android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1b9b4139d7
android_kernel_xiaomi_sm8450/fs/xfs
History
Darrick J. Wong 1b9b4139d7 xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* 
commit 29d650f7e3ab55283b89c9f5883d0c256ce478b5 upstream.

Syzbot tripped over the following complaint from the kernel:

WARNING: CPU: 2 PID: 15402 at mm/util.c:597 kvmalloc_node+0x11e/0x125 mm/util.c:597

While trying to run XFS_IOC_GETBMAP against the following structure:

struct getbmap fubar = {
	.bmv_count	= 0x22dae649,
};

Obviously, this is a crazy huge value since the next thing that the
ioctl would do is allocate 37GB of memory.  This is enough to make
kvmalloc mad, but isn't large enough to trip the validation functions.
In other words, I'm fussing with checks that were **already sufficient**
because that's easier than dealing with 644 internal bug reports.  Yes,
that's right, six hundred and forty-four.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Allison Henderson <allison.henderson@oracle.com>
Reviewed-by: Catherine Hoang <catherine.hoang@oracle.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-08-31 17:15:14 +02:00
..
libxfs xfs: logging the on disk inode LSN can make it go backwards 2022-08-03 12:00:51 +02:00
scrub treewide: Change list_sort to use const pointers 2021-09-30 10:11:04 +02:00
Kconfig xfs: fix Kconfig asking about XFS_SUPPORT_V4 when XFS_FS=n 2020-10-16 15:34:28 -07:00
kmem.c xfs: remove kmem_realloc() 2020-09-06 18:05:51 -07:00
kmem.h xfs: Remove kmem_zalloc_large() 2020-09-15 20:52:41 -07:00
Makefile xfs: refactor log recovery item sorting into a generic dispatch structure 2020-05-08 08:49:58 -07:00
mrlock.h
xfs_acl.c xfs: Remove kmem_zalloc_large() 2020-09-15 20:52:41 -07:00
xfs_acl.h xfs: improve xfs_forget_acl 2020-03-02 20:55:55 -08:00
xfs_aops.c xfs: use current->journal_info for detecting transaction recursion 2022-07-07 17:52:19 +02:00
xfs_aops.h
xfs_attr_inactive.c xfs: cleanup xfs_idestroy_fork 2020-05-19 09:40:59 -07:00
xfs_attr_list.c xfs: Convert xfs_attr_sf macros to inline functions 2020-09-15 20:52:42 -07:00
xfs_bio_io.c
xfs_bmap_item.c treewide: Change list_sort to use const pointers 2021-09-30 10:11:04 +02:00
xfs_bmap_item.h xfs: refactor intent item RECOVERED flag into the log item 2020-05-08 08:50:01 -07:00
xfs_bmap_util.c xfs: fix fallocate functions when rtextsize is larger than 1 2020-10-21 09:05:19 -07:00
xfs_bmap_util.h
xfs_buf_item_recover.c xfs: Enforce attr3 buffer recovery order 2022-08-03 12:00:51 +02:00
xfs_buf_item.c xfs: remove dead stale buf unpin handling code 2022-08-03 12:00:51 +02:00
xfs_buf_item.h xfs: move the buffer retry logic to xfs_buf.c 2020-09-15 20:52:38 -07:00
xfs_buf.c treewide: Change list_sort to use const pointers 2021-09-30 10:11:04 +02:00
xfs_buf.h xfs: reuse _xfs_buf_read for re-reading the superblock 2020-09-15 20:52:39 -07:00
xfs_dir2_readdir.c xfs: move the fork format fields into struct xfs_ifork 2020-05-19 09:40:58 -07:00
xfs_discard.c xfs: remove XFS_BUF_TO_AGF 2020-03-11 09:11:39 -07:00
xfs_discard.h
xfs_dquot_item_recover.c xfs: rename the ondisk dquot d_flags to d_type 2020-07-28 20:24:14 -07:00
xfs_dquot_item.c xfs: xfs_log_force_lsn isn't passed a LSN 2022-08-03 12:00:50 +02:00
xfs_dquot_item.h xfs: factor out quotaoff intent AIL removal and memory free 2020-03-18 08:12:23 -07:00
xfs_dquot.c xfs: fix incorrect root dquot corruption error when switching group/project quota types 2022-06-09 10:21:29 +02:00
xfs_dquot.h xfs: refactor default quota grace period setting code 2020-09-15 20:52:40 -07:00
xfs_error.c xfs: ensure xfs_errortag_random_default matches XFS_ERRTAG_MAX 2022-07-07 17:52:19 +02:00
xfs_error.h xfs: xfs_buf_corruption_error should take __this_address 2020-03-12 07:58:12 -07:00
xfs_export.c xfs: delete duplicated words + other fixes 2020-08-05 08:49:58 -07:00
xfs_export.h
xfs_extent_busy.c treewide: Change list_sort to use const pointers 2021-09-30 10:11:04 +02:00
xfs_extent_busy.h treewide: Change list_sort to use const pointers 2021-09-30 10:11:04 +02:00
xfs_extfree_item.c xfs: use kmem_cache_free() for kmem_cache objects 2022-07-02 16:39:23 +02:00
xfs_extfree_item.h xfs: refactor intent item RECOVERED flag into the log item 2020-05-08 08:50:01 -07:00
xfs_file.c xfs: xfs_log_force_lsn isn't passed a LSN 2022-08-03 12:00:50 +02:00
xfs_filestream.c xfs: drop the obsolete comment on filestream locking 2020-09-25 11:34:08 -07:00
xfs_filestream.h
xfs_fsmap.c xfs: fix deadlock and streamline xfs_getfsmap performance 2020-10-07 08:40:29 -07:00
xfs_fsmap.h xfs: fix deadlock and streamline xfs_getfsmap performance 2020-10-07 08:40:29 -07:00
xfs_fsops.c xfs: remove unused shutdown types 2020-05-07 08:27:48 -07:00
xfs_fsops.h
xfs_globals.c
xfs_health.c
xfs_icache.c xfs: fix I_DONTCACHE 2022-08-21 15:15:21 +02:00
xfs_icache.h xfs: remove SYNC_WAIT and SYNC_TRYLOCK 2020-07-14 08:47:33 -07:00
xfs_icreate_item.c xfs: Remove kmem_zone_zalloc() usage 2020-07-28 20:24:14 -07:00
xfs_icreate_item.h
xfs_inode_item_recover.c xfs: logging the on disk inode LSN can make it go backwards 2022-08-03 12:00:51 +02:00
xfs_inode_item.c xfs: xfs_log_force_lsn isn't passed a LSN 2022-08-03 12:00:50 +02:00
xfs_inode_item.h xfs: xfs_log_force_lsn isn't passed a LSN 2022-08-03 12:00:50 +02:00
xfs_inode.c xfs: xfs_log_force_lsn isn't passed a LSN 2022-08-03 12:00:50 +02:00
xfs_inode.h xfs: widen ondisk inode timestamps to deal with y2038+ 2020-09-15 20:52:41 -07:00
xfs_ioctl32.c xfs: lift cursor copy in/out into xfs_ioc_attr_list 2020-03-02 20:55:54 -08:00
xfs_ioctl32.h
xfs_ioctl.c xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* 2022-08-31 17:15:14 +02:00
xfs_ioctl.h xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() 2022-08-31 17:15:14 +02:00
xfs_iomap.c xfs: only set IOMAP_F_SHARED when providing a srcmap to a write 2022-08-21 15:15:21 +02:00
xfs_iomap.h
xfs_iops.c xfs: fix I_DONTCACHE 2022-08-21 15:15:21 +02:00
xfs_iops.h
xfs_itable.c xfs: move the fork format fields into struct xfs_ifork 2020-05-19 09:40:58 -07:00
xfs_itable.h
xfs_iwalk.c xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks 2022-06-06 08:42:41 +02:00
xfs_iwalk.h
xfs_linux.h xfs: fix fallocate functions when rtextsize is larger than 1 2020-10-21 09:05:19 -07:00
xfs_log_cil.c xfs: prevent UAF in xfs_log_item_in_current_chkpt 2022-08-03 12:00:51 +02:00
xfs_log_priv.h xfs: xfs_log_force_lsn isn't passed a LSN 2022-08-03 12:00:50 +02:00
xfs_log_recover.c mm: Add kvrealloc() 2022-08-21 15:15:21 +02:00
xfs_log.c xfs: force the log offline when log intent item recovery fails 2022-08-03 12:00:51 +02:00
xfs_log.h xfs: xfs_log_force_lsn isn't passed a LSN 2022-08-03 12:00:50 +02:00
xfs_message.c xfs: refactor ratelimited buffer error messages into helper 2020-05-07 08:27:46 -07:00
xfs_message.h treewide: Convert macro and uses of __section(foo) to __section("foo") 2020-10-25 14:51:49 -07:00
xfs_mount.c xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes 2022-08-03 12:00:51 +02:00
xfs_mount.h xfs: remove xfs_getsb 2020-09-15 20:52:39 -07:00
xfs_mru_cache.c
xfs_mru_cache.h
xfs_ondisk.h xfs: Remove typedef xfs_attr_shortform_t 2020-09-15 20:52:42 -07:00
xfs_pnfs.c xfs: fix a missing unlock on error in xfs_fs_map_blocks 2020-11-11 08:07:37 -08:00
xfs_pnfs.h
xfs_pwork.c block: remove the bd_queue field from struct block_device 2020-07-01 08:08:20 -06:00
xfs_pwork.h
xfs_qm_bhv.c xfs: rename XFS_DQ_{USER,GROUP,PROJ} to XFS_DQTYPE_* 2020-07-28 20:24:14 -07:00
xfs_qm_syscalls.c xfs: refactor default quota grace period setting code 2020-09-15 20:52:40 -07:00
xfs_qm.c xfs: fix chown leaking delalloc quota blocks when fssetxattr fails 2022-06-09 10:21:29 +02:00
xfs_qm.h xfs: refactor quota expiration timer modification 2020-09-15 20:52:40 -07:00
xfs_quota.h xfs: move the buffer retry logic to xfs_buf.c 2020-09-15 20:52:38 -07:00
xfs_quotaops.c xfs: create xfs_dqtype_t to represent quota types 2020-07-28 20:24:14 -07:00
xfs_refcount_item.c treewide: Change list_sort to use const pointers 2021-09-30 10:11:04 +02:00
xfs_refcount_item.h xfs: refactor intent item RECOVERED flag into the log item 2020-05-08 08:50:01 -07:00
xfs_reflink.c xfs: fix xfs_reflink_unshare usage of filemap_write_and_wait_range 2022-07-07 17:52:20 +02:00
xfs_reflink.h xfs: move helpers that lock and unlock two inodes against userspace IO 2020-07-06 10:46:57 -07:00
xfs_rmap_item.c treewide: Change list_sort to use const pointers 2021-09-30 10:11:04 +02:00
xfs_rmap_item.h xfs: refactor intent item RECOVERED flag into the log item 2020-05-08 08:50:01 -07:00
xfs_rtalloc.c xfs: annotate grabbing the realtime bitmap/summary locks in growfs 2020-10-13 08:41:31 -07:00
xfs_rtalloc.h
xfs_stats.c xfs: periodically relog deferred intent items 2020-10-07 08:40:28 -07:00
xfs_stats.h xfs: periodically relog deferred intent items 2020-10-07 08:40:28 -07:00
xfs_super.c xfs: fix xfs_trans slab cache name 2022-07-07 17:52:19 +02:00
xfs_super.h
xfs_symlink.c xfs: set inode size after creating symlink 2022-06-09 10:21:29 +02:00
xfs_symlink.h
xfs_sysctl.c xfs: remove deprecated sysctl options 2020-09-25 11:34:08 -07:00
xfs_sysctl.h
xfs_sysfs.c
xfs_sysfs.h xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init 2020-08-07 11:50:17 -07:00
xfs_trace.c xfs: support bulk loading of staged btrees 2020-03-18 08:12:23 -07:00
xfs_trace.h xfs: periodically relog deferred intent items 2020-10-07 08:40:28 -07:00
xfs_trans_ail.c xfs: delete duplicated words + other fixes 2020-08-05 08:49:58 -07:00
xfs_trans_buf.c xfs: simplify xfs_trans_getsb 2020-09-15 20:52:39 -07:00
xfs_trans_dquot.c xfs: fix the indent in xfs_trans_mod_dquot 2020-10-07 08:40:29 -07:00
xfs_trans_priv.h xfs: refactor adding recovered intent items to the log 2020-05-08 08:50:00 -07:00
xfs_trans.c xfs: xfs_log_force_lsn isn't passed a LSN 2022-08-03 12:00:50 +02:00
xfs_trans.h xfs: xfs_log_force_lsn isn't passed a LSN 2022-08-03 12:00:50 +02:00
xfs_xattr.c xfs: remove duplicate headers 2020-05-08 08:51:34 -07:00
xfs.h