[SRU][Trusty][PATCH 2/2] ext4: fix fencepost in s_first_meta_bg validation
Kleber Sacilotto de Souza
kleber.souza at canonical.com
Wed Jul 25 18:09:35 UTC 2018
From: Theodore Ts'o <tytso at mit.edu>
It is OK for s_first_meta_bg to be equal to the number of block group
descriptor blocks. (It rarely happens, but it shouldn't cause any
problems.)
https://bugzilla.kernel.org/show_bug.cgi?id=194567
Fixes: 3a4b77cd47bb837b8557595ec7425f281f2ca1fe
Signed-off-by: Theodore Ts'o <tytso at mit.edu>
Cc: stable at vger.kernel.org
CVE-2016-10208
(backported from commit 2ba3e6e8afc9b6188b471f27cf2b5e3cf34e7af2)
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
---
fs/ext4/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index ffca676b968d..942c98b270fd 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3832,7 +3832,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
db_count = (sbi->s_groups_count + EXT4_DESC_PER_BLOCK(sb) - 1) /
EXT4_DESC_PER_BLOCK(sb);
if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_META_BG)) {
- if (le32_to_cpu(es->s_first_meta_bg) >= db_count) {
+ if (le32_to_cpu(es->s_first_meta_bg) > db_count) {
ext4_msg(sb, KERN_WARNING,
"first meta block group too large: %u "
"(group descriptor block count %u)",
--
2.17.1
More information about the kernel-team
mailing list