iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Theodore Ts'o c24aab6d86 ext4: add more inode number paranoia checks 
commit c37e9e013469521d9adb932d17a1795c139b36db upstream.

If there is a directory entry pointing to a system inode (such as a
journal inode), complain and declare the file system to be corrupted.

Also, if the superblock's first inode number field is too small,
refuse to mount the file system.

This addresses CVE-2018-10882.

https://bugzilla.kernel.org/show_bug.cgi?id=200069

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-07-11 16:29:18 +02:00
..
9p
fs/9p: Compare qid.path in v9fs_test_inode
2017-11-30 08:40:49 +00:00
adfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
affs
affs_lookup(): close a race with affs_remove_link()
2018-05-30 07:51:47 +02:00
afs
afs: Fix directory permissions check
2018-07-08 15:30:51 +02:00
autofs4
autofs: mount point create should honour passed in mode
2018-04-24 09:36:39 +02:00
befs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
bfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
btrfs
Btrfs: fix return value on rename exchange failure
2018-07-03 11:24:57 +02:00
cachefiles
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ceph
ceph: fix potential memory leak in init_caches()
2018-05-30 07:52:09 +02:00
cifs
cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting
2018-07-11 16:29:15 +02:00
coda
coda: fix 'kernel memory exposure attempt' in fsync
2017-11-24 08:37:05 +01:00
configfs
cramfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
crypto
fscrypt: lock mutex before checking for bounce page pool
2017-11-30 08:40:44 +00:00
debugfs
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-07-15 12:00:42 -07:00
devpts
devpts: fix error handling in devpts_mntget()
2018-02-16 20:23:11 +01:00
dlm
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ecryptfs
eCryptfs: don't pass up plaintext names when using filename encryption
2018-06-21 04:02:42 +09:00
efivarfs
VFS: Kill off s_options and helpers
2017-07-11 06:09:21 -04:00
efs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
exofs
Merge branch 'for-4.14/block' of git://git.kernel.dk/linux-block
2017-09-07 11:59:42 -07:00
exportfs
ext2
do d_instantiate/unlock_new_inode combinations safely
2018-05-30 07:51:47 +02:00
ext4
ext4: add more inode number paranoia checks
2018-07-11 16:29:18 +02:00
f2fs
f2fs: fix to check extent cache in f2fs_drop_extent_tree
2018-05-30 07:52:33 +02:00
fat
fs/fat/inode.c: fix sb_rdonly() change
2017-12-05 11:26:29 +01:00
freevxfs
fscache
fscache: Fix hanging wait on page discarded by writeback
2018-05-30 07:52:25 +02:00
fuse
fuse: fix control dir setup and teardown
2018-07-03 11:24:49 +02:00
gfs2
gfs2: Fix fallocate chunk size
2018-05-30 07:52:35 +02:00
hfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
hfsplus
hfsplus: stop workqueue when fill_super() failed
2018-05-25 16:17:35 +02:00
hostfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
hpfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
hugetlbfs
hugetlbfs: fix bug in pgoff overflow checking
2018-04-19 08:56:21 +02:00
isofs
isofs: fix potential memory leak in mount option parsing
2018-06-21 04:02:41 +09:00
jbd2
jbd2: don't mark block as modified if the handle is out of credits
2018-07-11 16:29:16 +02:00
jffs2
do d_instantiate/unlock_new_inode combinations safely
2018-05-30 07:51:47 +02:00
jfs
do d_instantiate/unlock_new_inode combinations safely
2018-05-30 07:51:47 +02:00
kernfs
kernfs: fix regression in kernfs_fop_write caused by wrong type
2018-02-16 20:22:59 +01:00
lockd
race of lockd inetaddr notifiers vs nlmsvc_rqst change
2018-02-03 17:39:08 +01:00
minix
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ncpfs
staging: ncpfs: memory corruption in ncp_read_kernel()
2018-03-28 18:24:43 +02:00
nfs
NFSv4: Fix a typo in nfs41_sequence_process
2018-07-03 11:25:02 +02:00
nfs_common
lockd: fix "list_add double add" caused by legacy signal interface
2018-02-03 17:39:08 +01:00
nfsd
nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
2018-07-03 11:25:02 +02:00
nilfs2
do d_instantiate/unlock_new_inode combinations safely
2018-05-30 07:51:47 +02:00
nls
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
notify
fsnotify: fix ignore mask logic in send_to_group()
2018-06-21 04:02:41 +09:00
ntfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ocfs2
ocfs2: take inode cluster lock before moving reflinked inode from orphan dir
2018-06-21 04:02:57 +09:00
omfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
openpromfs
orangefs
orangefs: report attributes_mask and attributes for statx
2018-06-26 08:06:33 +08:00
overlayfs
ovl: fix lookup with middle layer opaque dir and absolute path redirects
2018-04-19 08:56:21 +02:00
proc
proc/kcore: don't bounds check against address 0
2018-06-21 04:02:57 +09:00
pstore
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
qnx4
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
qnx6
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
quota
quota: Check for register_shrinker() failure.
2018-02-03 17:39:11 +01:00
ramfs
mm: make pagevec_lookup() update index
2017-09-06 17:27:26 -07:00
reiserfs
do d_instantiate/unlock_new_inode combinations safely
2018-05-30 07:51:47 +02:00
romfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
squashfs
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
sysfs
sysfs: symlink: export sysfs_create_link_nowarn()
2018-03-31 18:10:38 +02:00
sysv
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
tracefs
ubifs
UBIFS: Fix potential integer overflow in allocation
2018-07-03 11:24:59 +02:00
udf
udf: Detect incorrect directory size
2018-07-03 11:25:03 +02:00
ufs
do d_instantiate/unlock_new_inode combinations safely
2018-05-30 07:51:47 +02:00
xfs
xfs: detect agfl count corruption and reset agfl
2018-06-05 11:41:55 +02:00
aio.c
fix io_destroy()/aio_complete() race
2018-06-05 11:41:54 +02:00
anon_inodes.c
attr.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
bad_inode.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
binfmt_aout.c
fs: fix kernel_read prototype
2017-09-04 19:05:15 -04:00
binfmt_elf_fdpic.c
Merge branch 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-09-14 18:13:32 -07:00
binfmt_elf.c
Merge branch 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-09-14 18:13:32 -07:00
binfmt_em86.c
binfmt_flat.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
binfmt_misc.c
fs/binfmt_misc.c: do not allow offset overflow
2018-06-26 08:06:33 +08:00
binfmt_script.c
exec: load_script: kill the onstack interp[BINPRM_BUF_SIZE] array
2017-10-03 17:54:25 -07:00
block_dev.c
fs/mpage.c: fix mpage_writepage() for pages with buffers
2017-10-13 16:18:33 -07:00
buffer.c
fs: guard_bio_eod() needs to consider partitions
2017-11-30 08:40:45 +00:00
char_dev.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
compat_binfmt_elf.c
compat_ioctl.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
compat.c
coredump.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dax.c
fs/dax.c: release PMD lock even when there is no PMD support in DAX
2018-04-26 11:02:14 +02:00
dcache.c
fs: dcache: Use READ_ONCE when accessing i_dir_seq
2018-05-30 07:52:03 +02:00
dcookies.c
direct-io.c
direct-io: Fix sleep in atomic due to sync AIO
2018-03-08 22:41:06 -08:00
drop_caches.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
eventfd.c
eventpoll.c
fs/epoll: use faster rb_first_cached()
2017-09-08 18:26:49 -07:00
exec.c
exec: avoid gcc-8 warning for get_task_comm
2018-03-03 10:24:21 +01:00
fcntl.c
fcntl: don't cap l_start and l_end values for F_GETLK64 in compat syscall
2017-12-17 15:07:59 +01:00
fhandle.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
file_table.c
fput: Don't reinvent the wheel but use existing llist API
2017-08-28 00:50:23 -04:00
file.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
filesystems.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fs_pin.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fs_struct.c
fs-writeback.c
bdi: Fix oops in wb_workfn()
2018-05-16 10:10:25 +02:00
inode.c
fs: clear writeback errors in inode_init_always
2018-07-08 15:30:53 +02:00
internal.h
Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
2017-09-13 09:11:44 -07:00
ioctl.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
iomap.c
fs: invalidate page cache after end_io() in dio completion
2017-10-16 12:11:56 -07:00
Kconfig
fs/Kconfig: kill CONFIG_PERCPU_RWSEM some more
2017-07-12 16:26:00 -07:00
Kconfig.binfmt
libfs.c
fs: convert __generic_file_fsync to use errseq_t based reporting
2017-07-06 07:02:29 -04:00
locks.c
locks: restore a warn for leaked locks on close
2017-07-21 13:57:31 -04:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mbcache.c
mbcache: initialize entry->e_referenced in mb_cache_entry_create()
2018-02-22 15:42:25 +01:00
mount.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mpage.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
namei.c
getname_kernel() needs to make sure that ->name != ->iname in long case
2018-04-19 08:56:19 +02:00
namespace.c
vfs: Undo an overly zealous MS_RDONLY -> SB_RDONLY conversion
2018-06-21 04:02:45 +09:00
no-block.c
nsfs.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
open.c
ovl: don't allow writing ioctl on lower layer
2017-09-05 12:53:12 +02:00
pipe.c
pipe: fix off-by-one error when checking buffer limits
2018-02-16 20:23:05 +01:00
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
read_write.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
readdir.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
select.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
seq_file.c
seq_file: fix incomplete reset on read from zero offset
2018-02-22 15:42:28 +01:00
signalfd.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
splice.c
fs: move kernel_write to fs/read_write.c
2017-09-04 19:05:15 -04:00
stack.c
stat.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
statfs.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
super.c
fs: don't scan the inode cache before SB_BORN is set
2018-05-30 07:51:47 +02:00
sync.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
timerfd.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
userfaultfd.c
userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access
2018-07-11 16:29:13 +02:00
utimes.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xattr.c
lsm: fix smack_inode_removexattr and xattr_getsecurity memleak
2017-10-04 18:03:15 +11:00