leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mainlining shenanigans
1,119,839 Commits 2 Branches 0 Tags 5.1 GiB
C 97.7%
Assembly 1.1%
Shell 0.4%
Makefile 0.3%
Python 0.2%
Other 0.1%
e2ebff9c57
Go to file
David Howells e2ebff9c57 vfs: Check the truncate maximum size in inode_newsize_ok() 
If something manages to set the maximum file size to MAX_OFFSET+1, this
can cause the xfs and ext4 filesystems at least to become corrupt.

Ordinarily, the kernel protects against userspace trying this by
checking the value early in the truncate() and ftruncate() system calls
calls - but there are at least two places that this check is bypassed:

 (1) Cachefiles will round up the EOF of the backing file to DIO block
     size so as to allow DIO on the final block - but this might push
     the offset negative. It then calls notify_change(), but this
     inadvertently bypasses the checking. This can be triggered if
     someone puts an 8EiB-1 file on a server for someone else to try and
     access by, say, nfs.

 (2) ksmbd doesn't check the value it is given in set_end_of_file_info()
     and then calls vfs_truncate() directly - which also bypasses the
     check.

In both cases, it is potentially possible for a network filesystem to
cause a disk filesystem to be corrupted: cachefiles in the client's
cache filesystem; ksmbd in the server's filesystem.

nfsd is okay as it checks the value, but we can then remove this check
too.

Fix this by adding a check to inode_newsize_ok(), as called from
setattr_prepare(), thereby catching the issue as filesystems set up to
perform the truncate with minimal opportunity for bypassing the new
check.

Fixes: 1f08c925e7 ("cachefiles: Implement backing file wrangling")
Fixes: f441584858 ("cifsd: add file operations")
Signed-off-by: David Howells <dhowells@redhat.com>
Reported-by: Jeff Layton <jlayton@kernel.org>
Tested-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Namjae Jeon <linkinjeon@kernel.org>
Cc: stable@kernel.org
Acked-by: Alexander Viro <viro@zeniv.linux.org.uk>
cc: Steve French <sfrench@samba.org>
cc: Hyunchul Lee <hyc.lee@gmail.com>
cc: Chuck Lever <chuck.lever@oracle.com>
cc: Dave Wysochanski <dwysocha@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-08-08 10:39:29 -07:00
arch Bitmap patches for v6.0-rc1 2022-08-07 17:52:35 -07:00
block for-5.20/block-2022-08-04 2022-08-04 20:00:14 -07:00
certs certs: make system keyring depend on x509 parser 2022-07-24 12:53:55 -07:00
crypto tpmdd updates for Linux v5.20 2022-08-06 09:43:02 -07:00
Documentation - mtk: use rx_callback instead of cmdq_task_cb. 2022-08-08 10:19:40 -07:00
drivers hwspinlock updates for v5.20 2022-08-08 10:27:51 -07:00
fs vfs: Check the truncate maximum size in inode_newsize_ok() 2022-08-08 10:39:29 -07:00
include - mtk: use rx_callback instead of cmdq_task_cb. 2022-08-08 10:19:40 -07:00
init Updates to various subsystems which I help look after. lib, ocfs2, 2022-08-07 10:03:24 -07:00
io_uring iov_iter work, part 1 - isolated cleanups and optimizations. 2022-08-03 13:50:22 -07:00
ipc Updates to various subsystems which I help look after. lib, ocfs2, 2022-08-07 10:03:24 -07:00
kernel Updates to various subsystems which I help look after. lib, ocfs2, 2022-08-07 10:03:24 -07:00
lib Bitmap patches for v6.0-rc1 2022-08-07 17:52:35 -07:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
net 9p-for-5.20 2022-08-06 14:48:54 -07:00
samples Tracing updates for 5.20 / 6.0 2022-08-05 09:41:12 -07:00
scripts Coccinelle semantic patch changes 2022-08-08 09:42:04 -07:00
security linux-kselftest-kunit-5.20-rc1 2022-08-02 19:34:45 -07:00
sound sound updates for 6.0-rc1 2022-08-06 10:19:51 -07:00
tools Bitmap patches for v6.0-rc1 2022-08-07 17:52:35 -07:00
usr Not a lot of material this cycle. Many singleton patches against various 2022-05-27 11:22:03 -07:00
virt Merge remote-tracking branch 'kvm/next' into kvm-next-5.20 2022-08-01 03:21:00 -04:00
.clang-format clang-format: Fix space after for_each macros 2022-05-20 19:27:16 +02:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: split the second line of *.mod into *.usyms 2022-05-08 03:16:59 +09:00
.mailmap Updates to various subsystems which I help look after. lib, ocfs2, 2022-08-07 10:03:24 -07:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS drm for 5.20/6.0 2022-08-03 19:52:08 -07:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Bitmap patches for v6.0-rc1 2022-08-07 17:52:35 -07:00
Makefile linux-kselftest-next-5.20-rc1 2022-08-02 19:44:56 -07:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.