mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 10:01:00 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/xfs
History
Darrick J. Wong b92be74cb2 xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* 
[ Upstream commit 29d650f7e3 ]

Syzbot tripped over the following complaint from the kernel:

WARNING: CPU: 2 PID: 15402 at mm/util.c:597 kvmalloc_node+0x11e/0x125 mm/util.c:597

While trying to run XFS_IOC_GETBMAP against the following structure:

struct getbmap fubar = {
	.bmv_count	= 0x22dae649,
};

Obviously, this is a crazy huge value since the next thing that the
ioctl would do is allocate 37GB of memory.  This is enough to make
kvmalloc mad, but isn't large enough to trip the validation functions.
In other words, I'm fussing with checks that were **already sufficient**
because that's easier than dealing with 644 internal bug reports.  Yes,
that's right, six hundred and forty-four.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Allison Henderson <allison.henderson@oracle.com>
Reviewed-by: Catherine Hoang <catherine.hoang@oracle.com>
Signed-off-by: Leah Rumancik <leah.rumancik@gmail.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-08-25 11:40:48 +02:00
..
libxfs xfs: fix perag reference leak on iteration race with growfs 2022-07-29 17:25:09 +02:00
scrub xfs: fix perag structure refcounting error when scrub fails 2021-08-20 13:20:33 -07:00
Kconfig
kmem.c xfs: replace kmem_alloc_large() with kvmalloc() 2021-08-09 15:57:43 -07:00
kmem.h xfs: replace kmem_alloc_large() with kvmalloc() 2021-08-09 15:57:43 -07:00
Makefile
mrlock.h
xfs.h
xfs_acl.c overlayfs update for 5.15 2021-09-02 09:21:27 -07:00
xfs_acl.h vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
xfs_aops.c xfs: punch out data fork delalloc blocks on COW writeback failure 2022-07-02 16:41:13 +02:00
xfs_aops.h
xfs_attr_inactive.c xfs: convert bp->b_bn references to xfs_buf_daddr() 2021-08-19 10:07:15 -07:00
xfs_attr_list.c xfs: replace XFS_FORCED_SHUTDOWN with xfs_is_shutdown 2021-08-19 10:07:13 -07:00
xfs_bio_io.c xfs: drop async cache flushes from CIL commits. 2022-07-21 21:24:15 +02:00
xfs_bmap_item.c xfs: refactor xfs_iget calls from log intent recovery 2021-08-09 15:57:59 -07:00
xfs_bmap_item.h
xfs_bmap_util.c New code for 5.15: 2021-09-02 08:26:03 -07:00
xfs_bmap_util.h
xfs_buf.c New code for 5.15: 2021-09-02 08:26:03 -07:00
xfs_buf.h xfs: rename buffer cache index variable b_bn 2021-08-19 10:07:15 -07:00
xfs_buf_item.c xfs: convert bp->b_bn references to xfs_buf_daddr() 2021-08-19 10:07:15 -07:00
xfs_buf_item.h
xfs_buf_item_recover.c xfs: check sb_meta_uuid for dabuf buffer recovery 2022-07-02 16:41:13 +02:00
xfs_dir2_readdir.c xfs: replace XFS_FORCED_SHUTDOWN with xfs_is_shutdown 2021-08-19 10:07:13 -07:00
xfs_discard.c xfs: convert mount flags to features 2021-08-19 10:07:12 -07:00
xfs_discard.h
xfs_dquot.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_dquot.h xfs: queue inactivation immediately when quota is nearing enforcement 2021-08-09 10:52:18 -07:00
xfs_dquot_item.c xfs: remove support for disabling quota accounting on a mounted file system 2021-08-06 11:05:36 -07:00
xfs_dquot_item.h xfs: remove support for disabling quota accounting on a mounted file system 2021-08-06 11:05:36 -07:00
xfs_dquot_item_recover.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_error.c xfs: convert bp->b_bn references to xfs_buf_daddr() 2021-08-19 10:07:15 -07:00
xfs_error.h xfs: add trace point for fs shutdown 2021-08-18 18:46:00 -07:00
xfs_export.c xfs: convert remaining mount flags to state flags 2021-08-19 10:07:13 -07:00
xfs_export.h
xfs_extent_busy.c
xfs_extent_busy.h
xfs_extfree_item.c xfs: use kmem_cache_free() for kmem_cache objects 2022-07-02 16:41:12 +02:00
xfs_extfree_item.h
xfs_file.c iomap: Add done_before argument to iomap_dio_rw 2022-05-01 17:22:32 +02:00
xfs_filestream.c xfs: fix soft lockup via spinning in filestream ag selection loop 2022-08-25 11:40:48 +02:00
xfs_filestream.h xfs: convert mount flags to features 2021-08-19 10:07:12 -07:00
xfs_fsmap.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_fsmap.h
xfs_fsops.c xfs: fix overfilling of reserve pool 2022-08-25 11:40:48 +02:00
xfs_fsops.h
xfs_globals.c
xfs_health.c xfs: replace XFS_FORCED_SHUTDOWN with xfs_is_shutdown 2021-08-19 10:07:13 -07:00
xfs_icache.c xfs: flush inodegc workqueue tasks before cancel 2022-08-25 11:40:46 +02:00
xfs_icache.h xfs: throttle inode inactivation queuing on memory reclaim 2021-08-09 11:13:17 -07:00
xfs_icreate_item.c xfs: cleanup __FUNCTION__ usage 2021-08-11 09:13:12 -07:00
xfs_icreate_item.h
xfs_inode.c xfs: reserve quota for target dir expansion when renaming files 2022-08-25 11:40:47 +02:00
xfs_inode.h New code for 5.15: 2021-09-02 08:26:03 -07:00
xfs_inode_item.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_inode_item.h
xfs_inode_item_recover.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_ioctl.c xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* 2022-08-25 11:40:48 +02:00
xfs_ioctl.h xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() 2022-07-29 17:25:09 +02:00
xfs_ioctl32.c xfs: convert xfs_fs_geometry to use mount feature checks 2021-08-19 10:07:13 -07:00
xfs_ioctl32.h
xfs_iomap.c xfs: only set IOMAP_F_SHARED when providing a srcmap to a write 2021-08-23 17:32:51 -07:00
xfs_iomap.h
xfs_iops.c xfs: fix I_DONTCACHE 2021-08-24 19:13:04 -07:00
xfs_iops.h
xfs_itable.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_itable.h
xfs_iwalk.c xfs: avoid buffer deadlocks when walking fs inodes 2021-08-09 11:13:16 -07:00
xfs_iwalk.h
xfs_linux.h xfs: drop async cache flushes from CIL commits. 2022-07-21 21:24:15 +02:00
xfs_log.c xfs: drop async cache flushes from CIL commits. 2022-07-21 21:24:15 +02:00
xfs_log.h xfs: AIL needs asynchronous CIL forcing 2021-08-16 12:09:30 -07:00
xfs_log_cil.c xfs: drop async cache flushes from CIL commits. 2022-07-21 21:24:15 +02:00
xfs_log_priv.h xfs: drop async cache flushes from CIL commits. 2022-07-21 21:24:15 +02:00
xfs_log_recover.c xfs: only run COW extent recovery when there are no live extents 2022-07-21 21:24:14 +02:00
xfs_message.c
xfs_message.h
xfs_mount.c xfs: don't include bnobt blocks when reserving free block pool 2022-07-21 21:24:15 +02:00
xfs_mount.h xfs: don't include bnobt blocks when reserving free block pool 2022-07-21 21:24:15 +02:00
xfs_mru_cache.c
xfs_mru_cache.h
xfs_ondisk.h
xfs_pnfs.c xfs: replace XFS_FORCED_SHUTDOWN with xfs_is_shutdown 2021-08-19 10:07:13 -07:00
xfs_pnfs.h
xfs_pwork.c
xfs_pwork.h
xfs_qm.c xfs: replace XFS_FORCED_SHUTDOWN with xfs_is_shutdown 2021-08-19 10:07:13 -07:00
xfs_qm.h xfs: remove support for disabling quota accounting on a mounted file system 2021-08-06 11:05:36 -07:00
xfs_qm_bhv.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_qm_syscalls.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_quota.h xfs: queue inactivation immediately when quota is nearing enforcement 2021-08-09 10:52:18 -07:00
xfs_quotaops.c xfs: remove the active vs running quota differentiation 2021-08-06 11:05:37 -07:00
xfs_refcount_item.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_refcount_item.h
xfs_reflink.c xfs: only run COW extent recovery when there are no live extents 2022-07-21 21:24:14 +02:00
xfs_reflink.h xfs: convert xfs_sb_version_has checks to use mount features 2021-08-19 10:07:14 -07:00
xfs_rmap_item.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_rmap_item.h
xfs_rtalloc.c xfs: replace xfs_sb_version checks with feature flag checks 2021-08-19 10:07:12 -07:00
xfs_rtalloc.h xfs: make the record pointer passed to query_range functions const 2021-08-18 18:46:01 -07:00
xfs_stats.c
xfs_stats.h
xfs_super.c xfs: only run COW extent recovery when there are no live extents 2022-07-21 21:24:14 +02:00
xfs_super.h
xfs_symlink.c fs: port higher-level mapping helpers 2022-07-02 16:41:16 +02:00
xfs_symlink.h
xfs_sysctl.c
xfs_sysctl.h
xfs_sysfs.c xfs: AIL needs asynchronous CIL forcing 2021-08-16 12:09:30 -07:00
xfs_sysfs.h
xfs_trace.c xfs: add trace point for fs shutdown 2021-08-18 18:46:00 -07:00
xfs_trace.h xfs: convert bp->b_bn references to xfs_buf_daddr() 2021-08-19 10:07:15 -07:00
xfs_trans.c xfs: reserve quota for dir expansion when linking/unlinking files 2022-08-25 11:40:47 +02:00
xfs_trans.h xfs: reserve quota for dir expansion when linking/unlinking files 2022-08-25 11:40:47 +02:00
xfs_trans_ail.c xfs: replace XFS_FORCED_SHUTDOWN with xfs_is_shutdown 2021-08-19 10:07:13 -07:00
xfs_trans_buf.c xfs: introduce xfs_buf_daddr() 2021-08-19 10:07:14 -07:00
xfs_trans_dquot.c xfs: revert "xfs: actually bump warning counts when we send warnings" 2022-08-25 11:40:48 +02:00
xfs_trans_priv.h
xfs_xattr.c