From patchwork Fri Jul  6 21:02:58 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khalid Elmously <khalid.elmously@canonical.com>
X-Patchwork-Id: 940713
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 41MnJF6w9wz9s1b;
	Sat,  7 Jul 2018 07:03:25 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fbXst-0001Nq-TX; Fri, 06 Jul 2018 21:03:19 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <khalid.elmously@canonical.com>)
	id 1fbXss-0001NM-4t
	for kernel-team@lists.ubuntu.com; Fri, 06 Jul 2018 21:03:18 +0000
Received: from mail-io0-f199.google.com ([209.85.223.199])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <khalid.elmously@canonical.com>)
	id 1fbXsr-0003OA-Qp
	for kernel-team@lists.ubuntu.com; Fri, 06 Jul 2018 21:03:17 +0000
Received: by mail-io0-f199.google.com with SMTP id s24-v6so10639323iob.5
	for <kernel-team@lists.ubuntu.com>;
	Fri, 06 Jul 2018 14:03:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=uoxOcCYZcghkLEUHNUE2qV3M+gvKmbvwYEZOH5k54Ac=;
	b=luBlULSUQHnBExFGsbDqc9x9CrldXbe+QYOOQvcnxtgBsNJolxV9KhbAjtKvlf/JD1
	o7kkxw3bYBblQlKywGfKgpdtFxN0uSuA3yazkIDZtwGJ5pFK0GnHR9G/PP4K0nRwy2zx
	TuCZ7teDsWbW7wq3CzfcG2uM4Qlmv33mcou0YcLIuGSYtTN0w/s8dE+ZrT06a4YUmcL3
	TWK/HFmBE7JzBO9i3ZnMdOk4FX5TcajWvmGyCXexkAGgolR56BYDLSEwOO3+7R2OP7wn
	eH/KsqH1jBbefraFpnY0d5AayzPIFehOf0FRJBlzwIhwqs8TkpeRFsUClMGIF9h/uzuj
	aw2Q==
X-Gm-Message-State: APt69E2IoWHDzKWep9dNJhQYtQaFWOlKFcsi7HHKwH0VsO9pPCfjXggp
	Ko7r0uxd/6ZFdkc+udW4qEQOfdE2ccdYepj0vepS3LqNYUBVni7ECaG0w+db6wVWQGkgOEjs+uw
	SJ22crWxlVdVlIV4UHHJiftf8UtmGYIn+ZKDtlOAfQQ==
X-Received: by 2002:a24:ba1a:: with SMTP id
	p26-v6mr9449088itf.116.1530910996566;
	Fri, 06 Jul 2018 14:03:16 -0700 (PDT)
X-Google-Smtp-Source: 
 AAOMgpdDdlSsbj54nJXLbm7kwBUCWCyq1+t8uGVHjuOD2Cxyr10skR04harsWSiICrhmhPRtL6PEFg==
X-Received: by 2002:a24:ba1a:: with SMTP id
	p26-v6mr9449066itf.116.1530910996395;
	Fri, 06 Jul 2018 14:03:16 -0700 (PDT)
Received: from kbuntu.fuzzbuzz.org (198-84-180-15.cpe.teksavvy.com.
	[198.84.180.15]) by smtp.gmail.com with ESMTPSA id
	n124-v6sm4996307itg.7.2018.07.06.14.03.14
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 06 Jul 2018 14:03:14 -0700 (PDT)
From: Khalid Elmously <khalid.elmously@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][A][PATCH 1/1] ext4: always initialize the crc32c checksum
	driver
Date: Fri,  6 Jul 2018 17:02:58 -0400
Message-Id: <20180706210258.3630-3-khalid.elmously@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180706210258.3630-1-khalid.elmously@canonical.com>
References: <20180706210258.3630-1-khalid.elmously@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Theodore Ts'o <tytso@mit.edu>

CVE-2018-1094

The extended attribute code now uses the crc32c checksum for hashing
purposes, so we should just always always initialize it.  We also want
to prevent NULL pointer dereferences if one of the metadata checksum
features is enabled after the file sytsem is originally mounted.

This issue has been assigned CVE-2018-1094.

https://bugzilla.kernel.org/show_bug.cgi?id=199183
https://bugzilla.redhat.com/show_bug.cgi?id=1560788

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
(cherry-picked from a45403b51582a87872927a3e0fc0a389c26867f1)
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 fs/ext4/super.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 392bc1f88f21..24521c830617 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3518,15 +3518,12 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
 	}
 
 	/* Load the checksum driver */
-	if (ext4_has_feature_metadata_csum(sb) ||
-	    ext4_has_feature_ea_inode(sb)) {
-		sbi->s_chksum_driver = crypto_alloc_shash("crc32c", 0, 0);
-		if (IS_ERR(sbi->s_chksum_driver)) {
-			ext4_msg(sb, KERN_ERR, "Cannot load crc32c driver.");
-			ret = PTR_ERR(sbi->s_chksum_driver);
-			sbi->s_chksum_driver = NULL;
-			goto failed_mount;
-		}
+	sbi->s_chksum_driver = crypto_alloc_shash("crc32c", 0, 0);
+	if (IS_ERR(sbi->s_chksum_driver)) {
+		ext4_msg(sb, KERN_ERR, "Cannot load crc32c driver.");
+		ret = PTR_ERR(sbi->s_chksum_driver);
+		sbi->s_chksum_driver = NULL;
+		goto failed_mount;
 	}
 
 	/* Check superblock checksum */