[SRU][B/X][CVE-2018-10322][PATCH 0/1] xfs: enhance dinode verifier
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Sep 1 20:46:04 UTC 2020
On Tue, Sep 01, 2020 at 03:36:29PM -0400, William Breathitt Gray wrote:
> On Tue, Sep 01, 2020 at 03:03:27PM -0300, Thadeu Lima de Souza Cascardo wrote:
> > On Tue, Sep 01, 2020 at 12:57:08PM -0400, William Breathitt Gray wrote:
> > > [Regression Potential]
> > >
> > > The upstream fix (commit b42db0860e13067fcc7cbfba3966c9e652668bbc)
> > > expects the affected code in the xfs_inode_buf.c file, but the affected
> > > code is in xfs_inode_fork.c file for the Bionic and Xenial kernels. This
> > > is because there was a refactoring performed in commit
> > > 71493b839e294065ba63bd6f8d07263f3afee8c6 in order to reject bad inodes
> > > earlier and in a single place. It is possible that waiting unti later to
> > > reject these bad inodes could have a negative side effect.
> > How hard it is to backport 71493b839e294065ba63bd6f8d07263f3afee8c6 to Bionic
> > and Xenial? And are there any fixups for that commit that we would rather
> > include?
> > Cascardo.
> There are seven commits between commit 71493b839e29 and b42db0860e13:
> b42db0860e13 xfs: enhance dinode verifier
> fa4493f0d9b3 xfs: remove dead inode version setting code
> 6a96c5650568 xfs: don't accept inode buffers with suspicious unlinked chains
> 8bb82bc12a9e xfs: move inode extent size hint validation to libxfs
> 6edb181053f0 xfs: refactor inode buffer verifier error logging
> 20c59c71ae71 Merge tag 'xfs-4.16-merge-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
> 22431bf3dfbf xfs: refactor inode verifier corruption error printing
> f0e28280629e xfs: convert to new i_version API
> 71493b839e29 xfs: move inode fork verifiers to xfs_dinode_verify
> Of these commits, only 71493b839e29 seems relevant to xfs_dinode_verify.
> Backporting this commit is trivial. Would you like me to resubmit this
> patchset with 71493b839e29 included?
> William Breathitt Gray
Yeah, I think it works better. Any later fixes will be more easily
backportable, and we will have code that do not digress too much from upstream.
More information about the kernel-team