github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-04 20:46:48 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
a429b76114
linux/fs/erofs
History
Gao Xiang a429b76114 erofs: fix crafted invalid cases for encoded extents 
Robert recently reported two corrupted images that can cause system
crashes, which are related to the new encoded extents introduced
in Linux 6.15:

  - The first one [1] has plen != 0 (e.g. plen == 0x2000000) but
    (plen & Z_EROFS_EXTENT_PLEN_MASK) == 0. It is used to represent
    special extents such as sparse extents (!EROFS_MAP_MAPPED), but
    previously only plen == 0 was handled;

  - The second one [2] has pa 0xffffffffffdcffed and plen 0xb4000,
    then "cur [0xfffffffffffff000] += bvec.bv_len [0x1000]" in
    "} while ((cur += bvec.bv_len) < end);" wraps around, causing an
    out-of-bound access of pcl->compressed_bvecs[] in
    z_erofs_submit_queue().  EROFS only supports 48-bit physical block
    addresses (up to 1EiB for 4k blocks), so add a sanity check to
    enforce this.

Fixes: 1d191b4ca5 ("erofs: implement encoded extent metadata")
Reported-by: Robert Morris <rtm@csail.mit.edu>
Closes: https://lore.kernel.org/r/75022.1759355830@localhost  [1]
Closes: https://lore.kernel.org/r/80524.1760131149@localhost  [2]
Reviewed-by: Hongbo Li <lihongbo22@huawei.com>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
2025-10-17 15:21:36 +08:00
..
compress.h erofs: support DEFLATE decompression by using Intel QAT 2025-05-25 15:27:40 +08:00
data.c erofs: Add support for FS_IOC_GETFSLABEL 2025-09-25 11:26:20 +08:00
decompressor_crypto.c erofs: support DEFLATE decompression by using Intel QAT 2025-05-25 15:27:40 +08:00
decompressor_deflate.c erofs: support DEFLATE decompression by using Intel QAT 2025-05-25 15:27:40 +08:00
decompressor_lzma.c erofs: move {in,out}pages into struct z_erofs_decompress_req 2025-03-17 01:22:50 +08:00
decompressor_zstd.c erofs: move {in,out}pages into struct z_erofs_decompress_req 2025-03-17 01:22:50 +08:00
decompressor.c erofs: implement metadata compression 2025-07-24 19:43:31 +08:00
dir.c erofs: Add support for FS_IOC_GETFSLABEL 2025-09-25 11:26:20 +08:00
erofs_fs.h erofs: fix long xattr name prefix placement 2025-09-12 03:37:07 +08:00
fileio.c erofs: implement metadata compression 2025-07-24 19:43:31 +08:00
fscache.c erofs: implement metadata compression 2025-07-24 19:43:31 +08:00
inode.c erofs: Add support for FS_IOC_GETFSLABEL 2025-09-25 11:26:20 +08:00
internal.h erofs: Add support for FS_IOC_GETFSLABEL 2025-09-25 11:26:20 +08:00
Kconfig erofs: Do not select tristate symbols from bool symbols 2025-08-11 06:02:20 +08:00
Makefile erofs: support DEFLATE decompression by using Intel QAT 2025-05-25 15:27:40 +08:00
namei.c erofs: get rid of erofs_kmap_type 2025-03-17 01:21:24 +08:00
super.c erofs: Add support for FS_IOC_GETFSLABEL 2025-09-25 11:26:20 +08:00
sysfs.c erofs: support to readahead dirent blocks in erofs_readdir() 2025-07-24 19:44:08 +08:00
xattr.c erofs: fix long xattr name prefix placement 2025-09-12 03:37:07 +08:00
xattr.h erofs: remove ENOATTR definition 2025-07-24 19:42:07 +08:00
zdata.c erofs: drop redundant sanity check for ztailpacking inline 2025-09-25 11:26:39 +08:00
zmap.c erofs: fix crafted invalid cases for encoded extents 2025-10-17 15:21:36 +08:00
zutil.c The various patchsets are summarized below. Plus of course many 2025-01-26 18:36:23 -08:00