brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux-brain/fs/squashfs
History
Phillip Lougher 3654a0ed0b squashfs: add more sanity checks in xattr id lookup 
commit 506220d2ba21791314af569211ffd8870b8208fa upstream.

Sysbot has reported a warning where a kmalloc() attempt exceeds the
maximum limit.  This has been identified as corruption of the xattr_ids
count when reading the xattr id lookup table.

This patch adds a number of additional sanity checks to detect this
corruption and others.

1. It checks for a corrupted xattr index read from the inode.  This could
   be because the metadata block is uncompressed, or because the
   "compression" bit has been corrupted (turning a compressed block
   into an uncompressed block).  This would cause an out of bounds read.

2. It checks against corruption of the xattr_ids count.  This can either
   lead to the above kmalloc failure, or a smaller than expected
   table to be read.

3. It checks the contents of the index table for corruption.

[phillip@squashfs.org.uk: fix checkpatch issue]
  Link: https://lkml.kernel.org/r/270245655.754655.1612770082682@webmail.123-reg.co.uk

Link: https://lkml.kernel.org/r/20210204130249.4495-5-phillip@squashfs.org.uk
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reported-by: syzbot+2ccea6339d368360800d@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2021-02-13 13:52:57 +01:00
..
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
block.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
cache.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
decompressor.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
decompressor.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
decompressor_multi.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
decompressor_multi_percpu.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
decompressor_single.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
dir.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
export.c squashfs: add more sanity checks in inode lookup 2021-02-13 13:52:56 +01:00
file.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
file_cache.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
file_direct.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
fragment.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
id.c squashfs: add more sanity checks in id lookup 2021-02-13 13:52:56 +01:00
inode.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
lz4_wrapper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
lzo_wrapper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
namei.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
page_actor.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
page_actor.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
squashfs.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
squashfs_fs.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
squashfs_fs_i.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
squashfs_fs_sb.h squashfs: add more sanity checks in id lookup 2021-02-13 13:52:56 +01:00
super.c squashfs: add more sanity checks in id lookup 2021-02-13 13:52:56 +01:00
symlink.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
xattr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
xattr.h squashfs: add more sanity checks in id lookup 2021-02-13 13:52:56 +01:00
xattr_id.c squashfs: add more sanity checks in xattr id lookup 2021-02-13 13:52:57 +01:00
xz_wrapper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
zlib_wrapper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 2019-05-24 17:27:11 +02:00
zstd_wrapper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 118 2019-05-24 17:39:02 +02:00