kernel/linux.git/fs/udf/super.c, branch v6.12.80

udf: Verify partition map count

2025-08-20T16:30:20+00:00

[ Upstream commit 1a11201668e8635602577dcf06f2e96c591d8819 ] Verify that number of partition maps isn't insanely high which can lead to large allocation in udf_sb_alloc_partition_maps(). All partition maps have to fit in the LVD which is in a single block. Reported-by: syzbot+478f2c1a6f0f447a46bb@syzkaller.appspotmail.com Signed-off-by: Jan Kara Signed-off-by: Sasha Levin

udf: refactor udf_next_aext() to handle error

2024-10-02T12:10:50+00:00

Since udf_current_aext() has error handling, udf_next_aext() should have error handling too. Besides, when too many indirect extents found in one inode, return -EFSCORRUPTED; when reading block failed, return -EIO. Signed-off-by: Zhao Mengmeng Suggested-by: Jan Kara Signed-off-by: Jan Kara Link: https://patch.msgid.link/20241001115425.266556-3-zhaomzhao@126.com

udf: Avoid excessive partition lengths

2024-06-26T10:54:11+00:00

Avoid mounting filesystems where the partition would overflow the 32-bits used for block number. Also refuse to mount filesystems where the partition length is so large we cannot safely index bits in a block bitmap. Link: https://patch.msgid.link/20240620130403.14731-1-jack@suse.cz Signed-off-by: Jan Kara

udf: Avoid using corrupted block bitmap buffer

2024-06-26T10:54:08+00:00

When the filesystem block bitmap is corrupted, we detect the corruption while loading the bitmap and fail the allocation with error. However the next allocation from the same bitmap will notice the bitmap buffer is already loaded and tries to allocate from the bitmap with mixed results (depending on the exact nature of the bitmap corruption). Fix the problem by using BH_verified bit to indicate whether the bitmap is valid or not. Reported-by: syzbot+5f682cd029581f9edfd1@syzkaller.appspotmail.com CC: stable@vger.kernel.org Link: https://patch.msgid.link/20240617154201.29512-2-jack@suse.cz Fixes: 1e0d4adf17e7 ("udf: Check consistency of Space Bitmap Descriptor") Signed-off-by: Jan Kara

udf: replace deprecated strncpy/strcpy with strscpy

2024-04-02T13:23:47+00:00

strncpy() is deprecated for use on NUL-terminated destination strings [1] and as such we should prefer more robust and less ambiguous string interfaces. Also replace an instance of strcpy() which is also deprecated. s_volume_ident is a NUL-terminated string which is evident from its usage in udf_debug: | udf_debug("volIdent[] = '%s'\n", UDF_SB(sb)->s_volume_ident); s_volume_ident should also be NUL-padded as it is copied out to userspace: | if (copy_to_user((char __user *)arg, | UDF_SB(inode->i_sb)->s_volume_ident, 32)) | return -EFAULT; Considering the above, a suitable replacement is `strscpy_pad` [2] due to the fact that it guarantees both NUL-termination and NUL-padding on the destination buffer. To simplify the code, let's use the new 2-argument version of strscpy_pad() introduced in Commit e6584c3964f2f ("string: Allow 2-argument strscpy()"). Also zero-allocate @outstr so we can safely use a non-@ret length argument. This is just in case udf_dstrCS0toChar() doesn't include the NUL-byte in its return length, we won't truncate @outstr or write garbage bytes either. Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2] Link: https://github.com/KSPP/linux/issues/90 Cc: linux-hardening@vger.kernel.org Signed-off-by: Justin Stitt Signed-off-by: Jan Kara Message-Id: <20240401-strncpy-fs-udf-super-c-v1-1-80cddab7a281@google.com>

udf: Remove second semicolon

2024-03-25T19:12:10+00:00

There is a statement with two semicolons. Remove the second one, it is redundant. Signed-off-by: Colin Ian King Signed-off-by: Jan Kara Message-Id: <20240315091949.2430585-1-colin.i.king@gmail.com>

udf: remove SLAB_MEM_SPREAD flag usage

2024-03-05T14:16:15+00:00

The SLAB_MEM_SPREAD flag is already a no-op after removal of SLAB allocator and in [1] it was fully deprecated. Remove its usage so we can delete it from slab. No functional change. Signed-off-by: Chengming Zhou Signed-off-by: Jan Kara Link: https://lore.kernel.org/all/20240223-slab-cleanup-flags-v2-1-02f1753e8303@suse.cz/ Message-Id: <20240224135229.830356-1-chengming.zhou@linux.dev>

udf: convert to new mount API

2024-02-21T12:55:30+00:00

Convert the UDF filesystem to the new mount API. UDF is slightly unique in that it always preserves prior mount options across a remount, so that's handled by udf_init_options(). Signed-off-by: Eric Sandeen Signed-off-by: Jan Kara Message-Id:

udf: convert novrs to an option flag

2024-02-21T12:55:30+00:00

There's no reason to treat novers specially, convert it to a flag in uopt->flags like other flag options. Signed-off-by: Eric Sandeen Signed-off-by: Jan Kara Message-Id:

udf: Avoid invalid LVID used on mount

2024-02-05T15:51:59+00:00

udf_load_logicalvolint() loads logical volume integrity descriptors. Since there can be multiple blocks with LVIDs, we verify the contents of only the last (prevailing) LVID found. However if we fail to load the last LVID (either due to IO error or because it's checksum fails to match), we never perform the verification of validity of the LVID we are going to use. If such LVID contains invalid data, we can hit out-of-bounds access or similar issues. Fix the problem by verifying each LVID we are potentially going to accept. Reported-by: Robert Morris Signed-off-by: Jan Kara