Message ID | 20171002142930.17404-2-shrirang.bagul@canonical.com |
---|---|
State | New |
Headers | show |
Series | [T,SRU] f2fs: sanity check segment count | expand |
On 10/02/2017 04:29 PM, Shrirang Bagul wrote: > From: Jin Qian <jinqian@google.com> > > F2FS uses 4 bytes to represent block address. As a result, supported > size of disk is 16 TB and it equals to 16 * 1024 * 1024 / 2 segments. > > Signed-off-by: Jin Qian <jinqian@google.com> > Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> > > This fixes CVE-2017-10662 The CVE number needs to be at the beginning of the line in order for the tools to parse it. So the above line should be simply: CVE-2017-10662 This can be fixed when applying the patch. > > (backported from commit b9dd46188edc2f0d1f37328637860bb65a771124) > Signed-off-by: Shrirang Bagul <shrirang.bagul@canonical.com> Backport looks good. Thanks. Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> > --- > fs/f2fs/super.c | 8 ++++++++ > include/linux/f2fs_fs.h | 6 ++++++ > 2 files changed, 14 insertions(+) > > diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c > index bafff72de8e8..c878a4f40f64 100644 > --- a/fs/f2fs/super.c > +++ b/fs/f2fs/super.c > @@ -716,6 +716,14 @@ static int sanity_check_raw_super(struct super_block *sb, > f2fs_msg(sb, KERN_INFO, "Invalid log sectors per block"); > return 1; > } > + > + if (le32_to_cpu(raw_super->segment_count) > F2FS_MAX_SEGMENT) { > + f2fs_msg(sb, KERN_INFO, > + "Invalid segment count (%u)", > + le32_to_cpu(raw_super->segment_count)); > + return 1; > + } > + > return 0; > } > > diff --git a/include/linux/f2fs_fs.h b/include/linux/f2fs_fs.h > index bb942f6d5702..4c917ad84d71 100644 > --- a/include/linux/f2fs_fs.h > +++ b/include/linux/f2fs_fs.h > @@ -245,6 +245,12 @@ struct f2fs_nat_block { > #define SIT_ENTRY_PER_BLOCK (PAGE_CACHE_SIZE / sizeof(struct f2fs_sit_entry)) > > /* > + * F2FS uses 4 bytes to represent block address. As a result, supported size of > + * disk is 16 TB and it equals to 16 * 1024 * 1024 / 2 segments. > + */ > +#define F2FS_MAX_SEGMENT ((16 * 1024 * 1024) / 2) > + > +/* > * Note that f2fs_sit_entry->vblocks has the following bit-field information. > * [15:10] : allocation type such as CURSEG_XXXX_TYPE > * [9:0] : valid block count >
Applied to trusty master-next branch. CVE line fixed up. Thanks. Cascardo. Applied-to: trusty/master-next
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index bafff72de8e8..c878a4f40f64 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -716,6 +716,14 @@ static int sanity_check_raw_super(struct super_block *sb, f2fs_msg(sb, KERN_INFO, "Invalid log sectors per block"); return 1; } + + if (le32_to_cpu(raw_super->segment_count) > F2FS_MAX_SEGMENT) { + f2fs_msg(sb, KERN_INFO, + "Invalid segment count (%u)", + le32_to_cpu(raw_super->segment_count)); + return 1; + } + return 0; } diff --git a/include/linux/f2fs_fs.h b/include/linux/f2fs_fs.h index bb942f6d5702..4c917ad84d71 100644 --- a/include/linux/f2fs_fs.h +++ b/include/linux/f2fs_fs.h @@ -245,6 +245,12 @@ struct f2fs_nat_block { #define SIT_ENTRY_PER_BLOCK (PAGE_CACHE_SIZE / sizeof(struct f2fs_sit_entry)) /* + * F2FS uses 4 bytes to represent block address. As a result, supported size of + * disk is 16 TB and it equals to 16 * 1024 * 1024 / 2 segments. + */ +#define F2FS_MAX_SEGMENT ((16 * 1024 * 1024) / 2) + +/* * Note that f2fs_sit_entry->vblocks has the following bit-field information. * [15:10] : allocation type such as CURSEG_XXXX_TYPE * [9:0] : valid block count