squashfs: add more sanity checks in xattr id lookup (506220d2) · Commits · Mirrors / git.yoctoproject.org / linux-yocto

Commit 506220d2 authored Feb 09, 2021 by

Phillip Lougher Committed by Linus Torvalds Feb 09, 2021

squashfs: add more sanity checks in xattr id lookup

Sysbot has reported a warning where a kmalloc() attempt exceeds the
maximum limit.  This has been identified as corruption of the xattr_ids
count when reading the xattr id lookup table.

This patch adds a number of additional sanity checks to detect this
corruption and others.

1. It checks for a corrupted xattr index read from the inode.  This could
   be because the metadata block is uncompressed, or because the
   "compression" bit has been corrupted (turning a compressed block
   into an uncompressed block).  This would cause an out of bounds read.

2. It checks against corruption of the xattr_ids count.  This can either
   lead to the above kmalloc failure, or a smaller than expected
   table to be read.

3. It checks the contents of the index table for corruption.

[phillip@squashfs.org.uk: fix checkpatch issue]
  Link: https://lkml.kernel.org/r/270245655.754655.1612770082682@webmail.123-reg.co.uk

Link: https://lkml.kernel.org/r/20210204130249.4495-5-phillip@squashfs.org.uk


Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reported-by:  <syzbot+2ccea6339d368360800d@syzkaller.appspotmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent eabac19e

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 5c4d4a83
· Feb 19, 2023

mentioned in commit 5c4d4a83

mentioned in commit 5c4d4a83bf1a862d80c1efff1c6e3ce33b501e2e

Toggle commit list
mirror @mirror
mentioned in commit 997bed0f
· Feb 19, 2023

mentioned in commit 997bed0f

mentioned in commit 997bed0f3cde78a3e639d624985bf4a95cf767e6

Toggle commit list

Please register or to comment