ext4: CVE-2018-10879

ext4: make sure bitmaps and the inode table don't overlap with bg descriptors Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-10879 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=ac93c718365ac6ea9d7631641c8dec867d623491 Change-Id: I6435a39f93026ee8089ce206b4abff9c9344017f Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
author: Andreas Wellving <andreas.wellving@enea.com> 2019-05-22 10:26:04 +0200
committer: Adrian Mangeac <Adrian.Mangeac@enea.com> 2019-05-22 12:17:18 +0200
commit: a15e4daaf230378a13a150f53566a7d08bd5f778 (patch)
tree: 50dae8cea52ec52178dc9e88a72ef9b60f30b9f7
parent: 63ff8c2e047fbac09451980bec24abc70fd9afc5 (diff)
download: enea-kernel-cache-a15e4daaf230378a13a150f53566a7d08bd5f778.tar.gz
1 files changed, 86 insertions, 0 deletions
diff --git a/patches/cve/CVE-2018-10879-ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch b/patches/cve/CVE-2018-10879-ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch
new file mode 100644
index 0000000..8972242
--- /dev/null
+++ b/patches/cve/CVE-2018-10879-ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch
@@ -0,0 +1,86 @@
+From ac93c718365ac6ea9d7631641c8dec867d623491 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Wed, 13 Jun 2018 23:08:26 -0400
+Subject: [PATCH] ext4: make sure bitmaps and the inode table don't overlap
+ with bg descriptors
+commit 77260807d1170a8cf35dbb06e07461a655f67eee upstream.
+It's really bad when the allocation bitmaps and the inode table
+overlap with the block group descriptors, since it causes random
+corruption of the bg descriptors.  So we really want to head those off
+at the pass.
+https://bugzilla.kernel.org/show_bug.cgi?id=199865
+CVE: CVE-2018-10879
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=ac93c718365ac6ea9d7631641c8dec867d623491]
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Cc: stable@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ fs/ext4/super.c | 25 +++++++++++++++++++++++++
+ 1 file changed, 25 insertions(+)
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c
+index ec74d06fa24a..3559489a3a99 100644
+--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
+@@ -2301,6 +2301,7 @@ static int ext4_check_descriptors(struct super_block *sb,
+        struct ext4_sb_info *sbi = EXT4_SB(sb);
+        ext4_fsblk_t first_block = le32_to_cpu(sbi->s_es->s_first_data_block);
+        ext4_fsblk_t last_block;
+       ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0) + 1;
+        ext4_fsblk_t block_bitmap;
+        ext4_fsblk_t inode_bitmap;
+        ext4_fsblk_t inode_table;
+@@ -2333,6 +2334,14 @@ static int ext4_check_descriptors(struct super_block *sb,
+                        if (!sb_rdonly(sb))
+                                return 0;
+                }
+               if (block_bitmap >= sb_block + 1 &&
+                   block_bitmap <= last_bg_block) {
+                       ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
+                                "Block bitmap for group %u overlaps "
+                                "block group descriptors", i);
+                       if (!sb_rdonly(sb))
+                               return 0;
+               }
+                if (block_bitmap < first_block || block_bitmap > last_block) {
+                        ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
+                               "Block bitmap for group %u not in group "
+@@ -2347,6 +2356,14 @@ static int ext4_check_descriptors(struct super_block *sb,
+                        if (!sb_rdonly(sb))
+                                return 0;
+                }
+               if (inode_bitmap >= sb_block + 1 &&
+                   inode_bitmap <= last_bg_block) {
+                       ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
+                                "Inode bitmap for group %u overlaps "
+                                "block group descriptors", i);
+                       if (!sb_rdonly(sb))
+                               return 0;
+               }
+                if (inode_bitmap < first_block || inode_bitmap > last_block) {
+                        ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
+                               "Inode bitmap for group %u not in group "
+@@ -2361,6 +2378,14 @@ static int ext4_check_descriptors(struct super_block *sb,
+                        if (!sb_rdonly(sb))
+                                return 0;
+                }
+               if (inode_table >= sb_block + 1 &&
+                   inode_table <= last_bg_block) {
+                       ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
+                                "Inode table for group %u overlaps "
+                                "block group descriptors", i);
+                       if (!sb_rdonly(sb))
+                               return 0;
+               }
+                if (inode_table < first_block ||
+                    inode_table + sbi->s_itb_per_group - 1 > last_block) {
+                        ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
+-- 
+2.20.1
author	Andreas Wellving <andreas.wellving@enea.com>	2019-05-22 10:26:04 +0200
committer	Adrian Mangeac <Adrian.Mangeac@enea.com>	2019-05-22 12:17:18 +0200
commit	a15e4daaf230378a13a150f53566a7d08bd5f778 (patch)
tree	50dae8cea52ec52178dc9e88a72ef9b60f30b9f7
parent	63ff8c2e047fbac09451980bec24abc70fd9afc5 (diff)
download	enea-kernel-cache-a15e4daaf230378a13a150f53566a7d08bd5f778.tar.gz

diff --git a/patches/cve/CVE-2018-10879-ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch b/patches/cve/CVE-2018-10879-ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch new file mode 100644 index 0000000..8972242 --- /dev/null +++ b/patches/cve/CVE-2018-10879-ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch
@@ -0,0 +1,86 @@
	1	From ac93c718365ac6ea9d7631641c8dec867d623491 Mon Sep 17 00:00:00 2001
	2	From: Theodore Ts'o <tytso@mit.edu>
	3	Date: Wed, 13 Jun 2018 23:08:26 -0400
	4	Subject: [PATCH] ext4: make sure bitmaps and the inode table don't overlap
	5	with bg descriptors
	6
	7	commit 77260807d1170a8cf35dbb06e07461a655f67eee upstream.
	8
	9	It's really bad when the allocation bitmaps and the inode table
	10	overlap with the block group descriptors, since it causes random
	11	corruption of the bg descriptors. So we really want to head those off
	12	at the pass.
	13
	14	https://bugzilla.kernel.org/show_bug.cgi?id=199865
	15
	16	CVE: CVE-2018-10879
	17	Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=ac93c718365ac6ea9d7631641c8dec867d623491]
	18
	19	Signed-off-by: Theodore Ts'o <tytso@mit.edu>
	20	Cc: stable@kernel.org
	21	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	22	Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
	23	---
	24	fs/ext4/super.c \| 25 +++++++++++++++++++++++++
	25	1 file changed, 25 insertions(+)
	26
	27	diff --git a/fs/ext4/super.c b/fs/ext4/super.c
	28	index ec74d06fa24a..3559489a3a99 100644
	29	--- a/fs/ext4/super.c
	30	+++ b/fs/ext4/super.c
	31	@@ -2301,6 +2301,7 @@ static int ext4_check_descriptors(struct super_block *sb,
	32	struct ext4_sb_info *sbi = EXT4_SB(sb);
	33	ext4_fsblk_t first_block = le32_to_cpu(sbi->s_es->s_first_data_block);
	34	ext4_fsblk_t last_block;
	35	+ ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0) + 1;
	36	ext4_fsblk_t block_bitmap;
	37	ext4_fsblk_t inode_bitmap;
	38	ext4_fsblk_t inode_table;
	39	@@ -2333,6 +2334,14 @@ static int ext4_check_descriptors(struct super_block *sb,
	40	if (!sb_rdonly(sb))
	41	return 0;
	42	}
	43	+ if (block_bitmap >= sb_block + 1 &&
	44	+ block_bitmap <= last_bg_block) {
	45	+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
	46	+ "Block bitmap for group %u overlaps "
	47	+ "block group descriptors", i);
	48	+ if (!sb_rdonly(sb))
	49	+ return 0;
	50	+ }
	51	if (block_bitmap < first_block \|\| block_bitmap > last_block) {
	52	ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
	53	"Block bitmap for group %u not in group "
	54	@@ -2347,6 +2356,14 @@ static int ext4_check_descriptors(struct super_block *sb,
	55	if (!sb_rdonly(sb))
	56	return 0;
	57	}
	58	+ if (inode_bitmap >= sb_block + 1 &&
	59	+ inode_bitmap <= last_bg_block) {
	60	+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
	61	+ "Inode bitmap for group %u overlaps "
	62	+ "block group descriptors", i);
	63	+ if (!sb_rdonly(sb))
	64	+ return 0;
	65	+ }
	66	if (inode_bitmap < first_block \|\| inode_bitmap > last_block) {
	67	ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
	68	"Inode bitmap for group %u not in group "
	69	@@ -2361,6 +2378,14 @@ static int ext4_check_descriptors(struct super_block *sb,
	70	if (!sb_rdonly(sb))
	71	return 0;
	72	}
	73	+ if (inode_table >= sb_block + 1 &&
	74	+ inode_table <= last_bg_block) {
	75	+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
	76	+ "Inode table for group %u overlaps "
	77	+ "block group descriptors", i);
	78	+ if (!sb_rdonly(sb))
	79	+ return 0;
	80	+ }
	81	if (inode_table < first_block \|\|
	82	inode_table + sbi->s_itb_per_group - 1 > last_block) {
	83	ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
	84	--
	85	2.20.1
	86