APPLIED: [SRU][F][PATCH v2 0/4] CVE-2021-3428

Kelsey Skunberg kelsey.skunberg at canonical.com
Wed Oct 13 00:05:18 UTC 2021


On 2021-10-08 11:44:44 , Luke Nowakowski-Krijger wrote:
> [Impact]
> Mounting a crafted ext4 filesystem can trigger an integer overflow
> that occurs in ext4_es_cache_extent(). This yields a kernel bug that can
> lead to a system crash and denial of service.
> 
> [Backports]
> Added error codes EXT4_ERR_* to fs/ext4/ext4.h.
> Added simulate_fail codes EXT4_SIM_* and ext4_simulate_fail definitons
> to fs/ext4/ext4.h. 
> 
> [Test case]
> Reproduced the bug using the reproducer here
> (https://bugzilla.suse.com/show_bug.cgi?id=1173485),
> confirmed that after the patches are applied that the system reports a
> malformed filesystem and mounting fails.
> 
> [Potential regression]
> Journal inodes are no longer a special case when checking extent trees
> which means that some filesystems that could be mounted could now fail.
> 
> Jan Kara (1):
>   ext4: check journal inode extents more carefully
> 
> Theodore Ts'o (3):
>   ext4: save the error code which triggered an ext4_error() in the
>     superblock
>   ext4: simulate various I/O and checksum errors when reading metadata
>   ext4: save all error info in save_error_info() and drop
>     ext4_set_errno()
> 
>  fs/ext4/balloc.c         |  10 ++--
>  fs/ext4/block_validity.c |  59 +++++++++---------
>  fs/ext4/ext4.h           | 125 ++++++++++++++++++++++++++++++++-------
>  fs/ext4/ext4_jbd2.c      |  10 ++--
>  fs/ext4/extents.c        |  42 ++++++-------
>  fs/ext4/ialloc.c         |  15 +++--
>  fs/ext4/indirect.c       |   8 +--
>  fs/ext4/inline.c         |  11 ++--
>  fs/ext4/inode.c          |  38 ++++++------
>  fs/ext4/mballoc.c        |  21 +++----
>  fs/ext4/mmp.c            |  13 ++--
>  fs/ext4/move_extent.c    |   4 +-
>  fs/ext4/namei.c          |  31 ++++++----
>  fs/ext4/super.c          | 106 +++++++++++++++++++++++++--------
>  fs/ext4/sysfs.c          |  23 +++++++
>  fs/ext4/xattr.c          |  12 ++--
>  16 files changed, 351 insertions(+), 177 deletions(-)
> 
> -- 
> 2.30.2
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team



More information about the kernel-team mailing list