Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-7.1.y 2024-10-02T12:10:50+00:00 2024-10-02T12:10:50+00:00 Zhao Mengmeng zhaomengmeng@kylinos.cn 2024-10-01T11:54:24+00:00 urn:sha1:b405c1e58b73981da0f8df03b00666b22b9397ae Since udf_current_aext() has error handling, udf_next_aext() should have error handling too. Besides, when too many indirect extents found in one inode, return -EFSCORRUPTED; when reading block failed, return -EIO. Signed-off-by: Zhao Mengmeng <zhaomengmeng@kylinos.cn> Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Jan Kara <jack@suse.cz> Link: https://patch.msgid.link/20241001115425.266556-3-zhaomzhao@126.com 2024-06-26T10:54:11+00:00 Roman Smirnov r.smirnov@omp.ru 2024-06-20T07:24:13+00:00 urn:sha1:56e69e59751d20993f243fb7dd6991c4e522424c An overflow may occur if the function is called with the last block and an offset greater than zero. It is necessary to add a check to avoid this. Found by Linux Verification Center (linuxtesting.org) with Svace. [JK: Make test cover also unalloc table freeing] Link: https://patch.msgid.link/20240620072413.7448-1-r.smirnov@omp.ru Suggested-by: Jan Kara <jack@suse.com> Signed-off-by: Roman Smirnov <r.smirnov@omp.ru> Signed-off-by: Jan Kara <jack@suse.cz> 2024-06-26T10:54:11+00:00 Jan Kara jack@suse.cz 2024-06-17T15:41:53+00:00 urn:sha1:8037da38d33cd354deafc41eee62da0fbcb5135c The wrapper is completely pointless as all the checks are already done in __load_block_bitmap(). Just drop it and rename __load_block_bitmap(). Link: https://patch.msgid.link/20240617154201.29512-3-jack@suse.cz Signed-off-by: Jan Kara <jack@suse.cz> 2024-06-26T10:54:08+00:00 Jan Kara jack@suse.cz 2024-06-17T15:41:52+00:00 urn:sha1:a90d4471146de21745980cba51ce88e7926bcc4f When the filesystem block bitmap is corrupted, we detect the corruption while loading the bitmap and fail the allocation with error. However the next allocation from the same bitmap will notice the bitmap buffer is already loaded and tries to allocate from the bitmap with mixed results (depending on the exact nature of the bitmap corruption). Fix the problem by using BH_verified bit to indicate whether the bitmap is valid or not. Reported-by: syzbot+5f682cd029581f9edfd1@syzkaller.appspotmail.com CC: stable@vger.kernel.org Link: https://patch.msgid.link/20240617154201.29512-2-jack@suse.cz Fixes: 1e0d4adf17e7 ("udf: Check consistency of Space Bitmap Descriptor") Signed-off-by: Jan Kara <jack@suse.cz> 2023-05-30T13:39:13+00:00 Bagas Sanjaya bagasdotme@gmail.com 2023-05-22T00:54:34+00:00 urn:sha1:5ce345541ee43333bfbd99a2ea56b1a0a167c457 The notice refers to full GPL 2.0 text on now defunct MIT FTP site [1]. Replace it with appropriate SPDX license identifier. Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Pali Rohár <pali@kernel.org> Link: https://web.archive.org/web/20020809115410/ftp://prep.ai.mit.edu/pub/gnu/GPL [1] Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> Message-Id: <20230522005434.22133-2-bagasdotme@gmail.com> 2023-02-07T10:49:43+00:00 Vladislav Efanov VEfanov@ispras.ru 2023-02-02T14:04:56+00:00 urn:sha1:1e0d4adf17e7ef03281d7b16555e7c1508c8ed2d Bits, which are related to Bitmap Descriptor logical blocks, are not reset when buffer headers are allocated for them. As the result, these logical blocks can be treated as free and be used for other blocks.This can cause usage of one buffer header for several types of data. UDF issues WARNING in this situation: WARNING: CPU: 0 PID: 2703 at fs/udf/inode.c:2014 __udf_add_aext+0x685/0x7d0 fs/udf/inode.c:2014 RIP: 0010:__udf_add_aext+0x685/0x7d0 fs/udf/inode.c:2014 Call Trace: udf_setup_indirect_aext+0x573/0x880 fs/udf/inode.c:1980 udf_add_aext+0x208/0x2e0 fs/udf/inode.c:2067 udf_insert_aext fs/udf/inode.c:2233 [inline] udf_update_extents fs/udf/inode.c:1181 [inline] inode_getblk+0x1981/0x3b70 fs/udf/inode.c:885 Found by Linux Verification Center (linuxtesting.org) with syzkaller. [JK: Somewhat cleaned up the boundary checks] Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Vladislav Efanov <VEfanov@ispras.ru> Signed-off-by: Jan Kara <jack@suse.cz> 2023-01-26T15:46:32+00:00 Jan Kara jack@suse.cz 2023-01-18T12:27:07+00:00 urn:sha1:101ee137d32adc5b53f5c2a61fbda8f70f994845 UDF was supporting a strange mode where the media was containing 7 blocks of unknown data for every 32 blocks of the filesystem. I have yet to see the media that would need such conversion (maybe it comes from packet writing times) and the conversions have been inconsistent in the code. In particular any write will write to a wrong block and corrupt the media. This is an indication and no user actually needs this so let's just drop the support instead of trying to fix it. Signed-off-by: Jan Kara <jack@suse.cz> 2020-07-16T19:35:15+00:00 Kees Cook keescook@chromium.org 2020-06-03T20:09:38+00:00 urn:sha1:3f649ab728cda8038259d8f14492fe400fbab911 Using uninitialized_var() is dangerous as it papers over real bugs[1] (or can in the future), and suppresses unrelated compiler warnings (e.g. "unused variable"). If the compiler thinks it is uninitialized, either simply initialize the variable or make compiler changes. In preparation for removing[2] the[3] macro[4], remove all remaining needless uses with the following script: git grep '\buninitialized_var\b' | cut -d: -f1 | sort -u | \ xargs perl -pi -e \ 's/\buninitialized_var\(([^\)]+)\)/\1/g; s:\s*/\* (GCC be quiet|to make compiler happy) \*/$::g;' drivers/video/fbdev/riva/riva_hw.c was manually tweaked to avoid pathological white-space. No outstanding warnings were found building allmodconfig with GCC 9.3.0 for x86_64, i386, arm64, arm, powerpc, powerpc64le, s390x, mips, sparc64, alpha, and m68k. [1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/ [2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/ [3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/ [4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/ Reviewed-by: Leon Romanovsky <leonro@mellanox.com> # drivers/infiniband and mlx4/mlx5 Acked-by: Jason Gunthorpe <jgg@mellanox.com> # IB Acked-by: Kalle Valo <kvalo@codeaurora.org> # wireless drivers Reviewed-by: Chao Yu <yuchao0@huawei.com> # erofs Signed-off-by: Kees Cook <keescook@chromium.org> 2019-07-31T16:41:37+00:00 Steve Magnani steve.magnani@digidescorp.com 2019-07-28T19:19:12+00:00 urn:sha1:56db1991690f076c2a7e3b2a226629cd10901690 The UDF bitmap allocation code assumes that a recorded Unallocated Space Bitmap is compliant with ECMA-167 4/13, which requires that pad bytes between the end of the bitmap and the end of a logical block are all zero. When a recorded bitmap does not comply with this requirement, for example one padded with FF to the block boundary instead of 00, the allocator may "allocate" blocks that are outside the UDF partition extent. This can result in UDF volume descriptors being overwritten by file data or by partition-level descriptors, and in extreme cases, even in scribbling on a subsequent disk partition. Add a check that the block selected by the allocator actually resides within the UDF partition extent. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Link: https://lore.kernel.org/r/1564341552-129750-1-git-send-email-steve@digidescorp.com Signed-off-by: Jan Kara <jack@suse.cz> 2018-09-07T08:32:22+00:00 Jan Kara jack@suse.cz 2018-09-06T15:52:28+00:00 urn:sha1:694538b5d753666c81938ca6628188e1c432d377 We don't support Free Space Table and Free Space Bitmap as specified by UDF standard for writing as we don't support erasing blocks before overwriting them. Just drop the handling of these structures as partition descriptor checking code already makes sure such filesystems can be mounted only read-only. Signed-off-by: Jan Kara <jack@suse.cz>