mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/fs/btrfs
History
David Sterba c6652e20d7 btrfs: dev-replace: properly validate device names 
commit 9845664b9e upstream.

There's a syzbot report that device name buffers passed to device
replace are not properly checked for string termination which could lead
to a read out of bounds in getname_kernel().

Add a helper that validates both source and target device name buffers.
For devid as the source initialize the buffer to empty string in case
something tries to read it later.

This was originally analyzed and fixed in a different way by Edward Adam
Davis (see links).

Link: https://lore.kernel.org/linux-btrfs/000000000000d1a1d1060cc9c5e7@google.com/
Link: https://lore.kernel.org/linux-btrfs/tencent_44CA0665C9836EF9EEC80CB9E7E206DF5206@qq.com/
CC: stable@vger.kernel.org # 4.19+
CC: Edward Adam Davis <eadavis@qq.com>
Reported-and-tested-by: syzbot+33f23b49ac24f986c9e8@syzkaller.appspotmail.com
Reviewed-by: Boris Burkov <boris@bur.io>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-03-06 14:36:09 +00:00
..
tests btrfs: remove pointless and double ulist frees in error paths of qgroup tests 2022-11-25 17:42:13 +01:00
Kconfig btrfs: disable build on platforms having page size 256K 2021-07-14 16:53:14 +02:00
Makefile btrfs: migrate the block group lookup code 2019-09-09 14:59:04 +02:00
acl.c
async-thread.c btrfs: fix memory ordering between normal and ordered work functions 2021-11-26 10:47:21 +01:00
async-thread.h Btrfs: fix crash during unmount due to race with delayed inode workers 2020-04-17 10:50:15 +02:00
backref.c btrfs: fix resolving backrefs for inline extent followed by prealloc 2023-01-18 11:41:46 +01:00
backref.h
block-group.c btrfs: reset block group chunk force if we have to wait 2022-08-25 11:18:11 +02:00
block-group.h btrfs: scrub: Don't check free space before marking a block group RO 2021-03-20 10:39:46 +01:00
block-rsv.c btrfs: don't free qgroup space unless specified 2023-05-17 11:36:00 +02:00
block-rsv.h btrfs: migrate the global_block_rsv helpers to block-rsv.c 2019-07-02 12:30:55 +02:00
btrfs_inode.h btrfs: fix race between marking inode needs to be logged and log syncing 2021-09-03 10:08:15 +02:00
check-integrity.c btrfs: fix possible NULL-pointer dereference in integrity checks 2020-02-24 08:36:53 +01:00
check-integrity.h
compression.c btrfs: mark compressed range uptodate only if all bio succeed 2021-08-04 12:27:37 +02:00
compression.h btrfs: compression: replace set_level callbacks by a common helper 2019-09-09 14:59:11 +02:00
ctree.c btrfs: fix extent buffer leak after tree mod log failure at split_node() 2023-08-11 11:53:44 +02:00
ctree.h btrfs: move btrfs_pinned_by_swapfile prototype into volumes.h 2023-09-23 11:00:05 +02:00
delalloc-space.c btrfs: don't arbitrarily slow down delalloc if we're committing 2023-11-28 16:50:19 +00:00
delalloc-space.h btrfs: migrate the delalloc space stuff to it's own home 2019-07-04 17:26:17 +02:00
delayed-inode.c btrfs: fix lockdep splat and potential deadlock after failure running delayed items 2023-09-23 11:00:06 +02:00
delayed-inode.h
delayed-ref.c Btrfs: fix race between adding and putting tree mod seq elements and nodes 2020-02-11 04:35:34 -08:00
delayed-ref.h btrfs: migrate the delayed refs rsv code 2019-07-04 17:26:17 +02:00
dev-replace.c btrfs: dev-replace: properly validate device names 2024-03-06 14:36:09 +00:00
dev-replace.h
dir-item.c btrfs: unify lookup return value when dir entry is missing 2022-09-05 10:27:46 +02:00
disk-io.c Revert "btrfs: add dmesg output for first mount and last unmount of a filesystem" 2023-12-13 18:18:17 +01:00
disk-io.h btrfs: Make reada_tree_block_flagged private 2019-09-09 14:59:11 +02:00
export.c btrfs: fix type of parameter generation in btrfs_get_dentry 2022-11-10 17:57:55 +01:00
export.h btrfs: fix type of parameter generation in btrfs_get_dentry 2022-11-10 17:57:55 +01:00
extent-tree.c btrfs: don't warn if discard range is not aligned to sector 2024-02-23 08:24:52 +01:00
extent_io.c btrfs: don't stop integrity writeback too early 2023-08-16 18:19:24 +02:00
extent_io.h btrfs: fix qgroup reserve overflow the qgroup limit 2022-04-15 14:18:39 +02:00
extent_map.c Btrfs: fix race between using extent maps and merging them 2020-02-19 19:53:00 +01:00
extent_map.h
file-item.c btrfs: handle memory allocation failure in btrfs_csum_one_bio 2023-06-21 15:44:09 +02:00
file.c btrfs: fix race between marking inode needs to be logged and log syncing 2021-09-03 10:08:15 +02:00
free-space-cache.c btrfs: fix space cache inconsistency after error loading it from disk 2023-05-30 12:44:04 +01:00
free-space-cache.h btrfs: move struct io_ctl to free-space-cache.h 2019-09-09 14:59:15 +02:00
free-space-tree.c btrfs: fix possible free space tree corruption with online conversion 2021-02-03 23:25:57 +01:00
free-space-tree.h btrfs: move basic block_group definitions to their own header 2019-09-09 14:59:03 +02:00
inode-item.c btrfs: Make btrfs_find_name_in_ext_backref return struct btrfs_inode_extref 2019-09-09 14:59:16 +02:00
inode-map.c btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() 2019-10-15 18:50:07 +02:00
inode-map.h
inode.c btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid 2023-05-30 12:44:04 +01:00
ioctl.c btrfs: forbid creating subvol qgroups 2024-02-23 08:25:08 +01:00
locking.c btrfs: move cond_wake_up functions out of ctree 2019-09-09 14:59:15 +02:00
locking.h btrfs: Remove unused locking functions 2019-09-09 14:58:59 +02:00
lzo.c btrfs: compression: replace set_level callbacks by a common helper 2019-09-09 14:59:11 +02:00
misc.h btrfs: move math functions to misc.h 2019-09-09 14:59:15 +02:00
ordered-data.c Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents 2020-02-28 17:22:24 +01:00
ordered-data.h btrfs: don't assume ordered sums to be 4 bytes 2019-07-01 13:35:00 +02:00
orphan.c
print-tree.c btrfs: print-tree: parent bytenr must be aligned to sector size 2023-05-17 11:36:00 +02:00
print-tree.h
props.c btrfs: rename the btrfs_calc_*_metadata_size helpers 2019-09-09 14:59:13 +02:00
props.h
qgroup.c btrfs: forbid deleting live subvol qgroup 2024-02-23 08:25:09 +01:00
qgroup.h btrfs: qgroup: catch reserved space leaks at unmount time 2023-08-11 11:53:44 +02:00
raid56.c btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() 2022-08-25 11:18:40 +02:00
raid56.h btrfs: constify map parameter for nr_parity_stripes and nr_data_stripes 2019-07-01 13:34:58 +02:00
rcu-string.h btrfs: replace strncpy() with strscpy() 2023-01-18 11:41:52 +01:00
reada.c btrfs: fix readahead hang and use-after-free after removing a device 2020-11-05 11:43:27 +01:00
ref-verify.c btrfs: ref-verify: free ref cache before clearing mount opt 2024-02-23 08:24:51 +01:00
ref-verify.h
relocation.c btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() 2023-06-14 10:59:59 +02:00
root-tree.c btrfs: fix silent failure when deleting root reference 2022-09-05 10:27:43 +02:00
scrub.c btrfs: scrub: try to fix super block errors 2022-10-26 13:22:55 +02:00
send.c btrfs: send: return EOPNOTSUPP on unknown flags 2024-02-23 08:25:09 +01:00
send.h
space-info.c btrfs: prevent __btrfs_dump_space_info() to underflow its free space 2021-09-30 10:09:22 +02:00
space-info.h btrfs: take overcommit into account in inc_block_group_ro 2020-10-17 10:11:21 +02:00
struct-funcs.c btrfs: tie extent buffer and it's token together 2019-09-09 14:59:16 +02:00
super.c Revert "btrfs: add dmesg output for first mount and last unmount of a filesystem" 2023-12-13 18:18:17 +01:00
sysfs.c btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs() 2022-12-08 11:23:01 +01:00
sysfs.h btrfs: sysfs: move helper macros to sysfs.c 2019-09-09 14:59:08 +02:00
transaction.c btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART 2023-09-23 11:00:00 +02:00
transaction.h btrfs: fix race between marking inode needs to be logged and log syncing 2021-09-03 10:08:15 +02:00
tree-checker.c btrfs: tree-checker: fix inline ref size in error messages 2024-02-23 08:24:51 +01:00
tree-checker.h
tree-defrag.c
tree-log.c btrfs: initialize start_slot in btrfs_log_prealloc_extents 2023-10-25 11:53:22 +02:00
tree-log.h btrfs: do not commit logs and transactions during link and rename operations 2021-08-08 09:04:07 +02:00
ulist.c
ulist.h
uuid-tree.c btrfs: handle ENOENT in btrfs_uuid_tree_iterate 2019-12-31 16:42:05 +01:00
volumes.c btrfs: make error messages more clear when getting a chunk map 2023-12-08 08:44:26 +01:00
volumes.h btrfs: add a helper to read the superblock metadata_uuid 2023-09-23 11:00:05 +02:00
xattr.c btrfs: check if root is readonly while setting security xattr 2022-09-05 10:27:43 +02:00
xattr.h
zlib.c btrfs: zlib: zero-initialize zlib workspace 2023-02-22 12:50:30 +01:00
zstd.c btrfs: move cond_wake_up functions out of ctree 2019-09-09 14:59:15 +02:00