UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/fs/xfs
History
lei lu 7cd9f0a33e xfs: add bounds checking to xlog_recover_process_data 
commit fb63435b7c7dc112b1ae1baea5486e0a6e27b196 upstream.

There is a lack of verification of the space occupied by fixed members
of xlog_op_header in the xlog_recover_process_data.

We can create a crafted image to trigger an out of bounds read by
following these steps:
    1) Mount an image of xfs, and do some file operations to leave records
    2) Before umounting, copy the image for subsequent steps to simulate
       abnormal exit. Because umount will ensure that tail_blk and
       head_blk are the same, which will result in the inability to enter
       xlog_recover_process_data
    3) Write a tool to parse and modify the copied image in step 2
    4) Make the end of the xlog_op_header entries only 1 byte away from
       xlog_rec_header->h_size
    5) xlog_rec_header->h_num_logops++
    6) Modify xlog_rec_header->h_crc

Fix:
Add a check to make sure there is sufficient space to access fixed members
of xlog_op_header.

Signed-off-by: lei lu <llfamsec@gmail.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Bin Lan <bin.lan.cn@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-12-09 10:32:39 +01:00
..
libxfs xfs: restrict when we try to align cow fork delalloc to cowextsz hints 2024-10-22 15:46:24 +02:00
scrub xfs: use dontcache for grabbing inodes during scrub 2024-10-22 15:46:23 +02:00
Kconfig xfs: fix again select in kconfig XFS_ONLINE_SCRUB_STATS 2024-02-16 19:10:45 +01:00
Makefile xfs: move the realtime summary file scrubber to a separate source file 2023-08-10 07:48:09 -07:00
kmem.c
kmem.h
mrlock.h
xfs.h
xfs_acl.c xfs: convert to ctime accessor functions 2023-07-24 10:30:06 +02:00
xfs_acl.h fs: port ->set_acl() to pass mnt_idmap 2023-01-19 09:24:27 +01:00
xfs_aops.c xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset 2024-10-22 15:46:23 +02:00
xfs_aops.h
xfs_attr_inactive.c xfs: make inode unlinked bucket recovery work with quotacheck 2023-09-12 10:31:07 -07:00
xfs_attr_item.c xfs: enforce one namespace per attribute 2024-10-22 15:46:23 +02:00
xfs_attr_item.h
xfs_attr_list.c xfs: enforce one namespace per attribute 2024-10-22 15:46:23 +02:00
xfs_bio_io.c fs/xfs: Use the enum req_op and blk_opf_t types 2022-07-14 12:14:33 -06:00
xfs_bmap_item.c xfs: transfer recovered intent item ownership in ->iop_recover 2024-04-03 15:28:47 +02:00
xfs_bmap_item.h
xfs_bmap_util.c xfs: fix freeing speculative preallocations for preallocated files 2024-10-22 15:46:24 +02:00
xfs_bmap_util.h xfs: fix freeing speculative preallocations for preallocated files 2024-10-22 15:46:24 +02:00
xfs_buf.c xfs: force all buffers to be written during btree bulk load 2024-04-03 15:28:48 +02:00
xfs_buf.h xfs: force all buffers to be written during btree bulk load 2024-04-03 15:28:48 +02:00
xfs_buf_item.c xfs: buffer pins need to hold a buffer reference 2023-06-05 04:05:27 +10:00
xfs_buf_item.h
xfs_buf_item_recover.c xfs: verify buffer contents when we skip log replay 2023-04-12 15:49:23 +10:00
xfs_dahash_test.c xfs: test the ascii case-insensitive hash 2023-04-11 19:05:05 -07:00
xfs_dahash_test.h xfs: test dir/attr hash when loading module 2023-03-19 09:55:49 -07:00
xfs_dir2_readdir.c xfs: rearrange the logic and remove the broken comment for xfs_dir2_isxx 2022-10-04 16:39:58 +11:00
xfs_discard.c xfs: abort fstrim if kernel is suspending 2023-10-04 09:25:04 +11:00
xfs_discard.h xfs: move log discard work to xfs_discard.c 2023-10-04 09:24:02 +11:00
xfs_dquot.c xfs: fix error returns from xfs_bmapi_write 2024-10-22 15:46:21 +02:00
xfs_dquot.h
xfs_dquot_item.c
xfs_dquot_item.h
xfs_dquot_item_recover.c xfs: dquot recovery does not validate the recovered dquot 2024-02-16 19:10:46 +01:00
xfs_drain.c xfs: minimize overhead of drain wakeups by using jump labels 2023-04-11 18:59:59 -07:00
xfs_drain.h xfs: minimize overhead of drain wakeups by using jump labels 2023-04-11 18:59:59 -07:00
xfs_error.c xfs: make kobj_type structures constant 2023-02-10 08:59:48 -08:00
xfs_error.h xfs: allow setting full range of panic tags 2023-02-09 18:36:17 -08:00
xfs_export.c xfs: fix reloading entire unlinked bucket lists 2023-09-24 18:12:13 -07:00
xfs_export.h
xfs_extent_busy.c xfs: process free extents to busy list in FIFO order 2023-10-11 12:35:21 -07:00
xfs_extent_busy.h xfs: reduce AGF hold times during fstrim operations 2023-10-04 09:24:52 +11:00
xfs_extfree_item.c xfs: transfer recovered intent item ownership in ->iop_recover 2024-04-03 15:28:47 +02:00
xfs_extfree_item.h xfs: refactor all the EFI/EFD log item sizeof logic 2022-10-31 08:58:20 -07:00
xfs_file.c xfs: allow read IO and FICLONE to run concurrently 2024-02-16 19:10:45 +01:00
xfs_filestream.c xfs: fix finding a last resort AG in xfs_filestream_pick_ag 2024-11-08 16:28:26 +01:00
xfs_filestream.h xfs: pass perag to filestreams tracing 2023-02-13 09:14:56 +11:00
xfs_fsmap.c xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h 2024-04-03 15:28:46 +02:00
xfs_fsmap.h
xfs_fsops.c xfs: fix perag leak when growfs fails 2024-04-03 15:28:48 +02:00
xfs_fsops.h
xfs_globals.c xfs: allow setting full range of panic tags 2023-02-09 18:36:17 -08:00
xfs_health.c
xfs_icache.c xfs: fix freeing speculative preallocations for preallocated files 2024-10-22 15:46:24 +02:00
xfs_icache.h xfs: use per-mount cpumask to track nonempty percpu inodegc lists 2023-09-11 08:39:03 -07:00
xfs_icreate_item.c
xfs_icreate_item.h
xfs_inode.c xfs: fix freeing speculative preallocations for preallocated files 2024-10-22 15:46:24 +02:00
xfs_inode.h xfs: respect the stable writes flag on the RT device 2024-02-16 19:10:46 +01:00
xfs_inode_item.c xfs: initialise di_crc in xfs_log_dinode 2024-04-03 15:28:48 +02:00
xfs_inode_item.h xfs: fix AGF vs inode cluster buffer deadlock 2023-06-05 04:08:27 +10:00
xfs_inode_item_recover.c xfs: inode recovery does not validate the recovered inode 2024-02-16 19:10:45 +01:00
xfs_ioctl.c xfs: respect the stable writes flag on the RT device 2024-02-16 19:10:46 +01:00
xfs_ioctl.h fs: port ->fileattr_set() to pass mnt_idmap 2023-01-19 09:24:27 +01:00
xfs_ioctl32.c fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap 2023-01-19 09:24:29 +01:00
xfs_ioctl32.h
xfs_iomap.c xfs: restrict when we try to align cow fork delalloc to cowextsz hints 2024-10-22 15:46:24 +02:00
xfs_iomap.h xfs: use iomap_valid method to detect stale cached iomaps 2022-11-29 09:09:17 +11:00
xfs_iops.c xfs: respect the stable writes flag on the RT device 2024-02-16 19:10:46 +01:00
xfs_iops.h fs: port ->setattr() to pass mnt_idmap 2023-01-19 09:24:02 +01:00
xfs_itable.c xfs: fix reloading entire unlinked bucket lists 2023-09-24 18:12:13 -07:00
xfs_itable.h fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap 2023-01-19 09:24:29 +01:00
xfs_iunlink_item.c xfs: create traced helper to get extra perag references 2023-04-11 18:59:55 -07:00
xfs_iunlink_item.h xfs: add in-memory iunlink log item 2022-07-14 11:47:42 +10:00
xfs_iwalk.c xfs: create traced helper to get extra perag references 2023-04-11 18:59:55 -07:00
xfs_iwalk.h
xfs_linux.h xfs: create scaffolding for creating debugfs entries 2023-08-10 07:48:07 -07:00
xfs_log.c xfs: use xfs_defer_pending objects to recover intent items 2024-04-03 15:28:46 +02:00
xfs_log.h
xfs_log_cil.c xfs: move log discard work to xfs_discard.c 2023-10-04 09:24:02 +11:00
xfs_log_priv.h xfs: use xfs_defer_pending objects to recover intent items 2024-04-03 15:28:46 +02:00
xfs_log_recover.c xfs: add bounds checking to xlog_recover_process_data 2024-12-09 10:32:39 +01:00
xfs_message.c
xfs_message.h
xfs_mount.c xfs: track usage statistics of online fsck 2023-08-10 07:48:07 -07:00
xfs_mount.h xfs: make inode unlinked bucket recovery work with quotacheck 2023-09-12 10:31:07 -07:00
xfs_mru_cache.c
xfs_mru_cache.h
xfs_notify_failure.c xfs: correct calculation for agend and blockcount 2023-10-12 10:11:56 +05:30
xfs_ondisk.h xfs: convert flex-array declarations in xfs attr shortform objects 2023-07-17 08:48:56 -07:00
xfs_pnfs.c fs: port ->setattr() to pass mnt_idmap 2023-01-19 09:24:02 +01:00
xfs_pnfs.h
xfs_pwork.c
xfs_pwork.h
xfs_qm.c xfs: fix reloading entire unlinked bucket lists 2023-09-24 18:12:13 -07:00
xfs_qm.h
xfs_qm_bhv.c
xfs_qm_syscalls.c
xfs_quota.h
xfs_quotaops.c
xfs_refcount_item.c xfs: transfer recovered intent item ownership in ->iop_recover 2024-04-03 15:28:47 +02:00
xfs_refcount_item.h
xfs_reflink.c xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent 2024-10-22 15:46:22 +02:00
xfs_reflink.h
xfs_rmap_item.c xfs: transfer recovered intent item ownership in ->iop_recover 2024-04-03 15:28:47 +02:00
xfs_rmap_item.h
xfs_rtalloc.c xfs: fix error returns from xfs_bmapi_write 2024-10-22 15:46:21 +02:00
xfs_rtalloc.h xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h 2024-04-03 15:28:46 +02:00
xfs_stats.c xfs: replace unnecessary seq_printf with seq_puts 2022-09-19 06:48:14 +10:00
xfs_stats.h
xfs_super.c xfs: read only mounts with fsopen mount API are busted 2024-01-31 16:19:07 -08:00
xfs_super.h xfs: create scaffolding for creating debugfs entries 2023-08-10 07:48:07 -07:00
xfs_symlink.c fs: port fs{g,u}id helpers to mnt_idmap 2023-01-19 09:24:30 +01:00
xfs_symlink.h fs: port inode_init_owner() to mnt_idmap 2023-01-19 09:24:28 +01:00
xfs_sysctl.c xfs: simplify two-level sysctl registration for xfs_table 2023-04-13 11:49:35 -07:00
xfs_sysctl.h
xfs_sysfs.c xfs: make kobj_type structures constant 2023-02-10 08:59:48 -08:00
xfs_sysfs.h xfs: make kobj_type structures constant 2023-02-10 08:59:48 -08:00
xfs_trace.c xfs: add debug knob to slow down writeback for fun 2022-11-28 17:24:35 -08:00
xfs_trace.h xfs: fix finding a last resort AG in xfs_filestream_pick_ag 2024-11-08 16:28:26 +01:00
xfs_trans.c xfs: collect errors from inodegc for unlinked inode recovery 2023-06-05 14:48:15 +10:00
xfs_trans.h xfs: don't use current->journal_info 2024-06-21 14:38:45 +02:00
xfs_trans_ail.c xfs: don't reverse order of items in bulk AIL insertion 2023-06-29 09:28:23 -07:00
xfs_trans_buf.c
xfs_trans_dquot.c
xfs_trans_priv.h
xfs_xattr.c xfs: require a relatively recent V5 filesystem for LARP mode 2023-09-12 10:31:08 -07:00
xfs_xattr.h