leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c9eb13a910
linux/fs/ext4
History
Theodore Ts'o c9eb13a910 ext4: fix hang when processing corrupted orphaned inode list 
If the orphaned inode list contains inode #5, ext4_iget() returns a
bad inode (since the bootloader inode should never be referenced
directly).  Because of the bad inode, we end up processing the inode
repeatedly and this hangs the machine.

This can be reproduced via:

   mke2fs -t ext4 /tmp/foo.img 100
   debugfs -w -R "ssv last_orphan 5" /tmp/foo.img
   mount -o loop /tmp/foo.img /mnt

(But don't do this if you are using an unpatched kernel if you care
about the system staying functional.  :-)

This bug was found by the port of American Fuzzy Lop into the kernel
to find file system problems[1].  (Since it *only* happens if inode #5
shows up on the orphan list --- 3, 7, 8, etc. won't do it, it's not
surprising that AFL needed two hours before it found it.)

[1] http://events.linuxfoundation.org/sites/events/files/slides/AFL%20filesystem%20fuzzing%2C%20Vault%202016_0.pdf

Cc: stable@vger.kernel.org
Reported by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-04-30 00:48:54 -04:00
..
acl.c ext4: remove unused header files 2015-04-02 23:47:42 -04:00
acl.h ext2/3/4: use generic posix ACL infrastructure 2014-01-25 23:58:19 -05:00
balloc.c ext4: fix scheduling in atomic on group checksum failure 2016-02-11 23:15:12 -05:00
bitmap.c ext4: remove unused header files 2015-04-02 23:47:42 -04:00
block_validity.c ext4: call out CRC and corruption errors with specific error codes 2015-10-17 16:16:04 -04:00
crypto_fname.c ext4: Use skcipher 2016-01-27 20:35:55 +08:00
crypto_key.c ext4: Use skcipher 2016-01-27 20:35:55 +08:00
crypto_policy.c ext4 crypto: replace some BUG_ON()'s with error checks 2015-10-03 10:49:27 -04:00
crypto.c ext4/fscrypto: avoid RCU lookup in d_revalidate 2016-04-12 20:01:35 -07:00
dir.c ext4: allow readdir()'s of large empty directories to be interrupted 2016-04-23 22:50:07 -04:00
ext4_crypto.h ext4: Use skcipher 2016-01-27 20:35:55 +08:00
ext4_extents.h ext4: fix misspellings in comments. 2016-03-09 23:49:05 -05:00
ext4_jbd2.c ext4: fix potential use after free in __ext4_journal_stop 2015-10-17 22:57:06 -04:00
ext4_jbd2.h ext4: do not ask jbd2 to write data for delalloc buffers 2016-04-24 00:56:08 -04:00
ext4.h ext4: fix races between changing inode journal mode and ext4_writepages 2016-04-25 23:22:35 -04:00
extents_status.c ext4: remove trailing \n from ext4_warning/ext4_error calls 2016-04-27 01:11:21 -04:00
extents_status.h ext4: move procfs registration code to fs/ext4/sysfs.c 2015-09-23 12:46:17 -04:00
extents.c ext4: remove trailing \n from ext4_warning/ext4_error calls 2016-04-27 01:11:21 -04:00
file.c ext4: remove trailing \n from ext4_warning/ext4_error calls 2016-04-27 01:11:21 -04:00
fsync.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
hash.c ext4: remove unused header files 2015-04-02 23:47:42 -04:00
ialloc.c ext4: fix hang when processing corrupted orphaned inode list 2016-04-30 00:48:54 -04:00
indirect.c ext4: return hole from ext4_map_blocks() 2016-03-09 22:54:00 -05:00
inline.c ext4: remove trailing \n from ext4_warning/ext4_error calls 2016-04-27 01:11:21 -04:00
inode.c ext4: fix races between changing inode journal mode and ext4_writepages 2016-04-25 23:22:35 -04:00
ioctl.c ext4: online defrag not supported with DAX 2016-02-27 10:28:52 -08:00
Kconfig ext4: Update EXT4_USE_FOR_EXT2 description 2015-09-24 13:27:47 +02:00
Makefile ext4: move sysfs code from super.c to fs/ext4/sysfs.c 2015-09-23 12:44:17 -04:00
mballoc.c ext4: remove trailing \n from ext4_warning/ext4_error calls 2016-04-27 01:11:21 -04:00
mballoc.h ext4: fix compile error while opening the macro DOUBLE_CHECK 2016-03-13 17:18:12 -04:00
migrate.c ext4: fix misspellings in comments. 2016-03-09 23:49:05 -05:00
mmp.c ext4: remove trailing \n from ext4_warning/ext4_error calls 2016-04-27 01:11:21 -04:00
move_extent.c ext4: do not ask jbd2 to write data for delalloc buffers 2016-04-24 00:56:08 -04:00
namei.c ext4: remove trailing \n from ext4_warning/ext4_error calls 2016-04-27 01:11:21 -04:00
page-io.c These changes contains a fix for overlayfs interacting with some 2016-04-07 17:22:20 -07:00
readpage.c These changes contains a fix for overlayfs interacting with some 2016-04-07 17:22:20 -07:00
resize.c ext4: remove trailing \n from ext4_warning/ext4_error calls 2016-04-27 01:11:21 -04:00
super.c ext4: fix races between changing inode journal mode and ext4_writepages 2016-04-25 23:22:35 -04:00
symlink.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
sysfs.c ext4: add "static" to ext4_seq_##name##_fops struct 2015-11-26 15:52:24 -05:00
truncate.h ext4: fix races between page faults and hole punching 2015-12-07 14:28:03 -05:00
xattr_security.c xattr handlers: Simplify list operation 2015-12-13 19:46:12 -05:00
xattr_trusted.c xattr handlers: Simplify list operation 2015-12-13 19:46:12 -05:00
xattr_user.c xattr handlers: Simplify list operation 2015-12-13 19:46:12 -05:00
xattr.c ext4: check if in-inode xattr is corrupted in ext4_expand_extra_isize_ea() 2016-03-22 16:13:15 -04:00
xattr.h mbcache2: rename to mbcache 2016-02-22 22:35:22 -05:00