diff options
| author | Theodore Ts'o <tytso@mit.edu> | 2018-06-14 00:58:00 -0400 |
|---|---|---|
| committer | Andrew Lehmer <alehmer@google.com> | 2018-10-31 19:41:00 +0000 |
| commit | f3c8dc90dae77b0ce70e32c0306c01922ac2f944 (patch) | |
| tree | 1e3d6fe13d41c5caabe989d2990f18884f522d87 /net/lapb/lapb_subr.c | |
| parent | 68e64d650e85242a413d483378c19f76c8f263f7 (diff) | |
ext4: only look at the bg_flags field if it is valid
commit 8844618d8aa7a9973e7b527d038a2a589665002c upstream.
The bg_flags field in the block group descripts is only valid if the
uninit_bg or metadata_csum feature is enabled. We were not
consistently looking at this field; fix this.
Also block group #0 must never have uninitialized allocation bitmaps,
or need to be zeroed, since that's where the root inode, and other
special inodes are set up. Check for these conditions and mark the
file system as corrupted if they are detected.
This addresses CVE-2018-10876.
https://bugzilla.kernel.org/show_bug.cgi?id=199403
Bug: 116406122
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
[bwh: Backported to 3.16:
- ext4_read_block_bitmap_nowait() and ext4_read_inode_bitmap() return
a pointer (NULL on error) instead of an error code
- Open-code sb_rdonly()
- Adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[ghackmann@google.com: forward-port to 3.18: adjust context]
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: I11ed41d9fa916662f7eb010854ce4aaaf23ad99a
Diffstat (limited to 'net/lapb/lapb_subr.c')
0 files changed, 0 insertions, 0 deletions