mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/fs/ext4
History
Theodore Ts'o a18670395e ext4: fix invalid free tracking in ext4_xattr_move_to_block() 
commit b87c7cdf2b upstream.

In ext4_xattr_move_to_block(), the value of the extended attribute
which we need to move to an external block may be allocated by
kvmalloc() if the value is stored in an external inode.  So at the end
of the function the code tried to check if this was the case by
testing entry->e_value_inum.

However, at this point, the pointer to the xattr entry is no longer
valid, because it was removed from the original location where it had
been stored.  So we could end up calling kvfree() on a pointer which
was not allocated by kvmalloc(); or we could also potentially leak
memory by not freeing the buffer when it should be freed.  Fix this by
storing whether it should be freed in a separate variable.

Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20230430160426.581366-1-tytso@mit.edu
Link: https://syzkaller.appspot.com/bug?id=5c2aee8256e30b55ccf57312c16d88417adbd5e1
Link: https://syzkaller.appspot.com/bug?id=41a6b5d4917c0412eb3b3c3c604965bed7d7420b
Reported-by: syzbot+64b645917ce07d89bde5@syzkaller.appspotmail.com
Reported-by: syzbot+0d042627c4f2ad332195@syzkaller.appspotmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2023-05-17 13:59:12 +02:00
..
.kunitconfig ext4: add .kunitconfig fragment to enable ext4-specific tests 2021-02-11 23:16:30 -05:00
Kconfig ext: EXT4_KUNIT_TESTS should depend on EXT4_FS instead of selecting it 2021-02-11 23:12:59 -05:00
Makefile ext4: move ext4 crypto code to its own file crypto.c 2022-05-21 22:24:24 -04:00
acl.c fs: pass dentry to set acl method 2022-10-19 12:55:42 +02:00
acl.h fs: pass dentry to set acl method 2022-10-19 12:55:42 +02:00
balloc.c ext4: fix WARNING in mb_find_extent 2023-05-17 13:59:10 +02:00
bitmap.c
block_validity.c ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() 2022-02-25 21:34:56 -05:00
crypto.c ext4: refactor and move ext4_ioctl_get_encryption_pwsalt() 2022-05-21 22:24:24 -04:00
dir.c ext4: fix spelling errors in comments 2022-05-11 15:19:06 -04:00
ext4.h ext4: avoid deadlock in fs reclaim with page writeback 2023-05-17 13:59:10 +02:00
ext4_extents.h ext4: fix sparse warnings 2021-08-30 23:36:50 -04:00
ext4_jbd2.c ext4: split ext4_journal_start trace for debug 2022-12-01 10:46:54 -05:00
ext4_jbd2.h ext4: split ext4_journal_start trace for debug 2022-12-01 10:46:54 -05:00
extents.c ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline 2023-05-11 23:11:30 +09:00
extents_status.c ext4: fix data races when using cached status extents 2023-05-17 13:59:10 +02:00
extents_status.h
fast_commit.c ext4: use ext4_fc_tl_mem in fast-commit replay path 2023-03-11 13:50:27 +01:00
fast_commit.h ext4: add missing validation of fast-commit record lengths 2022-12-08 21:49:24 -05:00
file.c fs: rename current get acl method 2022-10-20 10:13:27 +02:00
fsmap.c ext4: fix another off-by-one fsmap error on 1k block filesystems 2023-03-17 08:57:48 +01:00
fsmap.h ext4: fsmap: fix the block/inode bitmap comment 2021-06-24 09:48:29 -04:00
fsync.c block: use an on-stack bio in blkdev_issue_flush 2021-01-27 09:51:48 -07:00
hash.c ext4: improve error handling from ext4_dirhash() 2023-05-17 13:59:11 +02:00
ialloc.c A large number of cleanups and bug fixes, with many of the bug fixes 2022-12-12 19:56:37 -08:00
indirect.c ext4: fix error code return to user-space in ext4_get_branch() 2022-12-08 21:49:24 -05:00
inline.c ext4: bail out of ext4_xattr_ibody_get() fails for any reason 2023-05-17 13:59:11 +02:00
inode-test.c fs: ext4: Modify inode-test.c to use KUnit parameterized testing feature 2020-12-02 16:07:25 -07:00
inode.c ext4: check iomap type only if ext4_iomap_begin() does not fail 2023-05-17 13:59:11 +02:00
ioctl.c ext4: zero i_disksize when initializing the bootloader inode 2023-03-17 08:57:48 +01:00
mballoc.c ext4: remove a BUG_ON in ext4_mb_release_group_pa() 2023-05-17 13:59:12 +02:00
mballoc.h ext4: use buckets for cr 1 block scan instead of rbtree 2022-09-21 22:12:03 -04:00
migrate.c ext4: avoid deadlock in fs reclaim with page writeback 2023-05-17 13:59:10 +02:00
mmp.c ext4: fix lockdep warning when enabling MMP 2023-05-17 13:59:11 +02:00
move_extent.c ext4: convert move_extent_per_page() to use folios 2022-11-30 15:59:02 -08:00
namei.c ext4: improve error handling from ext4_dirhash() 2023-05-17 13:59:11 +02:00
orphan.c ext4: remove trailing newline from ext4_msg() message 2022-12-08 21:49:23 -05:00
page-io.c ext4: fix cgroup writeback accounting with fs-layer encryption 2023-03-17 08:57:47 +01:00
readpage.c fsverity updates for 6.2 2022-12-12 20:06:35 -08:00
resize.c ext4: fix corruption when online resizing a 1K bigalloc fs 2022-12-08 21:49:24 -05:00
super.c ext4: improve error recovery code paths in __ext4_remount() 2023-05-17 13:59:11 +02:00
symlink.c ext4: fix reading leftover inlined symlinks 2022-08-02 23:37:50 -04:00
sysfs.c ext4: Fix function prototype mismatch for ext4_feat_ktype 2023-02-25 11:13:29 +01:00
truncate.h ext4: Convert to use mapping->invalidate_lock 2021-07-13 14:29:00 +02:00
verity.c fs: ext4: initialize fsdata in pagecache_write() 2022-12-08 21:49:25 -05:00
xattr.c ext4: fix invalid free tracking in ext4_xattr_move_to_block() 2023-05-17 13:59:12 +02:00
xattr.h ext4: remove EA inode entry from mbcache on inode eviction 2022-08-02 23:56:25 -04:00
xattr_hurd.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_security.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_trusted.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_user.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00