mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/fs/btrfs
History
David Sterba ab2d68655d btrfs: dev-replace: properly validate device names 
commit 9845664b9e upstream.

There's a syzbot report that device name buffers passed to device
replace are not properly checked for string termination which could lead
to a read out of bounds in getname_kernel().

Add a helper that validates both source and target device name buffers.
For devid as the source initialize the buffer to empty string in case
something tries to read it later.

This was originally analyzed and fixed in a different way by Edward Adam
Davis (see links).

Link: https://lore.kernel.org/linux-btrfs/000000000000d1a1d1060cc9c5e7@google.com/
Link: https://lore.kernel.org/linux-btrfs/tencent_44CA0665C9836EF9EEC80CB9E7E206DF5206@qq.com/
CC: stable@vger.kernel.org # 4.19+
CC: Edward Adam Davis <eadavis@qq.com>
Reported-and-tested-by: syzbot+33f23b49ac24f986c9e8@syzkaller.appspotmail.com
Reviewed-by: Boris Burkov <boris@bur.io>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-03-06 14:38:48 +00:00
..
tests btrfs: remove pointless and double ulist frees in error paths of qgroup tests 2022-11-26 09:24:32 +01:00
Kconfig btrfs: disable build on platforms having page size 256K 2021-06-22 14:11:57 +02:00
Makefile btrfs: initial fsverity support 2021-08-23 13:19:09 +02:00
acl.c overlayfs update for 5.15 2021-09-02 09:21:27 -07:00
async-thread.c btrfs: fix memory ordering between normal and ordered work functions 2021-11-25 09:48:46 +01:00
async-thread.h
backref.c btrfs: fix resolving backrefs for inline extent followed by prealloc 2023-01-12 11:58:50 +01:00
backref.h btrfs: sink iterator parameter to btrfs_ioctl_logical_to_ino 2022-12-08 11:28:38 +01:00
block-group.c btrfs: move out now unused BG from the reclaim list 2023-08-26 14:23:30 +02:00
block-group.h btrfs: fix space cache corruption and potential double allocations 2022-09-05 10:30:12 +02:00
block-rsv.c btrfs: don't free qgroup space unless specified 2023-05-17 11:50:21 +02:00
block-rsv.h
btrfs_inode.h btrfs: put initial index value of a directory in a constant 2022-08-31 17:16:35 +02:00
check-integrity.c btrfs: rename btrfs_bio to btrfs_io_context 2022-07-21 21:24:32 +02:00
check-integrity.h
compression.c btrfs: remove unused parameter nr_pages in add_ra_bio_pages() 2022-04-20 09:34:04 +02:00
compression.h btrfs: rework btrfs_decompress_buf2page() 2021-08-23 13:19:04 +02:00
ctree.c btrfs: error out when reallocating block for defrag using a stale transaction 2023-10-25 11:59:01 +02:00
ctree.h btrfs: add definition for EXTENT_TREE_V2 2024-02-23 08:54:34 +01:00
delalloc-space.c btrfs: don't arbitrarily slow down delalloc if we're committing 2023-11-28 16:56:29 +00:00
delalloc-space.h
delayed-inode.c btrfs: fix infinite directory reads 2024-02-23 08:54:30 +01:00
delayed-inode.h btrfs: fix infinite directory reads 2024-02-23 08:54:30 +01:00
delayed-ref.c btrfs: fix lock inversion problem when doing qgroup extent tracing 2021-07-22 15:50:07 +02:00
delayed-ref.h btrfs: add additional parameters to btrfs_init_tree_ref/btrfs_init_data_ref 2022-07-12 16:34:50 +02:00
dev-replace.c btrfs: dev-replace: properly validate device names 2024-03-06 14:38:48 +00:00
dev-replace.h
dir-item.c btrfs: unify lookup return value when dir entry is missing 2021-10-07 22:06:32 +02:00
discard.c btrfs: hold block group refcount during async discard 2023-03-10 09:39:56 +01:00
discard.h
disk-io.c btrfs: add xxhash to fast checksum implementations 2024-03-01 13:21:55 +01:00
disk-io.h btrfs: make thaw time super block check to also verify checksum 2023-01-12 11:59:20 +01:00
export.c btrfs: fix type of parameter generation in btrfs_get_dentry 2022-11-10 18:15:38 +01:00
export.h btrfs: fix type of parameter generation in btrfs_get_dentry 2022-11-10 18:15:38 +01:00
extent-io-tree.h
extent-tree.c btrfs: don't warn if discard range is not aligned to sector 2024-02-23 08:54:31 +01:00
extent_io.c btrfs: reset destination buffer when read_extent_buffer() gets invalid range 2023-10-06 13:18:11 +02:00
extent_io.h btrfs: fix qgroup reserve overflow the qgroup limit 2022-04-13 20:59:23 +02:00
extent_map.c btrfs: rename btrfs_bio to btrfs_io_context 2022-07-21 21:24:32 +02:00
extent_map.h
file-item.c btrfs: handle memory allocation failure in btrfs_csum_one_bio 2023-06-21 15:59:13 +02:00
file.c btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range 2022-12-31 13:14:47 +01:00
free-space-cache.c btrfs: fix space cache inconsistency after error loading it from disk 2023-05-17 11:50:22 +02:00
free-space-cache.h
free-space-tree.c btrfs: fix invalid delayed ref after subvolume creation failure 2022-07-12 16:34:50 +02:00
free-space-tree.h
inode-item.c
inode.c btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted 2024-02-23 08:54:30 +01:00
ioctl.c btrfs: forbid creating subvol qgroups 2024-02-23 08:55:01 +01:00
locking.c btrfs: fix lockdep splat with reloc root extent buffers 2022-09-05 10:30:12 +02:00
locking.h btrfs: fix lockdep splat with reloc root extent buffers 2022-09-05 10:30:12 +02:00
lzo.c btrfs: prevent copying too big compressed lzo segment 2022-03-02 11:48:07 +01:00
misc.h btrfs: use correct header for div_u64 in misc.h 2021-09-07 14:29:50 +02:00
ordered-data.c btrfs: zoned: fix double counting of split ordered extent 2021-09-07 14:30:41 +02:00
ordered-data.h btrfs: remove uptodate parameter from btrfs_dec_test_first_ordered_pending 2021-08-23 13:19:02 +02:00
orphan.c
print-tree.c btrfs: print-tree: parent bytenr must be aligned to sector size 2023-05-17 11:50:22 +02:00
print-tree.h
props.c btrfs: props: change how empty value is interpreted 2021-06-22 14:11:58 +02:00
props.h
qgroup.c btrfs: forbid deleting live subvol qgroup 2024-02-23 08:55:01 +01:00
qgroup.h btrfs: fix lock inversion problem when doing qgroup extent tracing 2021-07-22 15:50:07 +02:00
raid56.c btrfs: raid56: properly handle the error when unable to find the missing stripe 2022-11-26 09:24:31 +01:00
raid56.h btrfs: rename btrfs_bio to btrfs_io_context 2022-07-21 21:24:32 +02:00
rcu-string.h btrfs: replace strncpy() with strscpy() 2023-01-12 11:59:05 +01:00
reada.c btrfs: rename btrfs_bio to btrfs_io_context 2022-07-21 21:24:32 +02:00
ref-verify.c btrfs: ref-verify: free ref cache before clearing mount opt 2024-02-23 08:54:30 +01:00
ref-verify.h
reflink.c btrfs: fix unexpected error path when reflinking an inline extent 2022-04-08 14:23:11 +02:00
reflink.h
relocation.c btrfs: exit gracefully if reloc roots don't match 2023-08-16 18:22:02 +02:00
root-tree.c btrfs: fix silent failure when deleting root reference 2022-08-31 17:16:46 +02:00
scrub.c btrfs: scrub: try harder to mark RAID56 block groups read-only 2023-06-21 15:59:13 +02:00
send.c btrfs: send: return EOPNOTSUPP on unknown flags 2024-02-23 08:55:01 +01:00
send.h
space-info.c btrfs: extend locking to all space_info members accesses 2022-04-08 14:23:02 +02:00
space-info.h btrfs: rip out btrfs_space_info::total_bytes_pinned 2021-06-22 14:55:25 +02:00
struct-funcs.c btrfs: add special case to setget helpers for 64k pages 2021-08-23 13:18:58 +02:00
subpage.c btrfs: subpage: fix a potential use-after-free in writeback helper 2021-08-23 13:19:05 +02:00
subpage.h btrfs: subpage: fix writeback which does not have ordered extent 2021-08-23 13:19:04 +02:00
super.c Revert "btrfs: add dmesg output for first mount and last unmount of a filesystem" 2023-12-13 18:36:50 +01:00
sysfs.c btrfs: add definition for EXTENT_TREE_V2 2024-02-23 08:54:34 +01:00
sysfs.h
transaction.c btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART 2023-09-19 12:23:01 +02:00
transaction.h btrfs: do not start relocation until in progress drops are done 2022-03-08 19:12:54 +01:00
tree-checker.c btrfs: tree-checker: fix inline ref size in error messages 2024-02-23 08:54:31 +01:00
tree-checker.h
tree-defrag.c btrfs: fix an error handling path in btrfs_defrag_leaves() 2023-01-12 11:59:08 +01:00
tree-log.c btrfs: initialize start_slot in btrfs_log_prealloc_extents 2023-10-25 11:58:59 +02:00
tree-log.h btrfs: pass the dentry to btrfs_log_new_name() instead of the inode 2022-08-31 17:16:36 +02:00
tree-mod-log.c btrfs: fix race when picking most recent mod log operation for an old root 2021-04-20 19:27:17 +02:00
tree-mod-log.h btrfs: add and use helper to get lowest sequence number for the tree mod log 2021-04-19 17:25:17 +02:00
ulist.c
ulist.h
uuid-tree.c
verity.c btrfs: fix transaction handle leak after verity rollback failure 2021-09-17 19:29:41 +02:00
volumes.c btrfs: make error messages more clear when getting a chunk map 2023-12-08 08:48:02 +01:00
volumes.h btrfs: add a helper to read the superblock metadata_uuid 2023-09-23 11:10:00 +02:00
xattr.c btrfs: check if root is readonly while setting security xattr 2022-08-31 17:16:46 +02:00
xattr.h
zlib.c btrfs: zlib: zero-initialize zlib workspace 2023-02-14 19:17:56 +01:00
zoned.c btrfs: zero the buffer before marking it dirty in btrfs_redirty_list_add 2023-05-17 11:50:22 +02:00
zoned.h btrfs: zoned: revive max_zone_append_bytes 2022-08-31 17:16:34 +02:00
zstd.c Revert "btrfs: compression: drop kmap/kunmap from zstd" 2021-10-29 13:02:50 +02:00