mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-18 02:47:17 -05:00
49 lines
2.0 KiB
Diff
49 lines
2.0 KiB
Diff
From 016a3592cc34fa349235b5a8b48af5cece2cbfeb Mon Sep 17 00:00:00 2001
|
|
From: Theodore Ts'o <tytso@mit.edu>
|
|
Date: Thu, 27 Dec 2012 01:42:50 -0500
|
|
Subject: [PATCH] ext4: avoid hang when mounting non-journal filesystems with
|
|
orphan list
|
|
|
|
commit 0e9a9a1ad619e7e987815d20262d36a2f95717ca upstream.
|
|
|
|
When trying to mount a file system which does not contain a journal,
|
|
but which does have a orphan list containing an inode which needs to
|
|
be truncated, the mount call with hang forever in
|
|
ext4_orphan_cleanup() because ext4_orphan_del() will return
|
|
immediately without removing the inode from the orphan list, leading
|
|
to an uninterruptible loop in kernel code which will busy out one of
|
|
the CPU's on the system.
|
|
|
|
This can be trivially reproduced by trying to mount the file system
|
|
found in tests/f_orphan_extents_inode/image.gz from the e2fsprogs
|
|
source tree. If a malicious user were to put this on a USB stick, and
|
|
mount it on a Linux desktop which has automatic mounts enabled, this
|
|
could be considered a potential denial of service attack. (Not a big
|
|
deal in practice, but professional paranoids worry about such things,
|
|
and have even been known to allocate CVE numbers for such problems.)
|
|
|
|
-js: This is a fix for CVE-2013-2015.
|
|
|
|
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
|
|
Reviewed-by: Zheng Liu <wenqing.lz@taobao.com>
|
|
Acked-by: Jan Kara <jack@suse.cz>
|
|
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
---
|
|
fs/ext4/namei.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
|
|
index 9fb3fae4898a..54ad9a54cd89 100644
|
|
--- a/fs/ext4/namei.c
|
|
+++ b/fs/ext4/namei.c
|
|
@@ -2054,7 +2054,8 @@ int ext4_orphan_del(handle_t *handle, struct inode *inode)
|
|
int err = 0;
|
|
|
|
/* ext4_handle_valid() assumes a valid handle_t pointer */
|
|
- if (handle && !ext4_handle_valid(handle))
|
|
+ if (handle && !ext4_handle_valid(handle) &&
|
|
+ !(EXT4_SB(inode->i_sb)->s_mount_state & EXT4_ORPHAN_FS))
|
|
return 0;
|
|
|
|
mutex_lock(&EXT4_SB(inode->i_sb)->s_orphan_lock);
|