[PATCH for-4.19] erofs: fix extended inode could cross boundary
Gao Xiang
hsiangkao at redhat.com
Mon Apr 26 18:43:07 AEST 2021
On Mon, Apr 26, 2021 at 10:39:44AM +0200, Greg Kroah-Hartman wrote:
> On Mon, Apr 26, 2021 at 04:29:33PM +0800, Gao Xiang wrote:
> > commit 0dcd3c94e02438f4a571690e26f4ee997524102a upstream.
> >
> > Each ondisk inode should be aligned with inode slot boundary
> > (32-byte alignment) because of nid calculation formula, so all
> > compact inodes (32 byte) cannot across page boundary. However,
> > extended inode is now 64-byte form, which can across page boundary
> > in principle if the location is specified on purpose, although
> > it's hard to be generated by mkfs due to the allocation policy
> > and rarely used by Android use case now mainly for > 4GiB files.
> >
> > For now, only two fields `i_ctime_nsec` and `i_nlink' couldn't
> > be read from disk properly and cause out-of-bound memory read
> > with random value.
> >
> > Let's fix now.
> >
> > Fixes: 431339ba9042 ("staging: erofs: add inode operations")
> > Cc: <stable at vger.kernel.org> # 4.19+
> > Link: https://lore.kernel.org/r/20200729175801.GA23973@xiangao.remote.csb
> > Reviewed-by: Chao Yu <yuchao0 at huawei.com>
> > [ Gao Xiang: resolve non-trivial conflicts for latest 4.19.y. ]
> > Signed-off-by: Gao Xiang <hsiangkao at redhat.com>
> > ---
> > drivers/staging/erofs/inode.c | 135 ++++++++++++++++++++++------------
> > 1 file changed, 90 insertions(+), 45 deletions(-)
>
> Thanks for the backport, I'll queue it up after this latest round of
> stable kernels is released later this week.
Thanks Greg, sorry about the delay.
Sounds good to me.
Thanks,
Gao Xiang
>
> greg k-h
>
More information about the Linux-erofs
mailing list