Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/fs
History
Ryusuke Konishi 757ac87caa nilfs2: fix inode number range checks 
commit e2fec219a36e0993642844be0f345513507031f4 upstream.

Patch series "nilfs2: fix potential issues related to reserved inodes".

This series fixes one use-after-free issue reported by syzbot, caused by
nilfs2's internal inode being exposed in the namespace on a corrupted
filesystem, and a couple of flaws that cause problems if the starting
number of non-reserved inodes written in the on-disk super block is
intentionally (or corruptly) changed from its default value.


This patch (of 3):

In the current implementation of nilfs2, "nilfs->ns_first_ino", which
gives the first non-reserved inode number, is read from the superblock,
but its lower limit is not checked.

As a result, if a number that overlaps with the inode number range of
reserved inodes such as the root directory or metadata files is set in the
super block parameter, the inode number test macros (NILFS_MDT_INODE and
NILFS_VALID_INODE) will not function properly.

In addition, these test macros use left bit-shift calculations using with
the inode number as the shift count via the BIT macro, but the result of a
shift calculation that exceeds the bit width of an integer is undefined in
the C specification, so if "ns_first_ino" is set to a large value other
than the default value NILFS_USER_INO (=11), the macros may potentially
malfunction depending on the environment.

Fix these issues by checking the lower bound of "nilfs->ns_first_ino" and
by preventing bit shifts equal to or greater than the NILFS_USER_INO
constant in the inode number test macros.

Also, change the type of "ns_first_ino" from signed integer to unsigned
integer to avoid the need for type casting in comparisons such as the
lower bound check introduced this time.

Link: https://lkml.kernel.org/r/20240623051135.4180-1-konishi.ryusuke@gmail.com
Link: https://lkml.kernel.org/r/20240623051135.4180-2-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: Hillf Danton <hdanton@sina.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-11-19 14:19:41 +01:00
..
9p fs/9p: drop inodes immediately on non-.L too 2024-11-19 11:32:45 +01:00
adfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
affs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
afs afs: Don't cross .backup mountpoint from backup volume 2024-11-19 12:27:12 +01:00
autofs Revert "file: Replace ksys_close with close_fd" 2024-11-19 12:59:08 +01:00
befs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
bfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
btrfs btrfs: fix leak of qgroup extent records after transaction abort 2024-11-19 14:19:02 +01:00
cachefiles Revert "namei: introduce struct renamedata" 2024-11-19 13:45:08 +01:00
ceph ceph: prevent use-after-free in encode_cap_msg() 2024-11-18 12:13:33 +01:00
cifs smb: client: fix deadlock in smb2_find_smb_tcon() 2024-11-19 14:19:30 +01:00
coda Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
configfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cramfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
crypto Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
debugfs debugfs: fix automount d_fsdata usage 2024-11-18 12:12:12 +01:00
devpts Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dlm Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ecryptfs Revert "namei: introduce struct renamedata" 2024-11-19 13:45:08 +01:00
efivarfs efivarfs: force RO when remounting if SetVariable is not supported 2024-11-18 12:12:25 +01:00
efs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
erofs BACKPORT: erofs: fix lz4 inplace decompression 2024-11-17 17:41:30 +01:00
exfat exfat: support handle zero-size directory 2024-11-18 11:43:14 +01:00
exportfs exportfs: use pr_debug for unreachable debug statements 2024-11-19 12:28:26 +01:00
ext2 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ext4 ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() 2024-11-19 12:27:19 +01:00
f2fs f2fs: remove clear SB_INLINECRYPT flag in default_options 2024-11-19 14:19:07 +01:00
fat fat: fix uninitialized field in nostale filehandles 2024-11-19 09:22:16 +01:00
freevxfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fscache Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fuse fuse: don't unhash root 2024-11-19 09:22:18 +01:00
gfs2 gfs2: Fix "ignore unlock failures after withdraw" 2024-11-19 12:26:54 +01:00
hfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hfsplus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hostfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hpfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hugetlbfs fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super 2024-11-18 23:18:30 +01:00
incfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
iomap Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
isofs isofs: handle CDs with bad root inode but good Joliet root directory 2024-11-19 09:23:14 +01:00
jbd2 jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint 2024-11-18 22:25:36 +01:00
jffs2 jffs2: Fix potential illegal address access in jffs2_free_inode 2024-11-19 14:19:41 +01:00
jfs jfs: xattr: fix buffer overflow for invalid xattr 2024-11-19 14:19:02 +01:00
kernfs fs/kernfs/dir: obey S_ISGID 2024-11-18 12:13:20 +01:00
lockd lockd: drop inappropriate svc_get() from locked_get() 2024-11-19 12:28:32 +01:00
minix Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nfs nfs: Leave pages in the pagecache if readpage failed 2024-11-19 14:19:35 +01:00
nfs_common NFSD: Add an xdr_stream-based encoder for NFSv2/3 ACLs 2024-11-19 12:27:35 +01:00
nfsd nfsd: hold a lighter-weight client reference over CB_RECALL_ANY 2024-11-19 14:19:31 +01:00
nilfs2 nilfs2: fix inode number range checks 2024-11-19 14:19:41 +01:00
nls Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
notify Revert "fs: add file and path permissions helpers" 2024-11-19 13:30:21 +01:00
ntfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ocfs2 ocfs2: fix DIO failure due to insufficient transaction credits 2024-11-19 14:19:33 +01:00
omfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
openpromfs openpromfs: finish conversion to the new mount API 2024-11-19 12:26:52 +01:00
orangefs orangefs: fix out-of-bounds fsid access 2024-11-19 14:19:41 +01:00
overlayfs Revert "namei: introduce struct renamedata" 2024-11-19 13:45:08 +01:00
proc fs/proc: fix softlockup in __read_vmcore 2024-11-19 14:19:04 +01:00
pstore pstore/zone: Add a null pointer check to the psz_kmsg_read 2024-11-19 09:23:13 +01:00
qnx4 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
qnx6 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
quota quota: Fix rcu annotations of inode dquot pointers 2024-11-19 08:44:52 +01:00
ramfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
reiserfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
romfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sdfat Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
squashfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sysfs fs: sysfs: Fix reference leak in sysfs_break_active_protection() 2024-11-19 11:32:23 +01:00
sysv sysv: don't call sb_bread() with pointers_lock held 2024-11-19 09:23:14 +01:00
tracefs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ubifs ubifs: Set page uptodate in the correct place 2024-11-19 09:22:16 +01:00
udf udf: udftime: prevent overflow in udf_disk_stamp_to_time() 2024-11-19 14:19:07 +01:00
ufs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
unicode Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vboxsf vboxsf: Avoid an spurious warning if load_nls_xxx() fails 2024-11-19 09:22:46 +01:00
verity Revert "fs: add file and path permissions helpers" 2024-11-19 13:30:21 +01:00
xfs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
zonefs zonefs: Improve error handling 2024-11-18 22:25:32 +01:00
aio.c fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion 2024-11-19 09:22:39 +01:00
anon_inodes.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
attr.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
bad_inode.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_aout.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_elf.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_elf_fdpic.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_em86.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_flat.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_misc.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
binfmt_script.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
block_dev.c block: Don't invalidate pagecache for invalid falloc modes 2024-11-18 12:12:06 +01:00
buffer.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
char_dev.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
compat_binfmt_elf.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
coredump.c exec: Simplify unshare_files 2024-11-19 12:27:27 +01:00
d_path.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dax.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dcache.c fast_dput(): handle underflows gracefully 2024-11-18 12:13:17 +01:00
dcookies.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
direct-io.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dlog_hook.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
drop_caches.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
eventfd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
eventpoll.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
exec.c exec: Simplify unshare_files 2024-11-19 12:27:27 +01:00
fcntl.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fhandle.c do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak 2024-11-19 08:44:37 +01:00
file.c Revert "file: Rename __close_fd to close_fd and remove the files parameter" 2024-11-19 12:59:13 +01:00
file_table.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
filesystems.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fs-writeback.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fs_context.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fs_parser.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fs_pin.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fs_struct.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fs_types.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fsopen.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
init.c Revert "fs: add file and path permissions helpers" 2024-11-19 13:30:21 +01:00
inode.c fs: add ctime accessors infrastructure 2024-11-18 12:11:13 +01:00
internal.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ioctl.c lsm: new security_file_ioctl_compat() hook 2024-11-18 12:12:58 +01:00
Kconfig NFSD: Remove CONFIG_NFSD_V3 2024-11-19 12:27:54 +01:00
Kconfig.binfmt Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kernel_read_file.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
libfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
locks.c Revert "filelock: add a new locks_inode_context accessor function" 2024-11-19 13:30:52 +01:00
Makefile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mbcache.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mount.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mpage.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
namei.c Revert "namei: introduce struct renamedata" 2024-11-19 13:45:08 +01:00
namespace.c fs: indicate request originates from old mount API 2024-11-18 12:12:26 +01:00
no-block.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nsfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
open.c ftruncate: pass a signed offset 2024-11-19 14:19:34 +01:00
pipe.c pipe: wakeup wr_wait after setting max_usage 2024-11-18 12:13:04 +01:00
pnode.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pnode.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
posix_acl.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
proc_namespace.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
read_write.c security: samsung: defex_lsm: nuke 2024-06-15 16:20:49 -03:00
readdir.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
remap_range.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
select.c fs/select: rework stack allocation hack for clang 2024-11-19 08:44:37 +01:00
seq_file.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
signalfd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
splice.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
stack.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
stat.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
statfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
super.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sync.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
timerfd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
userfaultfd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
utimes.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xattr.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00