[SRU][F][PATCH 0/4] CVE-2021-3428
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Oct 8 13:04:05 UTC 2021
On Thu, Oct 07, 2021 at 01:05:46PM -0700, Luke Nowakowski-Krijger wrote:
> [Impact]
> Mounting a crafted ext4 filesystem can trigger an integer overflow
> that occurs in ext4_es_cache_extent(). This yields a kernel bug that can
> lead to a system crash and denial of service.
>
> [Backports]
> Updated minor context changes in fs/ext4/ext4.h to include sbi_array_rcu_deref
> define.
>
Hey, Luke.
How hard would the backport of "ext4: check journal inode extents more
carefully" be without the other commits?
Cascardo.
> [Test case]
> Reproduced the bug using the reproducer here
> (https://bugzilla.suse.com/show_bug.cgi?id=1173485),
> confirmed that after the patches are applied that the system reports a
> malformed filesystem and mounting fails.
>
> [Potential regression]
> Journal inodes are no longer a special case when checking extent trees
> which means that some filesystems that could be mounted could now fail.
>
> Jan Kara (1):
> ext4: check journal inode extents more carefully
>
> Theodore Ts'o (3):
> ext4: save the error code which triggered an ext4_error() in the
> superblock
> ext4: simulate various I/O and checksum errors when reading metadata
> ext4: save all error info in save_error_info() and drop
> ext4_set_errno()
>
> fs/ext4/balloc.c | 10 ++--
> fs/ext4/block_validity.c | 59 +++++++++---------
> fs/ext4/ext4.h | 125 ++++++++++++++++++++++++++++++++-------
> fs/ext4/ext4_jbd2.c | 10 ++--
> fs/ext4/extents.c | 42 ++++++-------
> fs/ext4/ialloc.c | 15 +++--
> fs/ext4/indirect.c | 8 +--
> fs/ext4/inline.c | 11 ++--
> fs/ext4/inode.c | 38 ++++++------
> fs/ext4/mballoc.c | 21 +++----
> fs/ext4/mmp.c | 13 ++--
> fs/ext4/move_extent.c | 4 +-
> fs/ext4/namei.c | 31 ++++++----
> fs/ext4/super.c | 106 +++++++++++++++++++++++++--------
> fs/ext4/sysfs.c | 23 +++++++
> fs/ext4/xattr.c | 12 ++--
> 16 files changed, 351 insertions(+), 177 deletions(-)
>
> --
> 2.30.2
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list