#
9253c54e |
|
08-Apr-2024 |
Phillip Lougher <phillip@squashfs.org.uk> |
Squashfs: check the inode number is not the invalid value of zero Syskiller has produced an out of bounds access in fill_meta_index(). That out of bounds access is ultimately caused because the inode has an inode number with the invalid value of zero, which was not checked. The reason this causes the out of bounds access is due to following sequence of events: 1. Fill_meta_index() is called to allocate (via empty_meta_index()) and fill a metadata index. It however suffers a data read error and aborts, invalidating the newly returned empty metadata index. It does this by setting the inode number of the index to zero, which means unused (zero is not a valid inode number). 2. When fill_meta_index() is subsequently called again on another read operation, locate_meta_index() returns the previous index because it matches the inode number of 0. Because this index has been returned it is expected to have been filled, and because it hasn't been, an out of bounds access is performed. This patch adds a sanity check which checks that the inode number is not zero when the inode is created and returns -EINVAL if it is. [phillip@squashfs.org.uk: whitespace fix] Link: https://lkml.kernel.org/r/20240409204723.446925-1-phillip@squashfs.org.uk Link: https://lkml.kernel.org/r/20240408220206.435788-1-phillip@squashfs.org.uk Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> Reported-by: "Ubisectech Sirius" <bugreport@ubisectech.com> Closes: https://lore.kernel.org/lkml/87f5c007-b8a5-41ae-8b57-431e924c5915.bugreport@ubisectech.com/ Cc: Christian Brauner <brauner@kernel.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
|
#
a1f13ed8 |
|
04-Oct-2023 |
Jeff Layton <jlayton@kernel.org> |
squashfs: convert to new timestamp accessors Convert to using the new inode timestamp accessor functions. Signed-off-by: Jeff Layton <jlayton@kernel.org> Link: https://lore.kernel.org/r/20231004185347.80880-68-jlayton@kernel.org Signed-off-by: Christian Brauner <brauner@kernel.org>
|
#
280345d0 |
|
05-Jul-2023 |
Jeff Layton <jlayton@kernel.org> |
squashfs: convert to ctime accessor functions In later patches, we're going to change how the inode's ctime field is used. Switch to using accessor functions instead of raw accesses of inode->i_ctime. Signed-off-by: Jeff Layton <jlayton@kernel.org> Reviewed-by: Jan Kara <jack@suse.cz> Message-Id: <20230705190309.579783-73-jlayton@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org>
|
#
68252eb5 |
|
20-May-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 35 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details you should have received a copy of the gnu general public license along with this program if not write to the free software foundation 51 franklin street fifth floor boston ma 02110 1301 usa extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 23 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190520170857.458548087@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
fd50ecad |
|
29-Sep-2016 |
Andreas Gruenbacher <agruenba@redhat.com> |
vfs: Remove {get,set,remove}xattr inode operations These inode operations are no longer used; remove them. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
21fc61c7 |
|
16-Nov-2015 |
Al Viro <viro@zeniv.linux.org.uk> |
don't put symlink bodies in pagecache into highmem kmap() in page_follow_link_light() needed to go - allowing to hold an arbitrary number of kmaps for long is a great way to deadlocking the system. new helper (inode_nohighmem(inode)) needs to be used for pagecache symlinks inodes; done for all in-tree cases. page_follow_link_light() instrumented to yell about anything missed. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
61293ee2 |
|
10-Feb-2012 |
Eric W. Biederman <ebiederm@xmission.com> |
userns: Convert squashfs to use kuid/kgid where appropriate Cc: Phillip Lougher <phillip@squashfs.org.uk> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
|
#
3d4a1c80 |
|
02-Jan-2012 |
Phillip Lougher <phillip@squashfs.org.uk> |
Squashfs: fix i_blocks calculation with extended regular files The le64_to_cpu() forces the calculation to be unsigned, with the effect that it can underflow leading to an incorrect large value. This bug only triggers in rare(ish) circumstances, an empty file encoded as an extended regular file or a completely sparse file. Normally empty files are encoded as a regular file rather than as an extended regular file (and the regular file i_blocks calculation doesn't have this bug). To save space regular file inodes are optimised to encode the most commonly occurring files. Less common regular files are encoded using extended regular file inodes which contain extra information. Empty files with nlinks greater than 1, and or empty files with extended attributes are encoded using extended regular file inodes and they will hit this bug. Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
|
#
bfe86848 |
|
28-Oct-2011 |
Miklos Szeredi <mszeredi@suse.cz> |
filesystems: add set_nlink() Replace remaining direct i_nlink updates with a new set_nlink() updater function. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Tested-by: Toshiyuki Okajima <toshi.okajima@jp.fujitsu.com> Signed-off-by: Christoph Hellwig <hch@lst.de>
|
#
d7f2ff67 |
|
26-May-2011 |
Phillip Lougher <phillip@lougher.demon.co.uk> |
Squashfs: update email address My existing email address may stop working in a month or two, so update email to one that will continue working. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
|
#
01e5b4e4 |
|
17-May-2010 |
Phillip Lougher <phillip@lougher.demon.co.uk> |
squashfs: add xattr support configure option Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
|
#
67f66cc6 |
|
16-May-2010 |
Phillip Lougher <phillip@lougher.demon.co.uk> |
squashfs: add new extended inode types Add new extended inode types that store the xattr_id field. Also add the necessary code changes to make xattrs visibile. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
|
#
f1a40359 |
|
23-Sep-2009 |
Phillip Lougher <phillip@lougher.demon.co.uk> |
Squashfs: factor out remaining zlib dependencies into separate wrapper file Move zlib buffer init/destroy code into separate wrapper file. Also make zlib z_stream field a void * removing the need to include zlib.h for most files. Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
|
#
f4f8056a |
|
04-Mar-2009 |
Roel Kluin <roel.kluin@gmail.com> |
Squashfs: frag_size should be signed, as it can hold an error result Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
|
#
6545b246 |
|
05-Jan-2009 |
Phillip Lougher <phillip@lougher.demon.co.uk> |
Squashfs: inode operations Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
|