ACK/cmnt: [T SRU][PATCH] f2fs: sanity check segment count

Kleber Souza kleber.souza at canonical.com
Thu Oct 5 08:01:55 UTC 2017 

On 10/02/2017 04:29 PM, Shrirang Bagul wrote:
> From: Jin Qian <jinqian at google.com>
>
> F2FS uses 4 bytes to represent block address. As a result, supported
> size of disk is 16 TB and it equals to 16 * 1024 * 1024 / 2 segments.
>
> Signed-off-by: Jin Qian <jinqian at google.com>
> Signed-off-by: Jaegeuk Kim <jaegeuk at kernel.org>
>
> This fixes CVE-2017-10662

The CVE number needs to be at the beginning of the line in order for the 
tools to parse it. So the above line should be simply:

CVE-2017-10662

This can be fixed when applying the patch.

>
> (backported from commit b9dd46188edc2f0d1f37328637860bb65a771124)
> Signed-off-by: Shrirang Bagul <shrirang.bagul at canonical.com>

Backport looks good. Thanks.

Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>

> ---
>  fs/f2fs/super.c         | 8 ++++++++
>  include/linux/f2fs_fs.h | 6 ++++++
>  2 files changed, 14 insertions(+)
>
> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> index bafff72de8e8..c878a4f40f64 100644
> --- a/fs/f2fs/super.c
> +++ b/fs/f2fs/super.c
> @@ -716,6 +716,14 @@ static int sanity_check_raw_super(struct super_block *sb,
>  		f2fs_msg(sb, KERN_INFO, "Invalid log sectors per block");
>  		return 1;
>  	}
> +
> +	if (le32_to_cpu(raw_super->segment_count) > F2FS_MAX_SEGMENT) {
> +		f2fs_msg(sb, KERN_INFO,
> +			"Invalid segment count (%u)",
> +			le32_to_cpu(raw_super->segment_count));
> +		return 1;
> +	}
> +
>  	return 0;
>  }
>
> diff --git a/include/linux/f2fs_fs.h b/include/linux/f2fs_fs.h
> index bb942f6d5702..4c917ad84d71 100644
> --- a/include/linux/f2fs_fs.h
> +++ b/include/linux/f2fs_fs.h
> @@ -245,6 +245,12 @@ struct f2fs_nat_block {
>  #define SIT_ENTRY_PER_BLOCK (PAGE_CACHE_SIZE / sizeof(struct f2fs_sit_entry))
>
>  /*
> + * F2FS uses 4 bytes to represent block address. As a result, supported size of
> + * disk is 16 TB and it equals to 16 * 1024 * 1024 / 2 segments.
> + */
> +#define F2FS_MAX_SEGMENT       ((16 * 1024 * 1024) / 2)
> +
> +/*
>   * Note that f2fs_sit_entry->vblocks has the following bit-field information.
>   * [15:10] : allocation type such as CURSEG_XXXX_TYPE
>   * [9:0] : valid block count
>

More information about the kernel-team mailing list