Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9e47a4c9 authored by Theodore Ts'o's avatar Theodore Ts'o
Browse files

ext4: sanity check the block and cluster size at mount time 

If the block size or cluster size is insane, reject the mount.  This
is important for security reasons (although we shouldn't be just
depending on this check).

Ref: http://www.securityfocus.com/archive/1/539661
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1332506


Reported-by: default avatarBorislav Petkov <bp@alien8.de>
Reported-by: default avatarNikolay Borisov <kernel@kyup.com>
Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
parent d5c8dab6

fs/ext4/ext4.h

+1 −0
Original line number Diff line number Diff line
@@ -235,6 +235,7 @@ struct ext4_io_submit { 
#define	EXT4_MAX_BLOCK_SIZE		65536

#define EXT4_MIN_BLOCK_LOG_SIZE		10

#define EXT4_MAX_BLOCK_LOG_SIZE		16

#define EXT4_MAX_CLUSTER_LOG_SIZE	30

#ifdef __KERNEL__

# define EXT4_BLOCK_SIZE(s)		((s)->s_blocksize)

#else

fs/ext4/super.c

+16 −1
Original line number Diff line number Diff line
@@ -3567,7 +3567,15 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) 
	if (blocksize < EXT4_MIN_BLOCK_SIZE ||

	    blocksize > EXT4_MAX_BLOCK_SIZE) {

		ext4_msg(sb, KERN_ERR,

		       "Unsupported filesystem blocksize %d", blocksize);

		       "Unsupported filesystem blocksize %d (%d log_block_size)",

			 blocksize, le32_to_cpu(es->s_log_block_size));

		goto failed_mount;

	}

	if (le32_to_cpu(es->s_log_block_size) >

	    (EXT4_MAX_BLOCK_LOG_SIZE - EXT4_MIN_BLOCK_LOG_SIZE)) {

		ext4_msg(sb, KERN_ERR,

			 "Invalid log block size: %u",

			 le32_to_cpu(es->s_log_block_size));

		goto failed_mount;

	}
@@ -3699,6 +3707,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) 
				 "block size (%d)", clustersize, blocksize);

			goto failed_mount;

		}

		if (le32_to_cpu(es->s_log_cluster_size) >

		    (EXT4_MAX_CLUSTER_LOG_SIZE - EXT4_MIN_BLOCK_LOG_SIZE)) {

			ext4_msg(sb, KERN_ERR,

				 "Invalid log cluster size: %u",

				 le32_to_cpu(es->s_log_cluster_size));

			goto failed_mount;

		}

		sbi->s_cluster_bits = le32_to_cpu(es->s_log_cluster_size) -

			le32_to_cpu(es->s_log_block_size);

		sbi->s_clusters_per_group =