iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Dan Carpenter 6a564bad3a xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() 
commit 6ed6356b07714e0198be3bc3ecccc8b40a212de4 upstream.

The "bufsize" comes from the root user.  If "bufsize" is negative then,
because of type promotion, neither of the validation checks at the start
of the function are able to catch it:

	if (bufsize < sizeof(struct xfs_attrlist) ||
	    bufsize > XFS_XATTR_LIST_MAX)
		return -EINVAL;

This means "bufsize" will trigger (WARN_ON_ONCE(size > INT_MAX)) in
kvmalloc_node().  Fix this by changing the type from int to size_t.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-08-31 17:15:14 +02:00
..
9p
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
2022-06-22 14:13:12 +02:00
adfs
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-10-24 12:26:05 -07:00
affs
fs/affs: release old buffer head on error path
2021-03-04 11:38:37 +01:00
afs
afs: Fix dynamic root getattr
2022-06-29 08:59:49 +02:00
autofs
autofs: harden ioctl table
2020-10-16 11:11:22 -07:00
befs
[PATCH] reduce boilerplate in fsid handling
2020-09-18 16:45:50 -04:00
bfs
bfs: don't use WARNING: string when it's just info.
2021-01-06 14:56:52 +01:00
btrfs
btrfs: fix lost error handling when looking up extended ref on log replay
2022-08-25 11:37:51 +02:00
cachefiles
fs/cachefiles: Remove wait_bit_key layout dependency
2021-03-30 14:32:07 +02:00
ceph
ceph: don't leak snap_rwsem in handle_cap_grant
2022-08-25 11:38:00 +02:00
cifs
smb3: check xattr value length earlier
2022-08-25 11:38:21 +02:00
coda
configfs
configfs: fix a race in configfs_{,un}register_subsystem()
2022-03-02 11:42:52 +01:00
cramfs
[PATCH] reduce boilerplate in fsid handling
2020-09-18 16:45:50 -04:00
crypto
fscrypt: allow 256-bit master keys with AES-256-XTS
2021-11-18 14:03:54 +01:00
debugfs
debugfs: lockdown: Allow reading debugfs files that are not world readable
2022-01-27 10:54:02 +01:00
devpts
fsnotify: fix fsnotify hooks in pseudo filesystems
2022-02-01 17:25:39 +01:00
dlm
dlm: fix pending remove if msg allocation fails
2022-07-29 17:19:24 +02:00
ecryptfs
Revert "ecryptfs: replace BUG_ON with error handling code"
2021-05-26 12:06:55 +02:00
efivarfs
efivarfs: revert "fix memory leak in efivarfs_create()"
2020-11-25 16:55:02 +01:00
efs
[PATCH] reduce boilerplate in fsid handling
2020-09-18 16:45:50 -04:00
erofs
erofs: avoid consecutive detection for Highmem memory
2022-08-21 15:15:35 +02:00
exfat
exfat: check if cluster num is valid
2022-06-06 08:42:42 +02:00
exportfs
ext2
ext2: Add more validity checks for inode counts
2022-08-21 15:15:28 +02:00
ext4
ext4: avoid resizing to a partial cluster size
2022-08-25 11:38:18 +02:00
f2fs
f2fs: fix to do sanity check on segment type in build_sit_entries()
2022-08-25 11:38:21 +02:00
fat
fat: add ratelimit to fat*_ent_bread()
2022-06-09 10:20:58 +02:00
freevxfs
fscache
fscache: Fix cookie key hashing
2021-09-18 13:40:15 +02:00
fuse
fuse: Remove the control interface for virtio-fs
2022-08-21 15:16:10 +02:00
gfs2
gfs2: use i_lock spin_lock for inode qadata
2022-06-09 10:20:57 +02:00
hfs
hfs: add lock nesting notation to hfs_find_init
2021-07-31 08:16:12 +02:00
hfsplus
hfsplus: prevent corruption in shrinking truncate
2021-05-19 10:13:10 +02:00
hostfs
hostfs: fix memory handling in follow_link()
2021-04-14 08:42:06 +02:00
hpfs
[PATCH] reduce boilerplate in fsid handling
2020-09-18 16:45:50 -04:00
hugetlbfs
mm, hugetlb: allow for "high" userspace addresses
2022-04-27 13:53:54 +02:00
iomap
xfs: use current->journal_info for detecting transaction recursion
2022-07-07 17:52:19 +02:00
isofs
isofs: Fix out of bound access for corrupted isofs image
2021-11-12 14:58:33 +01:00
jbd2
jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
2022-08-21 15:16:04 +02:00
jffs2
jffs2: fix memory leak in jffs2_do_fill_super
2022-06-14 18:32:35 +02:00
jfs
fs: jfs: fix possible NULL pointer dereference in dbFree()
2022-06-09 10:20:57 +02:00
kernfs
kernfs: Separate kernfs_pr_cont_buf and rename_lock.
2022-06-14 18:32:43 +02:00
lockd
lockd: lockd server-side shouldn't set fl_ops
2021-09-18 13:40:30 +02:00
minix
minix: fix bug when opening a file with O_DIRECT
2022-04-13 21:01:01 +02:00
nfs
NFSv4/pnfs: Fix a use-after-free bug in open
2022-08-25 11:37:54 +02:00
nfs_common
nfs_common: need lock during iterate through the list
2020-12-30 11:53:45 +01:00
nfsd
NFSD: restore EINVAL error translation in nfsd_commit()
2022-07-07 17:52:17 +02:00
nilfs2
nilfs2: fix incorrect masking of permission flags for symlinks
2022-07-21 21:20:01 +02:00
nls
notify
fsnotify: fix wrong lockdep annotations
2022-06-09 10:21:03 +02:00
ntfs
ntfs: fix use-after-free in ntfs_ucsncmp()
2022-08-03 12:00:43 +02:00
ocfs2
Revert "ocfs2: mount shared volume without ha stack"
2022-08-03 12:00:43 +02:00
omfs
fs: omfs: use kmemdup() rather than kmalloc+memcpy
2020-09-22 23:39:45 -04:00
openpromfs
orangefs
orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
2022-01-20 09:17:50 +01:00
overlayfs
ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
2022-08-21 15:15:23 +02:00
proc
proc: fix dentry/inode overinstantiating under /proc/${pid}/net
2022-06-09 10:21:17 +02:00
pstore
pstore: Don't use semaphores in always-atomic-context code
2022-04-08 14:39:56 +02:00
qnx4
qnx4: work around gcc false positive warning bug
2021-09-30 10:11:08 +02:00
qnx6
[PATCH] reduce boilerplate in fsid handling
2020-09-18 16:45:50 -04:00
quota
quota: Prevent memory allocation recursion while holding dq_lock
2022-06-22 14:13:14 +02:00
ramfs
ramfs: fix nommu mmap with gaps in the page cache
2020-10-16 11:11:22 -07:00
reiserfs
reiserfs: check directory items on read from disk
2021-08-12 13:22:19 +02:00
romfs
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-10-24 12:26:05 -07:00
squashfs
squashfs: fix divide error in calculate_skip()
2021-05-19 10:13:10 +02:00
sysfs
sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
2020-10-02 12:02:30 +02:00
sysv
[PATCH] reduce boilerplate in fsid handling
2020-09-18 16:45:50 -04:00
tracefs
tracefs: Set the group ownership in apply_options() not parse_options()
2022-03-02 11:42:54 +01:00
ubifs
ubifs: Rectify space amount budget for mkdir/tmpfile operations
2022-04-13 21:00:53 +02:00
udf
udf: Fix NULL ptr deref when converting from inline format
2022-02-01 17:25:39 +01:00
ufs
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-10-24 12:26:05 -07:00
unicode
vboxsf
vboxfs: fix broken legacy mount signature checking
2021-10-17 10:43:33 +02:00
verity
fs-verity: fix signed integer overflow with i_size near S64_MAX
2021-10-06 15:55:46 +02:00
xfs
xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list()
2022-08-31 17:15:14 +02:00
zonefs
zonefs: fix zonefs_iomap_begin() for reads
2022-06-25 15:16:08 +02:00
aio.c
aio: fix use-after-free due to missing POLLFREE handling
2021-12-14 11:32:40 +01:00
anon_inodes.c
attr.c
vfs: Check the truncate maximum size in inode_newsize_ok()
2022-08-21 15:15:22 +02:00
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
coredump: Snapshot the vmas in do_coredump
2022-04-08 14:40:44 +02:00
binfmt_elf.c
coredump: Use the vma snapshot in fill_files_note
2022-04-08 14:40:45 +02:00
binfmt_em86.c
binfmt_flat.c
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
2022-06-09 10:20:47 +02:00
binfmt_misc.c
binfmt_misc: fix possible deadlock in bm_register_write
2021-03-17 17:06:35 +01:00
binfmt_script.c
block_dev.c
block: fix a race between del_gendisk and BLKRRPART
2021-06-03 09:00:45 +02:00
buffer.c
mm, memcg: rework remote charging API to support nesting
2020-10-18 09:27:09 -07:00
char_dev.c
compat_binfmt_elf.c
coredump.c
coredump: Use the vma snapshot in fill_files_note
2022-04-08 14:40:45 +02:00
d_path.c
fs: fix NULL dereference due to data race in prepend_path()
2020-10-14 14:54:45 -07:00
dax.c
dax: fix cache flush on PMD-mapped pages
2022-06-09 10:21:16 +02:00
dcache.c
dcookies.c
direct-io.c
fs: direct-io: fix missing sdio->boundary
2021-04-14 08:41:58 +02:00
drop_caches.c
eventfd.c
eventpoll.c
epoll: autoremove wakers even more aggressively
2022-08-21 15:15:28 +02:00
exec.c
posix-cpu-timers: Cleanup CPU timers before freeing them during exec
2022-08-21 15:16:14 +02:00
fcntl.c
fcntl: fix potential deadlock for &fasync_struct.fa_lock
2021-09-15 09:50:27 +02:00
fhandle.c
file_table.c
SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
2022-05-18 10:23:48 +02:00
file.c
fs: fix fd table size alignment properly
2022-04-08 14:40:30 +02:00
filesystems.c
fs_context.c
memcg: charge fs_context and legacy_fs_context
2022-02-08 18:30:36 +01:00
fs_parser.c
fs_parse: mark fs_param_bad_value() as static
2020-10-13 18:38:27 -07:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
2022-06-09 10:21:22 +02:00
fsopen.c
init.c
inode.c
fs: export an inode_update_time helper
2021-11-26 10:39:22 +01:00
internal.h
cgroup1: fix leaked context root causing sporadic NULL deref in LTP
2021-07-31 08:16:11 +02:00
io_uring.c
io_uring: Use original task for req identity in io_identity_cow()
2022-07-29 17:19:07 +02:00
io-wq.c
io-wq: fix wakeup race when adding new work
2021-09-18 13:40:06 +02:00
io-wq.h
io_uring: always batch cancel in *cancel_files()
2021-02-13 13:54:56 +01:00
ioctl.c
fs: fix an infinite loop in iomap_fiemap
2022-05-25 09:17:54 +02:00
Kconfig
tmpfs: disallow CONFIG_TMPFS_INODE64 on alpha
2021-02-17 11:02:21 +01:00
Kconfig.binfmt
kernel_read_file.c
vfs: check fd has read access in kernel_read_file_from_fd()
2021-10-27 09:56:51 +02:00
libfs.c
libfs: fix error cast of negative value in simple_attr_write()
2020-11-22 10:48:22 -08:00
locks.c
Revert "nfsd4: a client's own opens needn't prevent delegations"
2021-03-20 10:43:44 +01:00
Makefile
Refactored code for 5.10:
2020-10-23 11:33:41 -07:00
mbcache.c
mount.h
mpage.c
namei.c
__follow_mount_rcu(): verify that mount_lock remains unchanged
2022-08-21 15:16:15 +02:00
namespace.c
fs: warn about impending deprecation of mandatory locks
2021-08-26 08:35:57 -04:00
no-block.c
nsfs.c
open.c
open: don't silently ignore unknown O-flags in openat2()
2021-07-14 16:55:59 +02:00
pipe.c
pipe: Fix missing lock in pipe_resize_ring()
2022-06-06 08:42:41 +02:00
pnode.c
pnode.h
mount: fix mounting of detached mounts onto targets that reside on shared mounts
2021-03-17 17:06:13 +01:00
posix_acl.c
proc_namespace.c
proc mountinfo: make splice available again
2020-12-30 11:54:02 +01:00
read_write.c
Refactored code for 5.10:
2020-10-23 11:33:41 -07:00
readdir.c
readdir: make sure to verify directory entry for legacy interfaces too
2021-04-21 13:00:54 +02:00
remap_range.c
fs/remap: constrain dedupe of EOF blocks
2022-07-21 21:20:01 +02:00
select.c
select: Fix indefinitely sleeping task in poll_schedule_timeout()
2022-01-29 10:26:11 +01:00
seq_file.c
seq_file: disallow extremely large seq buffer allocations
2021-07-20 16:05:59 +02:00
signalfd.c
signalfd: use wake_up_pollfree()
2021-12-14 11:32:40 +01:00
splice.c
fs: check FMODE_LSEEK to control internal pipe splicing
2022-08-21 15:15:47 +02:00
stack.c
stat.c
stat: fix inconsistency between struct stat and struct compat_stat
2022-04-27 13:53:54 +02:00
statfs.c
super.c
vfs: make freeze_super abort when sync_filesystem returns error
2022-02-23 12:00:59 +01:00
sync.c
timerfd.c
userfaultfd.c
userfaultfd: fix a race between writeprotect and exit_mmap()
2021-10-27 09:56:51 +02:00
utimes.c
xattr.c
fs/xattr.c: fix kernel-doc warnings for setxattr & removexattr
2020-10-13 18:38:27 -07:00