raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-25 03:22:39 +00:00
Code Issues Projects Releases Wiki Activity
Files
cf2a3bd43c54b94e4bcd38856c38a164fc43e40c
linux/fs
History
Randall Huang 980628e34f f2fs: fix to avoid accessing xattr across the boundary 
[ Upstream commit 2777e65437 ]

When we traverse xattr entries via __find_xattr(),
if the raw filesystem content is faked or any hardware failure occurs,
out-of-bound error can be detected by KASAN.
Fix the issue by introducing boundary check.

[   38.402878] c7   1827 BUG: KASAN: slab-out-of-bounds in f2fs_getxattr+0x518/0x68c
[   38.402891] c7   1827 Read of size 4 at addr ffffffc0b6fb35dc by task
[   38.402935] c7   1827 Call trace:
[   38.402952] c7   1827 [<ffffff900809003c>] dump_backtrace+0x0/0x6bc
[   38.402966] c7   1827 [<ffffff9008090030>] show_stack+0x20/0x2c
[   38.402981] c7   1827 [<ffffff900871ab10>] dump_stack+0xfc/0x140
[   38.402995] c7   1827 [<ffffff9008325c40>] print_address_description+0x80/0x2d8
[   38.403009] c7   1827 [<ffffff900832629c>] kasan_report_error+0x198/0x1fc
[   38.403022] c7   1827 [<ffffff9008326104>] kasan_report_error+0x0/0x1fc
[   38.403037] c7   1827 [<ffffff9008325000>] __asan_load4+0x1b0/0x1b8
[   38.403051] c7   1827 [<ffffff90085fcc44>] f2fs_getxattr+0x518/0x68c
[   38.403066] c7   1827 [<ffffff90085fc508>] f2fs_xattr_generic_get+0xb0/0xd0
[   38.403080] c7   1827 [<ffffff9008395708>] __vfs_getxattr+0x1f4/0x1fc
[   38.403096] c7   1827 [<ffffff9008621bd0>] inode_doinit_with_dentry+0x360/0x938
[   38.403109] c7   1827 [<ffffff900862d6cc>] selinux_d_instantiate+0x2c/0x38
[   38.403123] c7   1827 [<ffffff900861b018>] security_d_instantiate+0x68/0x98
[   38.403136] c7   1827 [<ffffff9008377db8>] d_splice_alias+0x58/0x348
[   38.403149] c7   1827 [<ffffff900858d16c>] f2fs_lookup+0x608/0x774
[   38.403163] c7   1827 [<ffffff900835eacc>] lookup_slow+0x1e0/0x2cc
[   38.403177] c7   1827 [<ffffff9008367fe0>] walk_component+0x160/0x520
[   38.403190] c7   1827 [<ffffff9008369ef4>] path_lookupat+0x110/0x2b4
[   38.403203] c7   1827 [<ffffff900835dd38>] filename_lookup+0x1d8/0x3a8
[   38.403216] c7   1827 [<ffffff900835eeb0>] user_path_at_empty+0x54/0x68
[   38.403229] c7   1827 [<ffffff9008395f44>] SyS_getxattr+0xb4/0x18c
[   38.403241] c7   1827 [<ffffff9008084200>] el0_svc_naked+0x34/0x38

Signed-off-by: Randall Huang <huangrandall@google.com>
[Jaegeuk Kim: Fix wrong ending boundary]
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-06-19 08:00:06 +02:00
..
9p
Merge tag '9p-for-5.1' of git://github.com/martinetd/linux
2019-03-17 09:10:56 -07:00
adfs
adfs: use timespec64 for time conversion
2018-08-22 10:52:51 -07:00
affs
afs
afs: Fix getting the afs.fid xattr
2019-05-31 06:43:13 -07:00
autofs
autofs: clear O_NONBLOCK on the pipe
2019-03-07 18:32:01 -08:00
befs
bfs
bfs: extra sanity checking and static inode bitmap
2019-01-04 13:13:47 -08:00
btrfs
btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON()
2019-06-09 09:16:10 +02:00
cachefiles
fscache, cachefiles: remove redundant variable 'cache'
2018-11-30 16:00:58 +00:00
ceph
ceph: flush dirty inodes before proceeding with remount
2019-05-25 18:16:36 +02:00
cifs
CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
2019-06-09 09:16:16 +02:00
coda
configfs
configfs: fix possible use-after-free in configfs_register_group
2019-06-15 11:52:57 +02:00
cramfs
Merge tag 'cramfs_fixes' of git://git.linaro.org/people/nicolas.pitre/linux
2018-10-30 12:46:25 -07:00
crypto
fscrypt: use READ_ONCE() to access ->i_crypt_info
2019-05-31 06:43:32 -07:00
debugfs
debugfs: fix use-after-free on symlink traversal
2019-04-01 00:31:02 -04:00
devpts
fs/devpts: always delete dcache dentry-s in dput()
2019-01-24 13:38:30 -05:00
dlm
socket: Rename SO_RCVTIMEO/ SO_SNDTIMEO with _OLD suffixes
2019-02-03 11:17:31 -08:00
ecryptfs
crypto: clarify name of WEAK_KEY request flag
2019-01-25 18:41:52 +08:00
efivarfs
efivars: Call guid_parse() against guid_t type of variable
2018-07-22 14:13:44 +02:00
efs
exportfs
exportfs: do not read dentry after free
2018-11-23 09:08:17 -05:00
ext2
Merge tag 'fs_for_v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2019-03-07 09:01:33 -08:00
ext4
ext4: wait for outstanding dio during truncate in nojournal mode
2019-05-31 06:43:08 -07:00
f2fs
f2fs: fix to avoid accessing xattr across the boundary
2019-06-19 08:00:06 +02:00
fat
fs/fat/file.c: issue flush after the writeback of FAT
2019-06-15 11:52:50 +02:00
freevxfs
fscache
fscache: fix race between enablement and dropping of object
2018-11-30 15:57:31 +00:00
fuse
fuse: retrieve: cap requested size to negotiated max_write
2019-06-15 11:53:00 +02:00
gfs2
gfs2: Fix occasional glock use-after-free
2019-05-31 06:43:14 -07:00
hfs
hfs: do not free node before using
2018-11-30 14:56:14 -08:00
hfsplus
hfsplus: return file attributes on statx
2019-01-04 13:13:47 -08:00
hostfs
vfs: discard ATTR_ATTR_FLAG
2018-08-17 16:20:28 -07:00
hpfs
hpfs: fix spelling mistake "partion" -> "partition"
2019-03-12 09:58:03 -07:00
hugetlbfs
hugetlb: use same fault hash key for shared and private mappings
2019-05-22 07:39:50 +02:00
isofs
Update email address
2018-09-29 22:47:48 -04:00
jbd2
jbd2: fix potential double free
2019-05-22 07:39:56 +02:00
jffs2
jffs2: fix use-after-free on symlink traversal
2019-04-01 00:31:02 -04:00
jfs
jfs: remove redundant dquot_initialize() in jfs_evict_inode()
2018-09-20 09:28:49 -05:00
kernfs
kernfs: fix barrier usage in __kernfs_new_node()
2019-05-16 19:35:34 +02:00
lockd
Revert "lockd: Show pid of lockd for remote locks"
2019-06-09 09:16:16 +02:00
minix
nfs
NFSv4.1: Fix bug only first CB_NOTIFY_LOCK is handled
2019-06-11 12:19:16 +02:00
nfs_common
nfsd
nfsd: avoid uninitialized variable warning
2019-06-15 11:53:00 +02:00
nilfs2
XArray: Change xa_insert to return -EBUSY
2019-02-06 13:12:15 -05:00
nls
notify
fsnotify: fix unlink performance regression
2019-05-25 18:16:35 +02:00
ntfs
mm: convert totalram_pages and totalhigh_pages variables to atomic
2018-12-28 12:11:47 -08:00
ocfs2
fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
2019-06-19 08:00:02 +02:00
omfs
openpromfs
fs/openpromfs: Use of_node_name_eq for node name comparisons
2018-11-18 13:35:19 -08:00
orangefs
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 13:27:20 -07:00
overlayfs
ovl: support stacked SEEK_HOLE/SEEK_DATA
2019-06-15 11:53:06 +02:00
proc
proc: prevent changes to overridden credentials
2019-05-25 18:16:22 +02:00
pstore
pstore/ram: Run without kernel crash dump region
2019-06-11 12:19:16 +02:00
qnx4
qnx6
quota
quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls.
2018-12-18 18:29:15 +01:00
ramfs
reiserfs
reiserfs: remove workaround code for GCC 3.x
2018-10-31 08:54:14 -07:00
romfs
squashfs
Squashfs: Compute expected length from inode size rather than block length
2018-08-02 09:34:02 -07:00
sysfs
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-16 10:31:02 -07:00
sysv
sysv: return 'err' instead of 0 in __sysv_write_inode
2018-11-10 08:02:40 -05:00
tracefs
tracefs: Annotate tracefs_ops with __ro_after_init
2018-07-31 11:32:44 -04:00
ubifs
ubifs: fix use-after-free on symlink traversal
2019-04-01 00:31:02 -04:00
udf
udf: Propagate errors from udf_truncate_extents()
2019-03-18 16:30:02 +01:00
ufs
ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
2019-05-02 02:24:50 -04:00
xfs
xfs: serialize unaligned dio writes against all other dio writes
2019-03-26 08:37:55 -07:00
aio.c
aio: use kmem_cache_free() instead of kfree()
2019-04-04 20:13:59 -04:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
a.out: remove core dumping support
2019-03-05 10:00:35 -08:00
binfmt_elf_fdpic.c
binfmt_elf.c
fs/binfmt_elf.c: spread const a little
2019-03-07 18:32:01 -08:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
exec: load_script: Do not exec truncated interpreter path
2019-02-18 16:49:36 -08:00
block_dev.c
block: fix handling for BIO_NO_PAGE_REF
2019-05-01 08:38:47 -06:00
buffer.c
fs: fix guard_bio_eod to check for real EOD errors
2019-02-28 13:59:41 -07:00
char_dev.c
chardev: add additional check for minor range overlap
2019-05-31 06:43:42 -07:00
compat_binfmt_elf.c
y2038: globally rename compat_time to old_time32
2018-08-27 14:48:48 +02:00
compat_ioctl.c
Merge tag 'media/v4.20-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
2018-10-29 14:29:58 -07:00
compat.c
coredump.c
signal: Distinguish between kernel_siginfo and siginfo
2018-10-03 16:47:43 +02:00
d_path.c
dax.c
mm: page_mkclean vs MADV_DONTNEED race
2019-06-15 11:52:52 +02:00
dcache.c
dcache: sort the freeing-without-RCU-delay mess for good.
2019-05-25 18:16:24 +02:00
dcookies.c
direct-io.c
block: allow bio_for_each_segment_all() to iterate over multi-page bvec
2019-02-15 08:40:11 -07:00
drop_caches.c
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
2019-02-01 15:46:24 -08:00
eventfd.c
eventpoll.c
epoll: use rwlock in order to reduce ep_poll_callback() contention
2019-03-07 18:32:01 -08:00
exec.c
exec: increase BINPRM_BUF_SIZE to 256
2019-03-07 18:32:01 -08:00
fcntl.c
signal: Distinguish between kernel_siginfo and siginfo
2018-10-03 16:47:43 +02:00
fhandle.c
file_table.c
fs: add fget_many() and fput_many()
2019-02-28 08:24:23 -07:00
file.c
Merge tag 'io_uring-2019-03-06' of git://git.kernel.dk/linux-block
2019-03-08 14:48:40 -08:00
filesystems.c
vfs: Implement a filesystem superblock creation/configuration context
2019-02-28 03:29:26 -05:00
fs_context.c
vfs: Implement logging through fs_context
2019-02-28 03:29:37 -05:00
fs_parser.c
fs: fs_parser: fix printk format warning
2019-03-29 10:01:38 -07:00
fs_pin.c
fs_struct.c
fs_types.c
fs: common implementation of file type
2019-01-21 17:48:13 +01:00
fs-writeback.c
fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount
2019-05-22 07:39:55 +02:00
inode.c
Abort file_remove_privs() for non-reg. files
2019-04-28 21:46:57 -04:00
internal.h
acct_on(): don't mess with freeze protection
2019-05-31 06:43:13 -07:00
io_uring.c
io_uring: fix memory leak of UNIX domain socket inode
2019-06-19 08:00:02 +02:00
ioctl.c
Remove 'type' argument from access_ok() function
2019-01-03 18:57:57 -08:00
iomap.c
block: add BIO_NO_PAGE_REF flag
2019-03-18 10:44:48 -06:00
Kconfig
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 14:08:19 -07:00
Kconfig.binfmt
kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt
2018-08-02 08:06:55 +09:00
libfs.c
locks.c
locks: wake any locks blocked on request before deadlock check
2019-03-25 08:36:24 -04:00
Makefile
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 14:08:19 -07:00
mbcache.c
mount.h
saner handling of temporary namespaces
2019-01-30 17:44:07 -05:00
mpage.c
block: allow bio_for_each_segment_all() to iterate over multi-page bvec
2019-02-15 08:40:11 -07:00
namei.c
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 14:08:19 -07:00
namespace.c
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2019-03-12 14:08:19 -07:00
no-block.c
nsfs.c
dcache: sort the freeing-without-RCU-delay mess for good.
2019-05-25 18:16:24 +02:00
open.c
fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
2019-04-06 07:01:55 -10:00
pipe.c
Merge branch 'page-refs' (page ref overflow)
2019-04-14 15:09:40 -07:00
pnode.c
separate copying and locking mount tree on cross-userns copies
2019-01-30 17:14:50 -05:00
pnode.h
separate copying and locking mount tree on cross-userns copies
2019-01-30 17:14:50 -05:00
posix_acl.c
proc_namespace.c
read_write.c
fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
2019-04-06 07:01:55 -10:00
readdir.c
Remove 'type' argument from access_ok() function
2019-01-03 18:57:57 -08:00
select.c
y2038: syscalls: rename y2038 compat syscalls
2019-02-07 00:13:27 +01:00
seq_file.c
fs/seq_file.c: simplify seq_file iteration code and interface
2018-08-17 16:20:28 -07:00
signalfd.c
signal: Distinguish between kernel_siginfo and siginfo
2018-10-03 16:47:43 +02:00
splice.c
Merge tag 'trace-v5.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
2019-04-26 11:09:55 -07:00
stack.c
stat.c
fs: move generic stat response attr handling to vfs_getattr_nosec
2019-02-01 01:55:45 -05:00
statfs.c
vfs: add vfs_get_fsid() helper
2019-02-07 16:38:35 +01:00
super.c
[fix] get rid of checking for absent device name in vfs_get_tree()
2019-04-28 21:34:21 -04:00
sync.c
timerfd.c
y2038: syscalls: rename y2038 compat syscalls
2019-02-07 00:13:27 +01:00
userfaultfd.c
coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
2019-04-19 09:46:05 -07:00
utimes.c
y2038: syscalls: rename y2038 compat syscalls
2019-02-07 00:13:27 +01:00
xattr.c
sysfs: Do not return POSIX ACL xattrs via listxattr
2018-09-18 07:30:48 -04:00