Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 70a2dc6a authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 

Pull ext4 bugfixes from Ted Ts'o:
 "Bug fixes for ext4; most of which relate to vulnerabilities where a
  maliciously crafted file system image can result in a kernel OOPS or
  hang.

  At least one fix addresses an inline data bug could be triggered by
  userspace without the need of a crafted file system (although it does
  require that the inline data feature be enabled)"

* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: check superblock mapped prior to committing
  ext4: add more mount time checks of the superblock
  ext4: add more inode number paranoia checks
  ext4: avoid running out of journal credits when appending to an inline file
  jbd2: don't mark block as modified if the handle is out of credits
  ext4: never move the system.data xattr out of the inode body
  ext4: clear i_data in ext4_inode_info when removing inline data
  ext4: include the illegal physical block in the bad map ext4_error msg
  ext4: verify the depth of extent tree in ext4_find_extent()
  ext4: only look at the bg_flags field if it is valid
  ext4: make sure bitmaps and the inode table don't overlap with bg descriptors
  ext4: always check block group bounds in ext4_init_block_bitmap()
  ext4: always verify the magic number in xattr blocks
  ext4: add corruption check in ext4_xattr_set_entry()
  ext4: add warn_on_error mount option
parents 8979319f a17712c8

fs/ext4/balloc.c

+13 −8
Original line number Original line Diff line number Diff line
@@ -184,7 +184,6 @@ static int ext4_init_block_bitmap(struct super_block *sb, 
	unsigned int bit, bit_max;

	unsigned int bit, bit_max;

	struct ext4_sb_info *sbi = EXT4_SB(sb);

	struct ext4_sb_info *sbi = EXT4_SB(sb);

	ext4_fsblk_t start, tmp;

	ext4_fsblk_t start, tmp;

	int flex_bg = 0;





	J_ASSERT_BH(bh, buffer_locked(bh));

	J_ASSERT_BH(bh, buffer_locked(bh));
@@ -207,22 +206,19 @@ static int ext4_init_block_bitmap(struct super_block *sb, 




	start = ext4_group_first_block_no(sb, block_group);

	start = ext4_group_first_block_no(sb, block_group);





	if (ext4_has_feature_flex_bg(sb))

		flex_bg = 1;



	/* Set bits for block and inode bitmaps, and inode table */

	/* Set bits for block and inode bitmaps, and inode table */

	tmp = ext4_block_bitmap(sb, gdp);

	tmp = ext4_block_bitmap(sb, gdp);

	if (!flex_bg || ext4_block_in_group(sb, tmp, block_group))

	if (ext4_block_in_group(sb, tmp, block_group))

		ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data);

		ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data);





	tmp = ext4_inode_bitmap(sb, gdp);

	tmp = ext4_inode_bitmap(sb, gdp);

	if (!flex_bg || ext4_block_in_group(sb, tmp, block_group))

	if (ext4_block_in_group(sb, tmp, block_group))

		ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data);

		ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data);





	tmp = ext4_inode_table(sb, gdp);

	tmp = ext4_inode_table(sb, gdp);

	for (; tmp < ext4_inode_table(sb, gdp) +

	for (; tmp < ext4_inode_table(sb, gdp) +

		     sbi->s_itb_per_group; tmp++) {

		     sbi->s_itb_per_group; tmp++) {

		if (!flex_bg || ext4_block_in_group(sb, tmp, block_group))

		if (ext4_block_in_group(sb, tmp, block_group))

			ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data);

			ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data);

	}

	}
@@ -442,7 +438,16 @@ ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group) 
		goto verify;

		goto verify;

	}

	}

	ext4_lock_group(sb, block_group);

	ext4_lock_group(sb, block_group);

	if (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {

	if (ext4_has_group_desc_csum(sb) &&

	    (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) {

		if (block_group == 0) {

			ext4_unlock_group(sb, block_group);

			unlock_buffer(bh);

			ext4_error(sb, "Block bitmap for bg 0 marked "

				   "uninitialized");

			err = -EFSCORRUPTED;

			goto out;

		}

		err = ext4_init_block_bitmap(sb, bh, block_group, desc);

		err = ext4_init_block_bitmap(sb, bh, block_group, desc);

		set_bitmap_uptodate(bh);

		set_bitmap_uptodate(bh);

		set_buffer_uptodate(bh);

		set_buffer_uptodate(bh);

fs/ext4/ext4.h

+1 −8
Original line number Original line Diff line number Diff line
@@ -1114,6 +1114,7 @@ struct ext4_inode_info { 
#define EXT4_MOUNT_DIOREAD_NOLOCK	0x400000 /* Enable support for dio read nolocking */

#define EXT4_MOUNT_DIOREAD_NOLOCK	0x400000 /* Enable support for dio read nolocking */

#define EXT4_MOUNT_JOURNAL_CHECKSUM	0x800000 /* Journal checksums */

#define EXT4_MOUNT_JOURNAL_CHECKSUM	0x800000 /* Journal checksums */

#define EXT4_MOUNT_JOURNAL_ASYNC_COMMIT	0x1000000 /* Journal Async Commit */

#define EXT4_MOUNT_JOURNAL_ASYNC_COMMIT	0x1000000 /* Journal Async Commit */

#define EXT4_MOUNT_WARN_ON_ERROR	0x2000000 /* Trigger WARN_ON on error */

#define EXT4_MOUNT_DELALLOC		0x8000000 /* Delalloc support */

#define EXT4_MOUNT_DELALLOC		0x8000000 /* Delalloc support */

#define EXT4_MOUNT_DATA_ERR_ABORT	0x10000000 /* Abort on file data write */

#define EXT4_MOUNT_DATA_ERR_ABORT	0x10000000 /* Abort on file data write */

#define EXT4_MOUNT_BLOCK_VALIDITY	0x20000000 /* Block validity checking */

#define EXT4_MOUNT_BLOCK_VALIDITY	0x20000000 /* Block validity checking */
@@ -1507,11 +1508,6 @@ static inline struct ext4_inode_info *EXT4_I(struct inode *inode) 
static inline int ext4_valid_inum(struct super_block *sb, unsigned long ino)

static inline int ext4_valid_inum(struct super_block *sb, unsigned long ino)

{

{

	return ino == EXT4_ROOT_INO ||

	return ino == EXT4_ROOT_INO ||

		ino == EXT4_USR_QUOTA_INO ||

		ino == EXT4_GRP_QUOTA_INO ||

		ino == EXT4_BOOT_LOADER_INO ||

		ino == EXT4_JOURNAL_INO ||

		ino == EXT4_RESIZE_INO ||

		(ino >= EXT4_FIRST_INO(sb) &&

		(ino >= EXT4_FIRST_INO(sb) &&

		 ino <= le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count));

		 ino <= le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count));

}

}
@@ -3018,9 +3014,6 @@ extern int ext4_inline_data_fiemap(struct inode *inode, 
struct iomap;

struct iomap;

extern int ext4_inline_data_iomap(struct inode *inode, struct iomap *iomap);

extern int ext4_inline_data_iomap(struct inode *inode, struct iomap *iomap);





extern int ext4_try_to_evict_inline_data(handle_t *handle,

					 struct inode *inode,

					 int needed);

extern int ext4_inline_data_truncate(struct inode *inode, int *has_inline);

extern int ext4_inline_data_truncate(struct inode *inode, int *has_inline);





extern int ext4_convert_inline_data(struct inode *inode);

extern int ext4_convert_inline_data(struct inode *inode);

fs/ext4/ext4_extents.h

+1 −0
Original line number Original line Diff line number Diff line
@@ -91,6 +91,7 @@ struct ext4_extent_header { 
};

};





#define EXT4_EXT_MAGIC		cpu_to_le16(0xf30a)

#define EXT4_EXT_MAGIC		cpu_to_le16(0xf30a)

#define EXT4_MAX_EXTENT_DEPTH 5





#define EXT4_EXTENT_TAIL_OFFSET(hdr) \

#define EXT4_EXTENT_TAIL_OFFSET(hdr) \

	(sizeof(struct ext4_extent_header) + \

	(sizeof(struct ext4_extent_header) + \

fs/ext4/extents.c

+6 −0
Original line number Original line Diff line number Diff line
@@ -869,6 +869,12 @@ ext4_find_extent(struct inode *inode, ext4_lblk_t block, 




	eh = ext_inode_hdr(inode);

	eh = ext_inode_hdr(inode);

	depth = ext_depth(inode);

	depth = ext_depth(inode);

	if (depth < 0 || depth > EXT4_MAX_EXTENT_DEPTH) {

		EXT4_ERROR_INODE(inode, "inode has invalid extent depth: %d",

				 depth);

		ret = -EFSCORRUPTED;

		goto err;

	}





	if (path) {

	if (path) {

		ext4_ext_drop_refs(path);

		ext4_ext_drop_refs(path);

fs/ext4/ialloc.c

+12 −2
Original line number Original line Diff line number Diff line
@@ -150,7 +150,16 @@ ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group) 
	}

	}





	ext4_lock_group(sb, block_group);

	ext4_lock_group(sb, block_group);

	if (desc->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT)) {

	if (ext4_has_group_desc_csum(sb) &&

	    (desc->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT))) {

		if (block_group == 0) {

			ext4_unlock_group(sb, block_group);

			unlock_buffer(bh);

			ext4_error(sb, "Inode bitmap for bg 0 marked "

				   "uninitialized");

			err = -EFSCORRUPTED;

			goto out;

		}

		memset(bh->b_data, 0, (EXT4_INODES_PER_GROUP(sb) + 7) / 8);

		memset(bh->b_data, 0, (EXT4_INODES_PER_GROUP(sb) + 7) / 8);

		ext4_mark_bitmap_end(EXT4_INODES_PER_GROUP(sb),

		ext4_mark_bitmap_end(EXT4_INODES_PER_GROUP(sb),

				     sb->s_blocksize * 8, bh->b_data);

				     sb->s_blocksize * 8, bh->b_data);
@@ -994,7 +1003,8 @@ struct inode *__ext4_new_inode(handle_t *handle, struct inode *dir, 




		/* recheck and clear flag under lock if we still need to */

		/* recheck and clear flag under lock if we still need to */

		ext4_lock_group(sb, group);

		ext4_lock_group(sb, group);

		if (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {

		if (ext4_has_group_desc_csum(sb) &&

		    (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) {

			gdp->bg_flags &= cpu_to_le16(~EXT4_BG_BLOCK_UNINIT);

			gdp->bg_flags &= cpu_to_le16(~EXT4_BG_BLOCK_UNINIT);

			ext4_free_group_clusters_set(sb, gdp,

			ext4_free_group_clusters_set(sb, gdp,

				ext4_free_clusters_after_init(sb, group, gdp));

				ext4_free_clusters_after_init(sb, group, gdp));