Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-11-01 02:21:16 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/fs/ext4
History
Chandan Rajendra 9e3b003554 ext4: fix crash when a directory's i_size is too small 
commit 9d5afec6b8bd46d6ed821aa1579634437f58ef1f upstream.

On a ppc64 machine, when mounting a fuzzed ext2 image (generated by
fsfuzzer) the following call trace is seen,

VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 6913 at /root/repos/linux/fs/buffer.c:1165 .__brelse.part.6+0x24/0x40
.__brelse.part.6+0x20/0x40 (unreliable)
.ext4_find_entry+0x384/0x4f0
.ext4_lookup+0x84/0x250
.lookup_slow+0xdc/0x230
.walk_component+0x268/0x400
.path_lookupat+0xec/0x2d0
.filename_lookup+0x9c/0x1d0
.vfs_statx+0x98/0x140
.SyS_newfstatat+0x48/0x80
system_call+0x58/0x6c

This happens because the directory that ext4_find_entry() looks up has
inode->i_size that is less than the block size of the filesystem. This
causes 'nblocks' to have a value of zero. ext4_bread_batch() ends up not
reading any of the directory file's blocks. This renders the entries in
bh_use[] array to continue to have garbage data. buffer_uptodate() on
bh_use[0] can then return a zero value upon which brelse() function is
invoked.

This commit fixes the bug by returning -ENOENT when the directory file
has no associated blocks.

Reported-by: Abdul Haleem <abdhalee@linux.vnet.ibm.com>
Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
2019-07-27 21:46:17 +02:00
..
acl.c ext4: Don't clear SGID when inheriting ACLs 2019-07-27 21:44:57 +02:00
acl.h
balloc.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
bitmap.c
block_validity.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
dir.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
ext4.h ext4: sanity check the block and cluster size at mount time 2019-07-27 21:42:20 +02:00
ext4_extents.h
ext4_jbd2.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
ext4_jbd2.h
extents.c ext4: check for extents that wrap around 2019-07-27 21:41:51 +02:00
extents_status.c ext4: fix data corruption caused by unwritten and delayed extents 2015-05-13 05:15:42 -07:00
extents_status.h
file.c ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets 2019-07-27 21:44:26 +02:00
fsync.c
hash.c
ialloc.c ext4: fix hang when processing corrupted orphaned inode list 2019-07-27 21:41:49 +02:00
indirect.c ext4: don't retry file block mapping on bigalloc fs with non-extent file 2015-08-03 09:29:43 -07:00
inline.c ext4: mark inode dirty after converting inline directory 2019-07-27 21:43:15 +02:00
inode.c ext4: avoid deadlock when expanding inode size 2019-07-27 21:44:26 +02:00
ioctl.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
Kconfig
Makefile Import latest Samsung release 2017-04-18 03:43:52 +02:00
mballoc.c ext4: trim allocation requests to group size 2019-07-27 21:43:27 +02:00
mballoc.h
migrate.c ext4: correctly migrate a file with a hole at the beginning 2015-08-03 09:29:43 -07:00
mmp.c
move_extent.c ext4: add lockdep annotations for i_data_sem 2016-06-07 10:42:50 +02:00
namei.c ext4: fix crash when a directory's i_size is too small 2019-07-27 21:46:17 +02:00
page-io.c
resize.c ext4: fix overflow caused by missing cast in ext4_resize_fs() 2019-07-27 21:44:16 +02:00
super.c ext4: return EROFS if device is r/o and journal replay is needed 2019-07-27 21:43:28 +02:00
symlink.c
truncate.h
xattr.c ext4: avoid deadlock when expanding inode size 2019-07-27 21:44:26 +02:00
xattr.h
xattr_security.c
xattr_trusted.c
xattr_user.c