ACK: [SRU][F][PATCH v2 0/4] CVE-2021-3428
Tim Gardner
tim.gardner at canonical.com
Fri Oct 8 18:48:56 UTC 2021
Acked-by: Tim Gardner <tim.gardner at canonical.com>
On 10/8/21 12:44 PM, Luke Nowakowski-Krijger wrote:
> [Impact]
> Mounting a crafted ext4 filesystem can trigger an integer overflow
> that occurs in ext4_es_cache_extent(). This yields a kernel bug that can
> lead to a system crash and denial of service.
>
> [Backports]
> Added error codes EXT4_ERR_* to fs/ext4/ext4.h.
> Added simulate_fail codes EXT4_SIM_* and ext4_simulate_fail definitons
> to fs/ext4/ext4.h.
>
> [Test case]
> Reproduced the bug using the reproducer here
> (https://bugzilla.suse.com/show_bug.cgi?id=1173485),
> confirmed that after the patches are applied that the system reports a
> malformed filesystem and mounting fails.
>
> [Potential regression]
> Journal inodes are no longer a special case when checking extent trees
> which means that some filesystems that could be mounted could now fail.
>
> Jan Kara (1):
> ext4: check journal inode extents more carefully
>
> Theodore Ts'o (3):
> ext4: save the error code which triggered an ext4_error() in the
> superblock
> ext4: simulate various I/O and checksum errors when reading metadata
> ext4: save all error info in save_error_info() and drop
> ext4_set_errno()
>
> fs/ext4/balloc.c | 10 ++--
> fs/ext4/block_validity.c | 59 +++++++++---------
> fs/ext4/ext4.h | 125 ++++++++++++++++++++++++++++++++-------
> fs/ext4/ext4_jbd2.c | 10 ++--
> fs/ext4/extents.c | 42 ++++++-------
> fs/ext4/ialloc.c | 15 +++--
> fs/ext4/indirect.c | 8 +--
> fs/ext4/inline.c | 11 ++--
> fs/ext4/inode.c | 38 ++++++------
> fs/ext4/mballoc.c | 21 +++----
> fs/ext4/mmp.c | 13 ++--
> fs/ext4/move_extent.c | 4 +-
> fs/ext4/namei.c | 31 ++++++----
> fs/ext4/super.c | 106 +++++++++++++++++++++++++--------
> fs/ext4/sysfs.c | 23 +++++++
> fs/ext4/xattr.c | 12 ++--
> 16 files changed, 351 insertions(+), 177 deletions(-)
>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list