[PATCH for-4.19] erofs: fix extended inode could cross boundary

Greg Kroah-Hartman gregkh at linuxfoundation.org
Mon Apr 26 18:39:44 AEST 2021


On Mon, Apr 26, 2021 at 04:29:33PM +0800, Gao Xiang wrote:
> commit 0dcd3c94e02438f4a571690e26f4ee997524102a upstream.
> 
> Each ondisk inode should be aligned with inode slot boundary
> (32-byte alignment) because of nid calculation formula, so all
> compact inodes (32 byte) cannot across page boundary. However,
> extended inode is now 64-byte form, which can across page boundary
> in principle if the location is specified on purpose, although
> it's hard to be generated by mkfs due to the allocation policy
> and rarely used by Android use case now mainly for > 4GiB files.
> 
> For now, only two fields `i_ctime_nsec` and `i_nlink' couldn't
> be read from disk properly and cause out-of-bound memory read
> with random value.
> 
> Let's fix now.
> 
> Fixes: 431339ba9042 ("staging: erofs: add inode operations")
> Cc: <stable at vger.kernel.org> # 4.19+
> Link: https://lore.kernel.org/r/20200729175801.GA23973@xiangao.remote.csb
> Reviewed-by: Chao Yu <yuchao0 at huawei.com>
> [ Gao Xiang: resolve non-trivial conflicts for latest 4.19.y. ]
> Signed-off-by: Gao Xiang <hsiangkao at redhat.com>
> ---
>  drivers/staging/erofs/inode.c | 135 ++++++++++++++++++++++------------
>  1 file changed, 90 insertions(+), 45 deletions(-)

Thanks for the backport, I'll queue it up after this latest round of
stable kernels is released later this week.

greg k-h


More information about the Linux-erofs mailing list