| Message ID | cover.1633025011.git.luke.nowakowskikrijger@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2019-19449 | expand |
On 30.09.21 20:28, Luke Nowakowski-Krijger wrote: > [Impact] > Mounting a crafted f2fs file system with a segment count in a section > that is less than segs_per_sec causes out-of-boundary memory access > during fs initalization. > > [Backports] > Changed f2fs_info to f2fs_msg due to the fact that the f2fs_info > infastructure is not present and would require backporting many patches > to implement. > > [Test case] > Reproduced bug with syzbot reproducer > (https://syzkaller.appspot.com/x/repro.c?x=102fbac5900000) > with slight modification to target a valid loop device. > Confirmed that after the patches were applied the fs reports that there > are malformed segments/sections and mounting the file system fails, > which stops the initialization from continuing and preventing the > out-of-boundary memory access. > > [Potential regression] > The patches add checks that are a superset of the previous checks, which > might cause some filesystems that succeeded in mounting to now fail. > > Luke Nowakowski-Krijger (1): > f2fs: fix to do sanity check on segment/section count > > Wang Xiaojun (1): > f2fs: fix wrong total_sections check and fsmeta check > > fs/f2fs/segment.h | 1 + > fs/f2fs/super.c | 15 +++++++++++---- > 2 files changed, 12 insertions(+), 4 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 2021-09-30 11:28:45 , Luke Nowakowski-Krijger wrote: > [Impact] > Mounting a crafted f2fs file system with a segment count in a section > that is less than segs_per_sec causes out-of-boundary memory access > during fs initalization. > > [Backports] > Changed f2fs_info to f2fs_msg due to the fact that the f2fs_info > infastructure is not present and would require backporting many patches > to implement. > > [Test case] > Reproduced bug with syzbot reproducer > (https://syzkaller.appspot.com/x/repro.c?x=102fbac5900000) > with slight modification to target a valid loop device. > Confirmed that after the patches were applied the fs reports that there > are malformed segments/sections and mounting the file system fails, > which stops the initialization from continuing and preventing the > out-of-boundary memory access. > > [Potential regression] > The patches add checks that are a superset of the previous checks, which > might cause some filesystems that succeeded in mounting to now fail. > > Luke Nowakowski-Krijger (1): > f2fs: fix to do sanity check on segment/section count > > Wang Xiaojun (1): > f2fs: fix wrong total_sections check and fsmeta check > > fs/f2fs/segment.h | 1 + > fs/f2fs/super.c | 15 +++++++++++---- > 2 files changed, 12 insertions(+), 4 deletions(-) > > -- > 2.30.2 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team