Signed-off-by: Randall Huang <huangrandall@google.com>
[Jaegeuk Kim: Fix wrong ending boundary]
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-06-19 08:18:02 +02:00
..
9p
9p locks: add mount option for lock retry interval
2019-04-20 09:16:00 +02:00
adfs
adfs: use timespec64 for time conversion
2018-08-22 10:52:51 -07:00
affs
affs: fix potential memory leak when parsing option 'prefix'
2018-05-28 12:36:41 +02:00
afs
afs: Unlock pages for __pagevec_release()
2019-05-16 19:41:21 +02:00
autofs
autofs: fix error return in autofs_fill_super()
2019-03-13 14:02:32 -07:00
befs
fix a series of Documentation/ broken file name references
2018-06-15 18:10:01 -03:00
bfs
bfs: add sanity check at bfs_fill_super()
2018-12-01 09:37:27 +01:00
btrfs
Btrfs: incremental send, fix file corruption when no-holes feature is enabled
2019-06-09 09:17:15 +02:00
cachefiles
fscache, cachefiles: remove redundant variable 'cache'
2018-12-17 09:24:40 +01:00
ceph
ceph: flush dirty inodes before proceeding with remount
2019-05-25 18:23:31 +02:00
cifs
CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
2019-06-09 09:17:22 +02:00
coda
vfs: change inode times to use struct timespec64
2018-06-05 16:57:31 -07:00
configfs
configfs: fix possible use-after-free in configfs_register_group
2019-06-15 11:54:05 +02:00
cramfs
Cramfs: fix abad comparison when wrap-arounds occur
2018-11-13 11:08:55 -08:00
crypto
crypto: speck - remove Speck
2018-11-13 11:08:46 -08:00
debugfs
debugfs: fix use-after-free on symlink traversal
2019-05-08 07:21:48 +02:00
devpts
fs/devpts: always delete dcache dentry-s in dput()
2019-03-23 20:09:59 +01:00
dlm
dlm: Don't swamp the CPU with callbacks queued during recovery
2019-02-12 19:46:58 +01:00
ecryptfs
Merge branch 'fixes' of https://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs into aio-base
2018-05-26 09:16:25 +02:00
efivarfs
efivars: Call guid_parse() against guid_t type of variable
2018-07-22 14:13:44 +02:00
efs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
exofs
fs/exofs: fix potential memory leak in mount option parsing
2018-11-27 16:13:00 +01:00
exportfs
exportfs: do not read dentry after free
2018-12-17 09:24:35 +01:00
ext2
ext2: Fix underflow in ext2_max_size()
2019-03-23 20:10:03 +01:00
ext4
ext4: wait for outstanding dio during truncate in nojournal mode
2019-05-31 06:46:00 -07:00
f2fs
f2fs: fix to avoid accessing xattr across the boundary
2019-06-19 08:18:02 +02:00
fat
fs/fat/file.c: issue flush after the writeback of FAT
2019-06-15 11:53:59 +02:00
freevxfs
freevxfs_lookup(): use d_splice_alias()
2018-05-22 14:27:51 -04:00
fscache
fscache: fix race between enablement and dropping of object
2018-12-17 09:24:40 +01:00
fuse
fuse: retrieve: cap requested size to negotiated max_write
2019-06-15 11:54:07 +02:00
gfs2
gfs2: Fix occasional glock use-after-free
2019-05-31 06:46:07 -07:00
hfs
hfs: do not free node before using
2018-12-17 09:24:41 +01:00
hfsplus
hfsplus: do not free node before using
2018-12-17 09:24:41 +01:00
hostfs
vfs: discard ATTR_ATTR_FLAG
2018-08-17 16:20:28 -07:00
hpfs
hpfs: remove unnecessary checks on the value of r when assigning error code
2018-08-25 12:42:33 -07:00
hugetlbfs
hugetlb: use same fault hash key for shared and private mappings
2019-05-22 07:37:40 +02:00
isofs
isofs: reject hardware sector size > 2048 bytes
2018-08-21 11:37:41 +02:00
jbd2
jbd2: fix potential double free
2019-05-22 07:37:44 +02:00
jffs2
jffs2: fix use-after-free on symlink traversal
2019-05-08 07:21:48 +02:00
jfs
Merge tag 'jfs-4.19' of git://github.com/kleikamp/linux-shaggy
2018-08-15 22:47:23 -07:00
kernfs
kernfs: fix barrier usage in __kernfs_new_node()
2019-05-16 19:41:18 +02:00
lockd
Revert "lockd: Show pid of lockd for remote locks"
2019-06-09 09:17:22 +02:00
minix
minix_lookup: use d_splice_alias()
2018-05-22 14:27:52 -04:00
nfs
NFSv4.1: Fix bug only first CB_NOTIFY_LOCK is handled
2019-06-11 12:20:51 +02:00
nfs_common
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
nfsd
nfsd: avoid uninitialized variable warning
2019-06-15 11:54:07 +02:00
nilfs2
nilfs2: convert to SPDX license tags
2018-09-04 16:45:02 -07:00
nls
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
notify
inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch()
2019-04-20 09:15:54 +02:00
ntfs
ntfs: mft: remove VLA usage
2018-08-17 16:20:27 -07:00
ocfs2
fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
2019-06-19 08:18:00 +02:00
omfs
omfs_lookup(): report IO errors, use d_splice_alias()
2018-05-22 14:27:58 -04:00
openpromfs
openpromfs: switch to d_splice_alias()
2018-05-22 14:27:57 -04:00
orangefs
orangefs: remove redundant pointer orangefs_inode
2018-08-14 12:07:14 -04:00
overlayfs
ovl: support stacked SEEK_HOLE/SEEK_DATA
2019-06-15 11:54:11 +02:00
proc
proc: prevent changes to overridden credentials
2019-05-25 18:23:25 +02:00
pstore
pstore/ram: Run without kernel crash dump region
2019-06-11 12:20:52 +02:00
qnx4
qnx4_lookup: use d_splice_alias()
2018-05-22 14:27:52 -04:00
qnx6
qnx6_lookup: switch to d_splice_alias()
2018-05-22 14:27:54 -04:00
quota
quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls.
2019-01-26 09:32:42 +01:00
ramfs
mm: make pagevec_lookup() update index
2017-09-06 17:27:26 -07:00
reiserfs
reiserfs: propagate errors from fill_with_dentries() properly
2018-11-27 16:12:59 +01:00
romfs
romfs_lookup: switch to d_splice_alias()
2018-05-22 14:27:55 -04:00
squashfs
Squashfs: Compute expected length from inode size rather than block length
2018-08-02 09:34:02 -07:00
sysfs
Merge tag 'driver-core-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2018-08-18 11:44:53 -07:00
sysv
sysv: return 'err' instead of 0 in __sysv_write_inode
2018-12-17 09:24:30 +01:00
tracefs
tracefs: Annotate tracefs_ops with __ro_after_init
2018-07-31 11:32:44 -04:00
ubifs
ubifs: Handle re-linking of inodes correctly while recovery
2018-12-29 13:37:55 +01:00
udf
udf: Fix crash on IO error during truncate
2019-03-27 14:14:39 +09:00
ufs
ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
2019-05-25 18:23:46 +02:00
xfs
xfs: eof trim writeback mapping as soon as it is cached
2019-02-12 19:47:23 +01:00
aio.c
Fix aio_poll() races
2019-05-02 09:58:59 +02:00
anon_inodes.c
anon_inode_getfile(): switch to alloc_file_pseudo()
2018-07-12 10:04:27 -04:00
attr.c
fs: Fix attr.c kernel-doc
2018-07-03 16:44:45 -04:00
bad_inode.c
get rid of 'opened' argument of ->atomic_open() - part 3
2018-07-12 10:04:20 -04:00
binfmt_aout.c
exec: introduce finalize_exec() before start_thread()
2018-04-11 10:28:37 -07:00
binfmt_elf_fdpic.c
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
binfmt_elf.c
Merge tag 'mips_4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
2018-08-13 19:24:32 -07:00
binfmt_em86.c
binfmt_flat.c
exec: introduce finalize_exec() before start_thread()
2018-04-11 10:28:37 -07:00
binfmt_misc.c
turn filp_clone_open() into inline wrapper for dentry_open()
2018-07-10 23:29:03 -04:00
binfmt_script.c
Revert "exec: load_script: don't blindly truncate shebang string"
2019-02-15 09:09:54 +01:00
block_dev.c
block: fix the return errno for direct IO
2019-04-17 08:38:52 +02:00
buffer.c
fs: fix guard_bio_eod to check for real EOD errors
2019-04-05 22:33:00 +02:00
char_dev.c
chardev: add additional check for minor range overlap
2019-05-31 06:46:27 -07:00
compat_binfmt_elf.c
compat_ioctl.c
media: dvb/audio.h: get rid of unused APIs
2018-07-30 16:21:49 -04:00
compat.c
ncpfs: remove compat functionality
2018-06-05 19:23:26 +02:00
coredump.c
Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-11-17 11:54:55 -08:00
d_path.c
split d_path() and friends into a separate file
2018-03-29 15:07:46 -04:00
dax.c
mm: page_mkclean vs MADV_DONTNEED race
2019-06-15 11:54:01 +02:00
dcache.c
dcache: sort the freeing-without-RCU-delay mess for good.
2019-05-25 18:23:26 +02:00
dcookies.c
fs: add do_lookup_dcookie() helper; remove in-kernel call to syscall
2018-04-02 20:15:39 +02:00
direct-io.c
direct-io: allow direct writes to empty inodes
2019-03-05 17:58:50 +01:00
drop_caches.c
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
2019-03-13 14:02:32 -07:00
eventfd.c
Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL
2018-06-28 10:40:47 -07:00
eventpoll.c
fs/epoll: drop ovflist branch prediction
2019-02-12 19:47:19 +01:00
exec.c
exec: Fix mem leak in kernel_read_file
2019-03-10 07:17:21 +01:00
fcntl.c
signal: Don't send signals to tasks that don't exist
2018-08-15 23:03:20 -05:00
fhandle.c
vfs: Copy struct mount.mnt_id to userspace using put_user()
2018-01-15 12:07:51 -08:00
file_table.c
Merge tag 'ovl-update-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
2018-08-21 18:19:09 -07:00
file.c
fs/file.c: initialize init_files.resize_wait
2019-04-05 22:32:59 +02:00
filesystems.c
proc: introduce proc_create_single{,_data}
2018-05-16 07:23:35 +02:00
fs_pin.c
Merge branch 'linus' into locking/core, to resolve conflicts
2017-11-07 10:32:44 +01:00
fs_struct.c
fs-writeback.c
fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount
2019-05-22 07:37:43 +02:00
inode.c
Revert "mm: don't reclaim inodes with many attached pages"
2019-02-20 10:25:47 +01:00
internal.h
acct_on(): don't mess with freeze protection
2019-05-31 06:46:05 -07:00
ioctl.c
vfs: fix FIGETBSZ ioctl on an overlayfs file
2018-11-21 09:19:14 +01:00
iomap.c
iomap: fix a use after free in iomap_dio_rw
2019-03-13 14:02:29 -07:00
Kconfig
autofs: remove left-over autofs4 stubs
2018-06-11 08:22:34 -07:00
Kconfig.binfmt
kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt
2018-08-02 08:06:55 +09:00
libfs.c
fs, dax: prepare for dax-specific address_space_operations
2018-03-30 11:34:55 -07:00
locks.c
Merge tag 'ovl-update-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
2018-08-21 18:19:09 -07:00
Makefile
autofs: remove left-over autofs4 stubs
2018-06-11 08:22:34 -07:00
mbcache.c
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
mount.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mpage.c
mpage: mpage_readpages() should submit IO as read-ahead
2018-08-17 16:20:29 -07:00
namei.c
Revert "vfs: Allow userns root to call mknod on owned filesystems."
2018-12-29 13:37:54 +01:00
namespace.c
mnt: fix __detach_mounts infinite loop
2018-11-21 09:19:22 +01:00
no-block.c
nsfs.c
dcache: sort the freeing-without-RCU-delay mess for good.
2019-05-25 18:23:26 +02:00
open.c
fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
2019-05-08 07:21:51 +02:00
pipe.c
fs: prevent page refcount overflow in pipe_buf_get
2019-05-04 09:20:11 +02:00
pnode.c
pnode.h
posix_acl.c
posix_acl: convert posix_acl.a_refcount from atomic_t to refcount_t
2018-01-02 19:27:28 -08:00
proc_namespace.c
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
read_write.c
fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
2019-05-08 07:21:51 +02:00
readdir.c
fs: add ksys_getdents64() helper; remove in-kernel calls to sys_getdents64()
2018-04-02 20:16:02 +02:00
select.c
Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL
2018-06-28 10:40:47 -07:00
seq_file.c
fs/seq_file.c: simplify seq_file iteration code and interface
2018-08-17 16:20:28 -07:00
signalfd.c
Merge branch 'work.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-06-16 16:21:50 +09:00
splice.c
fs: prevent page refcount overflow in pipe_buf_get
2019-05-04 09:20:11 +02:00
stack.c
stat.c
fs: add do_readlinkat() helper; remove internal call to sys_readlinkat()
2018-04-02 20:15:34 +02:00
statfs.c
kernel: add kcompat_sys_{f,}statfs64()
2018-07-12 14:49:48 +01:00
super.c
Merge branch 'ida-4.19' of git://git.infradead.org/users/willy/linux-dax
2018-08-26 11:48:42 -07:00
sync.c
Merge tag 'xfs-4.17-merge-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
2018-04-04 12:44:02 -07:00
timerfd.c
Merge branch 'work.aio' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-08-13 20:56:23 -07:00
userfaultfd.c
coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
2019-04-27 09:36:37 +02:00
utimes.c
fs: add do_compat_futimesat() helper; remove in-kernel call to compat syscall
2018-04-02 20:15:44 +02:00
xattr.c
sysfs: Do not return POSIX ACL xattrs via listxattr
2018-09-18 07:30:48 -04:00