microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/fs
История
Baokun Li afba9d1132 ext4: fix double-free of blocks due to wrong extents moved_len 
commit 55583e899a5357308274601364741a83e78d6ac4 upstream.

In ext4_move_extents(), moved_len is only updated when all moves are
successfully executed, and only discards orig_inode and donor_inode
preallocations when moved_len is not zero. When the loop fails to exit
after successfully moving some extents, moved_len is not updated and
remains at 0, so it does not discard the preallocations.

If the moved extents overlap with the preallocated extents, the
overlapped extents are freed twice in ext4_mb_release_inode_pa() and
ext4_process_freed_data() (as described in commit 94d7c16cbb ("ext4:
Fix double-free of blocks with EXT4_IOC_MOVE_EXT")), and bb_free is
incremented twice. Hence when trim is executed, a zero-division bug is
triggered in mb_update_avg_fragment_size() because bb_free is not zero
and bb_fragments is zero.

Therefore, update move_len after each extent move to avoid the issue.

Reported-by: Wei Chen <harperchen1110@gmail.com>
Reported-by: xingwei lee <xrivendell7@gmail.com>
Closes: https://lore.kernel.org/r/CAO4mrferzqBUnCag8R3m2zf897ts9UEuhjFQGPtODT92rYyR2Q@mail.gmail.com
Fixes: fcf6b1b729 ("ext4: refactor ext4_move_extents code base")
CC:  <stable@vger.kernel.org> # 3.18
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20240104142040.2835097-2-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-02-23 08:55:06 +01:00
..
9p 9p: v9fs_listxattr: fix %s null argument warning 2023-11-28 16:56:19 +00:00
adfs
affs affs: initialize fsdata in affs_truncate() 2023-02-01 08:27:06 +01:00
afs afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() 2024-02-23 08:54:39 +01:00
autofs autofs: fix memory leak of waitqueues in autofs_catatonic_mode 2023-09-23 11:09:54 +02:00
befs
bfs
btrfs btrfs: send: return EOPNOTSUPP on unknown flags 2024-02-23 08:55:01 +01:00
cachefiles
ceph ceph: fix deadlock or deadcode of misusing dget() 2024-02-23 08:54:52 +01:00
cifs smb: client: fix OOB in smbCalcSize() 2024-01-05 15:13:38 +01:00
coda coda: Avoid partial allocation of sig_inputArgs 2023-03-10 09:39:50 +01:00
configfs configfs: fix possible memory leak in configfs_create_dir() 2022-12-31 13:14:15 +01:00
cramfs
crypto fscrypt: fix keyring memory leak on mount failure 2022-11-10 18:15:37 +01:00
debugfs debugfs: fix automount d_fsdata usage 2024-01-25 14:52:27 -08:00
devpts
dlm dlm: fix plock lookup when using multiple lockspaces 2023-09-19 12:22:52 +02:00
ecryptfs ecryptfs: Reject casefold directory inodes 2024-02-23 08:54:40 +01:00
efivarfs efivarfs: force RO when remounting if SetVariable is not supported 2024-01-25 14:52:33 -08:00
efs
erofs erofs: ensure that the post-EOF tails are all zeroed 2023-09-06 21:28:37 +01:00
exfat exfat: support handle zero-size directory 2023-11-28 16:56:19 +00:00
exportfs
ext2 ext2: fix datatype of block number in ext2_xattr_set2() 2023-09-23 11:09:57 +02:00
ext4 ext4: fix double-free of blocks due to wrong extents moved_len 2024-02-23 08:55:06 +01:00
f2fs f2fs: fix to tag gcing flag on page during block migration 2024-02-23 08:54:48 +01:00
fat
freevxfs
fscache
fuse fuse: share lookup state between submount and its parent 2024-01-05 15:13:36 +01:00
gfs2 gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump 2024-01-25 14:52:35 -08:00
hfs hfs: fix missing hfs_bnode_get() in __hfs_bnode_create 2023-03-10 09:39:57 +01:00
hfsplus fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() 2023-05-24 17:36:43 +01:00
hostfs
hpfs
hugetlbfs hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() 2022-12-31 13:14:44 +01:00
iomap iomap: update ki_pos a little later in iomap_dio_complete 2023-12-08 08:48:05 +01:00
isofs
jbd2 jbd2: fix soft lockup in journal_finish_inode_data_buffers() 2024-01-25 14:52:29 -08:00
jffs2 jffs2: reduce stack usage in jffs2_build_xattr_subsystem() 2023-07-23 13:47:34 +02:00
jfs jfs: fix array-index-out-of-bounds in diNewExt 2024-02-23 08:54:39 +01:00
kernfs fs/kernfs/dir: obey S_ISGID 2024-02-23 08:54:51 +01:00
ksmbd ksmbd: fix global oob in ksmbd_nl_policy 2024-02-23 08:54:35 +01:00
lockd fs: lockd: avoid possible wrong NULL parameter 2023-09-19 12:22:43 +02:00
minix
netfs
nfs NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT 2024-01-25 14:52:36 -08:00
nfs_common
nfsd nfsd: fix file memleak on client_opens_release 2023-11-28 16:56:34 +00:00
nilfs2 nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() 2023-12-13 18:36:43 +01:00
nls fs/nls: make load_nls() take a const parameter 2023-09-19 12:22:27 +02:00
notify fanotify: disallow mount/sb marks on kernel internal pseudo fs 2023-07-23 13:47:36 +02:00
ntfs ntfs: check overflow when iterating ATTR_RECORDs 2022-11-26 09:24:52 +01:00
ntfs3 fs/ntfs3: Fix an NULL dereference bug 2024-02-23 08:54:59 +01:00
ocfs2 fs: ocfs2: namei: check return value of ocfs2_add_entry() 2023-09-19 12:22:34 +02:00
omfs
openpromfs
orangefs orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() 2022-12-31 13:14:44 +01:00
overlayfs ima: detect changes to the backing overlay file 2023-11-28 16:56:29 +00:00
proc proc: sysctl: prevent aliased sysctls from getting passed to init 2023-12-03 07:31:24 +01:00
pstore pstore/ram: Fix crash when setting number of cpus to an odd number 2024-02-23 08:54:39 +01:00
qnx4
qnx6
quota quota: explicitly forbid quota files from being encrypted 2023-11-28 16:56:31 +00:00
ramfs shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs 2023-07-23 13:47:33 +02:00
reiserfs reiserfs: Check the return value from __getblk() 2023-09-19 12:22:30 +02:00
romfs
smbfs_common
squashfs revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" 2023-02-22 12:57:07 +01:00
sysfs
sysv fs/sysv: Null check to prevent null-ptr-deref bug 2023-08-11 15:13:58 +02:00
tracefs tracefs: Add missing lockdown check to tracefs_create_dir() 2023-09-23 11:10:02 +02:00
ubifs ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path 2024-02-23 08:54:26 +01:00
udf udf: initialize newblock to 0 2023-09-19 12:22:53 +02:00
ufs
unicode
vboxsf
verity fsverity: skip PKCS#7 parser when keyring is empty 2023-09-19 12:22:52 +02:00
xfs xfs: read only mounts with fsopen mount API are busted 2024-02-23 08:54:32 +01:00
zonefs zonefs: Fix error message in zonefs_file_dio_append() 2023-04-05 11:25:01 +02:00
Kconfig ksmbd: have a dependency on cifs ARC4 2024-01-05 15:13:36 +01:00
Kconfig.binfmt
Makefile io_uring: move to separate directory 2022-12-14 11:37:31 +01:00
aio.c aio: fix mremap after fork null-deref 2023-02-22 12:57:05 +01:00
anon_inodes.c
attr.c attr: block mode changes of symlinks 2023-09-23 11:10:01 +02:00
bad_inode.c
binfmt_aout.c
binfmt_elf.c fs/binfmt_elf: Fix memory leak in load_elf_binary() 2022-11-03 23:59:12 +09:00
binfmt_elf_fdpic.c fs: binfmt_elf_efpic: fix personality for ELF-FDPIC 2023-10-06 13:18:24 +02:00
binfmt_flat.c
binfmt_misc.c binfmt_misc: fix shift-out-of-bounds in check_special_flags 2022-12-31 13:14:39 +01:00
binfmt_script.c
buffer.c mm: fs: initialize fsdata passed to write_begin/write_end interface 2022-11-26 09:24:51 +01:00
char_dev.c chardev: fix error handling in cdev_device_add() 2022-12-31 13:14:30 +01:00
compat_binfmt_elf.c
coredump.c
d_path.c
dax.c
dcache.c fast_dput(): handle underflows gracefully 2024-02-23 08:54:46 +01:00
direct-io.c
drop_caches.c
eventfd.c eventfd: prevent underflow for eventfd semaphores 2023-09-19 12:22:30 +02:00
eventpoll.c epoll: ep_autoremove_wake_function should use list_del_init_careful 2023-06-21 15:59:14 +02:00
exec.c exec: Fix error handling in begin_new_exec() 2024-02-23 08:54:31 +01:00
fcntl.c
fhandle.c
file.c file: reinstate f_pos locking optimization for regular files 2023-08-11 15:13:58 +02:00
file_table.c locks: fix TOCTOU race when granting write lease 2022-10-26 12:34:58 +02:00
filesystems.c
fs-writeback.c writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs 2023-11-20 11:08:13 +01:00
fs_context.c fs: avoid empty option when generating legacy mount string 2023-07-23 13:47:34 +02:00
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fsopen.c
init.c
inode.c fs: add ctime accessors infrastructure 2023-12-08 08:48:04 +01:00
internal.h nfs: use vfs setgid helper 2023-08-30 16:18:19 +02:00
ioctl.c lsm: new security_file_ioctl_compat() hook 2024-02-23 08:54:25 +01:00
kernel_read_file.c
libfs.c libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value 2022-12-31 13:14:03 +01:00
locks.c locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock 2023-09-23 11:09:55 +02:00
mbcache.c mbcache: Avoid nesting of cache->c_list_lock under bit locks 2023-01-12 11:59:20 +01:00
mount.h
mpage.c
namei.c rename(): fix the locking of subdirectories 2024-02-23 08:54:26 +01:00
namespace.c fs: indicate request originates from old mount API 2024-01-25 14:52:35 -08:00
no-block.c
nsfs.c
open.c open: make RESOLVE_CACHED correctly test for O_TMPFILE 2023-08-11 15:13:57 +02:00
pipe.c pipe: wakeup wr_wait after setting max_usage 2024-02-23 08:54:33 +01:00
pnode.c pnode: terminate at peers of source 2023-01-12 11:58:47 +01:00
pnode.h
posix_acl.c
proc_namespace.c
read_write.c vfs: fix copy_file_range() averts filesystem freeze protection 2022-12-19 12:36:39 +01:00
readdir.c
remap_range.c
select.c
seq_file.c
signalfd.c
splice.c
stack.c
stat.c
statfs.c statfs: enforce statfs[64] structure initialization 2023-05-24 17:36:54 +01:00
super.c fs: Protect reconfiguration of sb read-write from racing writes 2023-08-11 15:13:58 +02:00
sync.c
timerfd.c
userfaultfd.c userfaultfd: open userfaultfds with O_RDONLY 2022-10-26 12:34:36 +02:00
utimes.c
xattr.c fs: don't audit the capability check in simple_xattr_list() 2022-12-31 13:14:01 +01:00