[PATCH 4.19 067/105] ext4: protect journal inodes blocks using block_validity

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Theodore Tso <tytso@mit.edu>,
	stable@kernel.org
Subject: [PATCH 4.19 067/105] ext4: protect journal inodes blocks using block_validity
Date: Mon, 20 May 2019 14:14:13 +0200	[thread overview]
Message-ID: <20190520115251.802050920@linuxfoundation.org> (raw)
In-Reply-To: <20190520115247.060821231@linuxfoundation.org>

From: Theodore Ts'o <tytso@mit.edu>

commit 345c0dbf3a30872d9b204db96b5857cd00808cae upstream.

Add the blocks which belong to the journal inode to block_validity's
system zone so attempts to deallocate or overwrite the journal due a
corrupted file system where the journal blocks are also claimed by
another inode.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202879
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext4/block_validity.c |   48 +++++++++++++++++++++++++++++++++++++++++++++++
 fs/ext4/inode.c          |    4 +++
 2 files changed, 52 insertions(+)

--- a/fs/ext4/block_validity.c
+++ b/fs/ext4/block_validity.c
@@ -137,6 +137,48 @@ static void debug_print_tree(struct ext4
 	printk(KERN_CONT "\n");
 }
 
+static int ext4_protect_reserved_inode(struct super_block *sb, u32 ino)
+{
+	struct inode *inode;
+	struct ext4_sb_info *sbi = EXT4_SB(sb);
+	struct ext4_map_blocks map;
+	u32 i = 0, err = 0, num, n;
+
+	if ((ino < EXT4_ROOT_INO) ||
+	    (ino > le32_to_cpu(sbi->s_es->s_inodes_count)))
+		return -EINVAL;
+	inode = ext4_iget(sb, ino, EXT4_IGET_SPECIAL);
+	if (IS_ERR(inode))
+		return PTR_ERR(inode);
+	num = (inode->i_size + sb->s_blocksize - 1) >> sb->s_blocksize_bits;
+	while (i < num) {
+		map.m_lblk = i;
+		map.m_len = num - i;
+		n = ext4_map_blocks(NULL, inode, &map, 0);
+		if (n < 0) {
+			err = n;
+			break;
+		}
+		if (n == 0) {
+			i++;
+		} else {
+			if (!ext4_data_block_valid(sbi, map.m_pblk, n)) {
+				ext4_error(sb, "blocks %llu-%llu from inode %u "
+					   "overlap system zone", map.m_pblk,
+					   map.m_pblk + map.m_len - 1, ino);
+				err = -EFSCORRUPTED;
+				break;
+			}
+			err = add_system_zone(sbi, map.m_pblk, n);
+			if (err < 0)
+				break;
+			i += n;
+		}
+	}
+	iput(inode);
+	return err;
+}
+
 int ext4_setup_system_zone(struct super_block *sb)
 {
 	ext4_group_t ngroups = ext4_get_groups_count(sb);
@@ -171,6 +213,12 @@ int ext4_setup_system_zone(struct super_
 		if (ret)
 			return ret;
 	}
+	if (ext4_has_feature_journal(sb) && sbi->s_es->s_journal_inum) {
+		ret = ext4_protect_reserved_inode(sb,
+				le32_to_cpu(sbi->s_es->s_journal_inum));
+		if (ret)
+			return ret;
+	}
 
 	if (test_opt(sb, DEBUG))
 		debug_print_tree(sbi);
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -399,6 +399,10 @@ static int __check_block_validity(struct
 				unsigned int line,
 				struct ext4_map_blocks *map)
 {
+	if (ext4_has_feature_journal(inode->i_sb) &&
+	    (inode->i_ino ==
+	     le32_to_cpu(EXT4_SB(inode->i_sb)->s_es->s_journal_inum)))
+		return 0;
 	if (!ext4_data_block_valid(EXT4_SB(inode->i_sb), map->m_pblk,
 				   map->m_len)) {
 		ext4_error_inode(inode, func, line, map->m_pblk,

next prev parent reply	other threads:[~2019-05-20 12:47 UTC|newest]

Thread overview: 131+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-20 12:13 [PATCH 4.19 000/105] 4.19.45-stable review Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 001/105] locking/rwsem: Prevent decrement of reader count before increment Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 002/105] x86/speculation/mds: Revert CPU buffer clear on double fault exit Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 003/105] x86/speculation/mds: Improve CPU buffer clear documentation Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 004/105] objtool: Fix function fallthrough detection Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 005/105] arm64: dts: rockchip: Disable DCMDs on RK3399s eMMC controller Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 006/105] ARM: dts: exynos: Fix interrupt for shared EINTs on Exynos5260 Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 007/105] ARM: dts: exynos: Fix audio (microphone) routing on Odroid XU3 Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 008/105] mmc: sdhci-of-arasan: Add DTS property to disable DCMDs Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 009/105] ARM: exynos: Fix a leaked reference by adding missing of_node_put Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 010/105] power: supply: axp288_charger: Fix unchecked return value Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 011/105] power: supply: axp288_fuel_gauge: Add ACEPC T8 and T11 mini PCs to the blacklist Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 012/105] arm64: mmap: Ensure file offset is treated as unsigned Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 013/105] arm64: arch_timer: Ensure counter register reads occur with seqlock held Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 014/105] arm64: compat: Reduce address limit Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 015/105] arm64: Clear OSDLR_EL1 on CPU boot Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 016/105] arm64: Save and restore OSDLR_EL1 across suspend/resume Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 017/105] sched/x86: Save [ER]FLAGS on context switch Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 018/105] crypto: crypto4xx - fix ctr-aes missing output IV Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 019/105] crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 020/105] crypto: salsa20 - dont access already-freed walk.iv Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 021/105] crypto: chacha20poly1305 - set cra_name correctly Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 022/105] crypto: ccp - Do not free psp_master when PLATFORM_INIT fails Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 023/105] crypto: vmx - fix copy-paste error in CTR mode Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 024/105] crypto: skcipher - dont WARN on unprocessed data after slow walk step Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 025/105] crypto: crct10dif-generic - fix use via crypto_shash_digest() Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 026/105] crypto: x86/crct10dif-pcl " Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 027/105] crypto: arm64/gcm-aes-ce - fix no-NEON fallback code Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 028/105] crypto: gcm - fix incompatibility between "gcm" and "gcm_base" Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 029/105] crypto: rockchip - update IV buffer to contain the next IV Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 030/105] crypto: arm/aes-neonbs - dont access already-freed walk.iv Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 031/105] crypto: arm64/aes-neonbs " Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 032/105] mmc: core: Fix tag set memory leak Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 033/105] ALSA: line6: toneport: Fix broken usage of timer for delayed execution Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 034/105] ALSA: usb-audio: Fix a memory leak bug Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 035/105] ALSA: hda/hdmi - Read the pin sense from register when repolling Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 036/105] ALSA: hda/hdmi - Consider eld_valid when reporting jack event Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 037/105] ALSA: hda/realtek - EAPD turn on later Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 038/105] ALSA: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) Greg Kroah-Hartman
2019-05-22  9:15   ` Pavel Machek
2019-05-22 10:22     ` Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 039/105] ASoC: max98090: Fix restore of DAPM Muxes Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 040/105] ASoC: RT5677-SPI: Disable 16Bit SPI Transfers Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 041/105] ASoC: fsl_esai: Fix missing break in switch statement Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 042/105] ASoC: codec: hdac_hdmi add device_link to card device Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 043/105] bpf, arm64: remove prefetch insn in xadd mapping Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 044/105] crypto: ccree - remove special handling of chained sg Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 045/105] crypto: ccree - fix mem leak on error path Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 046/105] crypto: ccree - dont map MAC key on stack Greg Kroah-Hartman
2019-05-22  8:49   ` Pavel Machek
2019-05-20 12:13 ` [PATCH 4.19 047/105] crypto: ccree - use correct internal state sizes for export Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 048/105] crypto: ccree - dont map AEAD key and IV on stack Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 049/105] crypto: ccree - pm resume first enable the source clk Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 050/105] crypto: ccree - HOST_POWER_DOWN_EN should be the last CC access during suspend Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 051/105] crypto: ccree - add function to handle cryptocell tee fips error Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 052/105] crypto: ccree - handle tee fips error during power management resume Greg Kroah-Hartman
2019-05-20 12:13 ` [PATCH 4.19 053/105] mm/mincore.c: make mincore() more conservative Greg Kroah-Hartman
2019-05-22  8:57   ` Pavel Machek
2019-05-22  9:21     ` Michal Hocko
2019-05-23  9:18       ` Kevin Easton
2019-05-20 12:14 ` [PATCH 4.19 054/105] mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 055/105] mm/hugetlb.c: dont put_page in lock of hugetlb_lock Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 056/105] hugetlb: use same fault hash key for shared and private mappings Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 057/105] ocfs2: fix ocfs2 read inode data panic in ocfs2_iget Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 058/105] userfaultfd: use RCU to free the task struct when fork fails Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 059/105] ACPI: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 060/105] mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 061/105] mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 062/105] mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 063/105] tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 064/105] tty/vt: fix write/write race in ioctl(KDSKBSENT) handler Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 065/105] jbd2: check superblock mapped prior to committing Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 066/105] ext4: make sanity check in mballoc more strict Greg Kroah-Hartman
2019-05-20 12:14 ` Greg Kroah-Hartman [this message]
2019-05-22  9:18   ` [PATCH 4.19 067/105] ext4: protect journal inodes blocks using block_validity Pavel Machek
2019-05-22 10:21     ` Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 068/105] ext4: ignore e_value_offs for xattrs with value-in-ea-inode Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 069/105] ext4: avoid drop reference to iloc.bh twice Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 070/105] ext4: fix use-after-free race with debug_want_extra_isize Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 071/105] ext4: actually request zeroing of inode table after grow Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 072/105] ext4: fix ext4_show_options for file systems w/o journal Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 073/105] btrfs: Check the first key and level for cached extent buffer Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 074/105] btrfs: Correctly free extent buffer in case btree_read_extent_buffer_pages fails Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 075/105] btrfs: Honour FITRIM range constraints during free space trim Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 076/105] Btrfs: send, flush dellaloc in order to avoid data loss Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 077/105] Btrfs: do not start a transaction during fiemap Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 078/105] Btrfs: do not start a transaction at iterate_extent_inodes() Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 079/105] bcache: fix a race between cache register and cacheset unregister Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 080/105] bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 081/105] ipmi:ssif: compare block number correctly for multi-part return messages Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 082/105] crypto: ccm - fix incompatibility between "ccm" and "ccm_base" Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 083/105] fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 084/105] tty: Dont force RISCV SBI console as preferred console Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 085/105] ext4: zero out the unused memory region in the extent tree block Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 086/105] ext4: fix data corruption caused by overlapping unaligned and aligned IO Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 087/105] ext4: fix use-after-free in dx_release() Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 088/105] ext4: avoid panic during forced reboot due to aborted journal Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 089/105] ALSA: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 090/105] ALSA: hda/realtek - Fixup headphone noise via runtime suspend Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 091/105] ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 092/105] jbd2: fix potential double free Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 093/105] KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes Greg Kroah-Hartman
2019-05-22 11:20   ` Pavel Machek
2019-05-20 12:14 ` [PATCH 4.19 094/105] KVM: lapic: Busy wait for timer to expire when using hv_timer Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 095/105] kbuild: turn auto.conf.cmd into a mandatory include file Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 096/105] xen/pvh: set xen_domain_type to HVM in xen_pvh_init Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 097/105] libnvdimm/namespace: Fix label tracking error Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 098/105] iov_iter: optimize page_copy_sane() Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 099/105] pstore: Centralize init/exit routines Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 100/105] pstore: Allocate compression during late_initcall() Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 101/105] pstore: Refactor compression initialization Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 102/105] ext4: unsigned int compared against zero Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 103/105] ext4: fix block validity checks for journal inodes using indirect blocks Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 104/105] ext4: fix compile error when using BUFFER_TRACE Greg Kroah-Hartman
2019-05-20 12:14 ` [PATCH 4.19 105/105] ext4: dont update s_rev_level if not required Greg Kroah-Hartman
2019-05-20 17:48 ` [PATCH 4.19 000/105] 4.19.45-stable review kernelci.org bot
2019-05-20 22:23 ` Dan Rue
2019-05-21  8:59   ` Greg Kroah-Hartman
2019-05-21  9:28     ` Naresh Kamboju
2019-05-21  9:38       ` ext4 regression (was Re: [PATCH 4.19 000/105] 4.19.45-stable review) Greg Kroah-Hartman
2019-05-21 10:28         ` Naresh Kamboju
2019-05-21 16:21           ` Theodore Ts'o
2019-05-21 16:30             ` Greg Kroah-Hartman
2019-05-21 16:44               ` Greg Kroah-Hartman
2019-05-21 17:57             ` Naresh Kamboju
2019-05-22  5:05               ` Theodore Ts'o
2019-05-22 10:20                 ` Naresh Kamboju
2019-05-21 15:02         ` Dan Rue
2019-05-21  8:51 ` [PATCH 4.19 000/105] 4.19.45-stable review Jon Hunter
2019-05-21 21:31 ` shuah
2019-05-22  5:04 ` Naresh Kamboju

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190520115251.802050920@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).