1 files changed, 86 insertions, 0 deletions
diff --git a/patches/cve/CVE-2018-10879-ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch b/patches/cve/CVE-2018-10879-ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch
new file mode 100644
index 0000000..8972242
--- /dev/null
+++ b/patches/cve/CVE-2018-10879-ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch
@@ -0,0 +1,86 @@
+From ac93c718365ac6ea9d7631641c8dec867d623491 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Wed, 13 Jun 2018 23:08:26 -0400
+Subject: [PATCH] ext4: make sure bitmaps and the inode table don't overlap
+ with bg descriptors
+commit 77260807d1170a8cf35dbb06e07461a655f67eee upstream.
+It's really bad when the allocation bitmaps and the inode table
+overlap with the block group descriptors, since it causes random
+corruption of the bg descriptors.  So we really want to head those off
+at the pass.
+https://bugzilla.kernel.org/show_bug.cgi?id=199865
+CVE: CVE-2018-10879
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=ac93c718365ac6ea9d7631641c8dec867d623491]
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Cc: stable@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ fs/ext4/super.c | 25 +++++++++++++++++++++++++
+ 1 file changed, 25 insertions(+)
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c
+index ec74d06fa24a..3559489a3a99 100644
+--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
+@@ -2301,6 +2301,7 @@ static int ext4_check_descriptors(struct super_block *sb,
+        struct ext4_sb_info *sbi = EXT4_SB(sb);
+        ext4_fsblk_t first_block = le32_to_cpu(sbi->s_es->s_first_data_block);
+        ext4_fsblk_t last_block;
+       ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0) + 1;
+        ext4_fsblk_t block_bitmap;
+        ext4_fsblk_t inode_bitmap;
+        ext4_fsblk_t inode_table;
+@@ -2333,6 +2334,14 @@ static int ext4_check_descriptors(struct super_block *sb,
+                        if (!sb_rdonly(sb))
+                                return 0;
+                }
+               if (block_bitmap >= sb_block + 1 &&
+                   block_bitmap <= last_bg_block) {
+                       ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
+                                "Block bitmap for group %u overlaps "
+                                "block group descriptors", i);
+                       if (!sb_rdonly(sb))
+                               return 0;
+               }
+                if (block_bitmap < first_block || block_bitmap > last_block) {
+                        ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
+                               "Block bitmap for group %u not in group "
+@@ -2347,6 +2356,14 @@ static int ext4_check_descriptors(struct super_block *sb,
+                        if (!sb_rdonly(sb))
+                                return 0;
+                }
+               if (inode_bitmap >= sb_block + 1 &&
+                   inode_bitmap <= last_bg_block) {
+                       ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
+                                "Inode bitmap for group %u overlaps "
+                                "block group descriptors", i);
+                       if (!sb_rdonly(sb))
+                               return 0;
+               }
+                if (inode_bitmap < first_block || inode_bitmap > last_block) {
+                        ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
+                               "Inode bitmap for group %u not in group "
+@@ -2361,6 +2378,14 @@ static int ext4_check_descriptors(struct super_block *sb,
+                        if (!sb_rdonly(sb))
+                                return 0;
+                }
+               if (inode_table >= sb_block + 1 &&
+                   inode_table <= last_bg_block) {
+                       ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
+                                "Inode table for group %u overlaps "
+                                "block group descriptors", i);
+                       if (!sb_rdonly(sb))
+                               return 0;
+               }
+                if (inode_table < first_block ||
+                    inode_table + sbi->s_itb_per_group - 1 > last_block) {
+                        ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
+-- 
+2.20.1

diff --git a/patches/cve/CVE-2018-10879-ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch b/patches/cve/CVE-2018-10879-ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch new file mode 100644 index 0000000..8972242 --- /dev/null +++ b/patches/cve/CVE-2018-10879-ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch
@@ -0,0 +1,86 @@
	1	From ac93c718365ac6ea9d7631641c8dec867d623491 Mon Sep 17 00:00:00 2001
	2	From: Theodore Ts'o <tytso@mit.edu>
	3	Date: Wed, 13 Jun 2018 23:08:26 -0400
	4	Subject: [PATCH] ext4: make sure bitmaps and the inode table don't overlap
	5	with bg descriptors
	6
	7	commit 77260807d1170a8cf35dbb06e07461a655f67eee upstream.
	8
	9	It's really bad when the allocation bitmaps and the inode table
	10	overlap with the block group descriptors, since it causes random
	11	corruption of the bg descriptors. So we really want to head those off
	12	at the pass.
	13
	14	https://bugzilla.kernel.org/show_bug.cgi?id=199865
	15
	16	CVE: CVE-2018-10879
	17	Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=ac93c718365ac6ea9d7631641c8dec867d623491]
	18
	19	Signed-off-by: Theodore Ts'o <tytso@mit.edu>
	20	Cc: stable@kernel.org
	21	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	22	Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
	23	---
	24	fs/ext4/super.c \| 25 +++++++++++++++++++++++++
	25	1 file changed, 25 insertions(+)
	26
	27	diff --git a/fs/ext4/super.c b/fs/ext4/super.c
	28	index ec74d06fa24a..3559489a3a99 100644
	29	--- a/fs/ext4/super.c
	30	+++ b/fs/ext4/super.c
	31	@@ -2301,6 +2301,7 @@ static int ext4_check_descriptors(struct super_block *sb,
	32	struct ext4_sb_info *sbi = EXT4_SB(sb);
	33	ext4_fsblk_t first_block = le32_to_cpu(sbi->s_es->s_first_data_block);
	34	ext4_fsblk_t last_block;
	35	+ ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0) + 1;
	36	ext4_fsblk_t block_bitmap;
	37	ext4_fsblk_t inode_bitmap;
	38	ext4_fsblk_t inode_table;
	39	@@ -2333,6 +2334,14 @@ static int ext4_check_descriptors(struct super_block *sb,
	40	if (!sb_rdonly(sb))
	41	return 0;
	42	}
	43	+ if (block_bitmap >= sb_block + 1 &&
	44	+ block_bitmap <= last_bg_block) {
	45	+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
	46	+ "Block bitmap for group %u overlaps "
	47	+ "block group descriptors", i);
	48	+ if (!sb_rdonly(sb))
	49	+ return 0;
	50	+ }
	51	if (block_bitmap < first_block \|\| block_bitmap > last_block) {
	52	ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
	53	"Block bitmap for group %u not in group "
	54	@@ -2347,6 +2356,14 @@ static int ext4_check_descriptors(struct super_block *sb,
	55	if (!sb_rdonly(sb))
	56	return 0;
	57	}
	58	+ if (inode_bitmap >= sb_block + 1 &&
	59	+ inode_bitmap <= last_bg_block) {
	60	+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
	61	+ "Inode bitmap for group %u overlaps "
	62	+ "block group descriptors", i);
	63	+ if (!sb_rdonly(sb))
	64	+ return 0;
	65	+ }
	66	if (inode_bitmap < first_block \|\| inode_bitmap > last_block) {
	67	ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
	68	"Inode bitmap for group %u not in group "
	69	@@ -2361,6 +2378,14 @@ static int ext4_check_descriptors(struct super_block *sb,
	70	if (!sb_rdonly(sb))
	71	return 0;
	72	}
	73	+ if (inode_table >= sb_block + 1 &&
	74	+ inode_table <= last_bg_block) {
	75	+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
	76	+ "Inode table for group %u overlaps "
	77	+ "block group descriptors", i);
	78	+ if (!sb_rdonly(sb))
	79	+ return 0;
	80	+ }
	81	if (inode_table < first_block \|\|
	82	inode_table + sbi->s_itb_per_group - 1 > last_block) {
	83	ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
	84	--
	85	2.20.1
	86