[SRU][F][PATCH v2 0/4] CVE-2021-3428
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Fri Oct 8 18:44:44 UTC 2021
[Impact]
Mounting a crafted ext4 filesystem can trigger an integer overflow
that occurs in ext4_es_cache_extent(). This yields a kernel bug that can
lead to a system crash and denial of service.
[Backports]
Added error codes EXT4_ERR_* to fs/ext4/ext4.h.
Added simulate_fail codes EXT4_SIM_* and ext4_simulate_fail definitons
to fs/ext4/ext4.h.
[Test case]
Reproduced the bug using the reproducer here
(https://bugzilla.suse.com/show_bug.cgi?id=1173485),
confirmed that after the patches are applied that the system reports a
malformed filesystem and mounting fails.
[Potential regression]
Journal inodes are no longer a special case when checking extent trees
which means that some filesystems that could be mounted could now fail.
Jan Kara (1):
ext4: check journal inode extents more carefully
Theodore Ts'o (3):
ext4: save the error code which triggered an ext4_error() in the
superblock
ext4: simulate various I/O and checksum errors when reading metadata
ext4: save all error info in save_error_info() and drop
ext4_set_errno()
fs/ext4/balloc.c | 10 ++--
fs/ext4/block_validity.c | 59 +++++++++---------
fs/ext4/ext4.h | 125 ++++++++++++++++++++++++++++++++-------
fs/ext4/ext4_jbd2.c | 10 ++--
fs/ext4/extents.c | 42 ++++++-------
fs/ext4/ialloc.c | 15 +++--
fs/ext4/indirect.c | 8 +--
fs/ext4/inline.c | 11 ++--
fs/ext4/inode.c | 38 ++++++------
fs/ext4/mballoc.c | 21 +++----
fs/ext4/mmp.c | 13 ++--
fs/ext4/move_extent.c | 4 +-
fs/ext4/namei.c | 31 ++++++----
fs/ext4/super.c | 106 +++++++++++++++++++++++++--------
fs/ext4/sysfs.c | 23 +++++++
fs/ext4/xattr.c | 12 ++--
16 files changed, 351 insertions(+), 177 deletions(-)
--
2.30.2
More information about the kernel-team
mailing list