22b9f99b87
Drop patch that was superseded upstream: ramips/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch Drop upstreamed patches: - apm821xx/020-0001-crypto-crypto4xx-remove-bad-list_del.patch - apm821xx/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch - ath79/0011-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch - brcm63xx/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch - brcm63xx/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch - generic/backport/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch - generic/pending/170-usb-dwc2-Fix-DMA-alignment-to-start-at-allocated-boun.patch - generic/pending/900-gen_stats-fix-netlink-stats-padding.patch In 4.14.55, a patch was introduced that breaks ext4 images in some cases. The newly introduced patch backport-4.14/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch addresses this breakage. Fixes the following CVEs: - CVE-2018-10876 - CVE-2018-10877 - CVE-2018-10879 - CVE-2018-10880 - CVE-2018-10881 - CVE-2018-10882 - CVE-2018-10883 Compile-tested: ath79, octeon, x86/64 Runtime-tested: ath79, octeon, x86/64 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
65 lines
2.3 KiB
Diff
65 lines
2.3 KiB
Diff
From 5012284700775a4e6e3fbe7eac4c543c4874b559 Mon Sep 17 00:00:00 2001
|
|
From: Theodore Ts'o <tytso@mit.edu>
|
|
Date: Sat, 28 Jul 2018 08:12:04 -0400
|
|
Subject: [PATCH] ext4: fix check to prevent initializing reserved inodes
|
|
|
|
Commit 8844618d8aa7: "ext4: only look at the bg_flags field if it is
|
|
valid" will complain if block group zero does not have the
|
|
EXT4_BG_INODE_ZEROED flag set. Unfortunately, this is not correct,
|
|
since a freshly created file system has this flag cleared. It gets
|
|
almost immediately after the file system is mounted read-write --- but
|
|
the following somewhat unlikely sequence will end up triggering a
|
|
false positive report of a corrupted file system:
|
|
|
|
mkfs.ext4 /dev/vdc
|
|
mount -o ro /dev/vdc /vdc
|
|
mount -o remount,rw /dev/vdc
|
|
|
|
Instead, when initializing the inode table for block group zero, test
|
|
to make sure that itable_unused count is not too large, since that is
|
|
the case that will result in some or all of the reserved inodes
|
|
getting cleared.
|
|
|
|
This fixes the failures reported by Eric Whiteney when running
|
|
generic/230 and generic/231 in the the nojournal test case.
|
|
|
|
Fixes: 8844618d8aa7 ("ext4: only look at the bg_flags field if it is valid")
|
|
Reported-by: Eric Whitney <enwlinux@gmail.com>
|
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
---
|
|
fs/ext4/ialloc.c | 5 ++++-
|
|
fs/ext4/super.c | 8 +-------
|
|
2 files changed, 5 insertions(+), 8 deletions(-)
|
|
|
|
--- a/fs/ext4/ialloc.c
|
|
+++ b/fs/ext4/ialloc.c
|
|
@@ -1394,7 +1394,10 @@ int ext4_init_inode_table(struct super_b
|
|
ext4_itable_unused_count(sb, gdp)),
|
|
sbi->s_inodes_per_block);
|
|
|
|
- if ((used_blks < 0) || (used_blks > sbi->s_itb_per_group)) {
|
|
+ if ((used_blks < 0) || (used_blks > sbi->s_itb_per_group) ||
|
|
+ ((group == 0) && ((EXT4_INODES_PER_GROUP(sb) -
|
|
+ ext4_itable_unused_count(sb, gdp)) <
|
|
+ EXT4_FIRST_INO(sb)))) {
|
|
ext4_error(sb, "Something is wrong with group %u: "
|
|
"used itable blocks: %d; "
|
|
"itable unused count: %u",
|
|
--- a/fs/ext4/super.c
|
|
+++ b/fs/ext4/super.c
|
|
@@ -3103,14 +3103,8 @@ static ext4_group_t ext4_has_uninit_itab
|
|
if (!gdp)
|
|
continue;
|
|
|
|
- if (gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED))
|
|
- continue;
|
|
- if (group != 0)
|
|
+ if (!(gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED)))
|
|
break;
|
|
- ext4_error(sb, "Inode table for bg 0 marked as "
|
|
- "needing zeroing");
|
|
- if (sb_rdonly(sb))
|
|
- return ngroups;
|
|
}
|
|
|
|
return group;
|