mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-30 22:26:55 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/ext4
History
Theodore Ts'o c5fa4eeddd ext4: fix invalid free tracking in ext4_xattr_move_to_block() 
commit b87c7cdf2b upstream.

In ext4_xattr_move_to_block(), the value of the extended attribute
which we need to move to an external block may be allocated by
kvmalloc() if the value is stored in an external inode.  So at the end
of the function the code tried to check if this was the case by
testing entry->e_value_inum.

However, at this point, the pointer to the xattr entry is no longer
valid, because it was removed from the original location where it had
been stored.  So we could end up calling kvfree() on a pointer which
was not allocated by kvmalloc(); or we could also potentially leak
memory by not freeing the buffer when it should be freed.  Fix this by
storing whether it should be freed in a separate variable.

Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20230430160426.581366-1-tytso@mit.edu
Link: https://syzkaller.appspot.com/bug?id=5c2aee8256e30b55ccf57312c16d88417adbd5e1
Link: https://syzkaller.appspot.com/bug?id=41a6b5d4917c0412eb3b3c3c604965bed7d7420b
Reported-by: syzbot+64b645917ce07d89bde5@syzkaller.appspotmail.com
Reported-by: syzbot+0d042627c4f2ad332195@syzkaller.appspotmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-05-17 11:53:59 +02:00
..
.kunitconfig ext4: add .kunitconfig fragment to enable ext4-specific tests 2021-02-11 23:16:30 -05:00
acl.c fs/ext4: fix comments mentioning i_mutex 2022-02-03 10:57:53 -05:00
acl.h vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
balloc.c ext4: fix WARNING in mb_find_extent 2023-05-17 11:53:57 +02:00
bitmap.c
block_validity.c ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() 2022-02-25 21:34:56 -05:00
crypto.c ext4: refactor and move ext4_ioctl_get_encryption_pwsalt() 2022-05-21 22:24:24 -04:00
dir.c ext4: fix spelling errors in comments 2022-05-11 15:19:06 -04:00
ext4.h ext4: fix incorrect options show of original mount_opt and extend mount_opt2 2023-03-11 13:55:27 +01:00
ext4_extents.h ext4: fix sparse warnings 2021-08-30 23:36:50 -04:00
ext4_jbd2.c ext4: use ext4_debug() instead of jbd_debug() 2022-08-02 23:52:19 -04:00
ext4_jbd2.h fs/ext4: fix comments mentioning i_mutex 2022-02-03 10:57:53 -05:00
extents.c ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline 2023-05-11 23:03:36 +09:00
extents_status.c ext4: fix data races when using cached status extents 2023-05-17 11:53:57 +02:00
extents_status.h
fast_commit.c ext4: use ext4_fc_tl_mem in fast-commit replay path 2023-03-11 13:55:22 +01:00
fast_commit.h ext4: add missing validation of fast-commit record lengths 2023-01-07 11:12:00 +01:00
file.c The first two changes that involve files outside of fs/ext4: 2022-10-06 17:45:53 -07:00
fsmap.c ext4: fix another off-by-one fsmap error on 1k block filesystems 2023-03-17 08:50:16 +01:00
fsmap.h ext4: fsmap: fix the block/inode bitmap comment 2021-06-24 09:48:29 -04:00
fsync.c
hash.c ext4: improve error handling from ext4_dirhash() 2023-05-17 11:53:58 +02:00
ialloc.c treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
indirect.c ext4: fix error code return to user-space in ext4_get_branch() 2023-01-07 11:12:01 +01:00
inline.c ext4: bail out of ext4_xattr_ibody_get() fails for any reason 2023-05-17 11:53:58 +02:00
inode-test.c
inode.c ext4: check iomap type only if ext4_iomap_begin() does not fail 2023-05-17 11:53:57 +02:00
ioctl.c ext4: zero i_disksize when initializing the bootloader inode 2023-03-17 08:50:16 +01:00
Kconfig
Makefile ext4: move ext4 crypto code to its own file crypto.c 2022-05-21 22:24:24 -04:00
mballoc.c ext4: remove a BUG_ON in ext4_mb_release_group_pa() 2023-05-17 11:53:58 +02:00
mballoc.h ext4: use buckets for cr 1 block scan instead of rbtree 2022-09-21 22:12:03 -04:00
migrate.c ext4: fix warning in 'ext4_da_release_space' 2022-11-06 01:07:59 -04:00
mmp.c ext4: fix lockdep warning when enabling MMP 2023-05-17 11:53:58 +02:00
move_extent.c ext4: factor out ext4_free_ext_path() 2022-09-30 23:46:54 -04:00
namei.c ext4: improve error handling from ext4_dirhash() 2023-05-17 11:53:58 +02:00
orphan.c ext4: remove trailing newline from ext4_msg() message 2023-01-07 11:11:58 +01:00
page-io.c ext4: fix cgroup writeback accounting with fs-layer encryption 2023-03-17 08:50:16 +01:00
readpage.c fscrypt: stop using PG_error to track error status 2022-09-06 15:15:56 -07:00
resize.c ext4: fix corrupt backup group descriptors after online resize 2023-01-07 11:12:01 +01:00
super.c ext4: improve error recovery code paths in __ext4_remount() 2023-05-17 11:53:58 +02:00
symlink.c ext4: fix reading leftover inlined symlinks 2022-08-02 23:37:50 -04:00
sysfs.c ext4: Fix function prototype mismatch for ext4_feat_ktype 2023-02-25 11:25:43 +01:00
truncate.h ext4: Convert to use mapping->invalidate_lock 2021-07-13 14:29:00 +02:00
verity.c fs: ext4: initialize fsdata in pagecache_write() 2023-01-07 11:11:58 +01:00
xattr.c ext4: fix invalid free tracking in ext4_xattr_move_to_block() 2023-05-17 11:53:59 +02:00
xattr.h ext4: remove EA inode entry from mbcache on inode eviction 2022-08-02 23:56:25 -04:00
xattr_hurd.c
xattr_security.c
xattr_trusted.c
xattr_user.c