From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Jan Kara <jack@suse.cz>, Theodore Ts'o <tytso@mit.edu>,
Sasha Levin <sashal@kernel.org>,
linux-ext4@vger.kernel.org
Subject: [PATCH AUTOSEL 4.9 14/17] ext4: Make sure quota files are not grabbed accidentally
Date: Thu, 9 Sep 2021 20:23:35 -0400 [thread overview]
Message-ID: <20210910002338.176677-14-sashal@kernel.org> (raw)
In-Reply-To: <20210910002338.176677-1-sashal@kernel.org>
From: Jan Kara <jack@suse.cz>
[ Upstream commit bd2c38cf1726ea913024393a0d11f2e2a3f4c180 ]
If ext4 filesystem is corrupted so that quota files are linked from
directory hirerarchy, bad things can happen. E.g. quota files can get
corrupted or deleted. Make sure we are not grabbing quota file inodes
when we expect normal inodes.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Link: https://lore.kernel.org/r/20210812133122.26360-1-jack@suse.cz
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/inode.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 79c067f74253..6459bdbbc3f2 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4489,6 +4489,7 @@ struct inode *__ext4_iget(struct super_block *sb, unsigned long ino,
struct ext4_iloc iloc;
struct ext4_inode *raw_inode;
struct ext4_inode_info *ei;
+ struct ext4_super_block *es = EXT4_SB(sb)->s_es;
struct inode *inode;
journal_t *journal = EXT4_SB(sb)->s_journal;
long ret;
@@ -4499,9 +4500,12 @@ struct inode *__ext4_iget(struct super_block *sb, unsigned long ino,
projid_t i_projid;
if ((!(flags & EXT4_IGET_SPECIAL) &&
- (ino < EXT4_FIRST_INO(sb) && ino != EXT4_ROOT_INO)) ||
+ ((ino < EXT4_FIRST_INO(sb) && ino != EXT4_ROOT_INO) ||
+ ino == le32_to_cpu(es->s_usr_quota_inum) ||
+ ino == le32_to_cpu(es->s_grp_quota_inum) ||
+ ino == le32_to_cpu(es->s_prj_quota_inum))) ||
(ino < EXT4_ROOT_INO) ||
- (ino > le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count))) {
+ (ino > le32_to_cpu(es->s_inodes_count))) {
if (flags & EXT4_IGET_HANDLE)
return ERR_PTR(-ESTALE);
__ext4_error(sb, function, line,
--
2.30.2
next prev parent reply other threads:[~2021-09-10 1:05 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-10 0:23 [PATCH AUTOSEL 4.9 01/17] clk: rockchip: rk3036: fix up the sclk_sfc parent error Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 02/17] scsi: lpfc: Fix cq_id truncation in rq create Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 03/17] HID: usbhid: free raw_report buffers in usbhid_stop Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 04/17] powerpc: make the install target not depend on any build artifact Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 05/17] jbd2: fix portability problems caused by unaligned accesses Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 06/17] scsi: qla2xxx: Fix NPIV create erroneous error Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 07/17] scsi: target: pscsi: Fix possible null-pointer dereference in pscsi_complete_cmd() Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 08/17] fs: dlm: fix return -EINTR on recovery stopped Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 09/17] powerpc/32: indirect function call use bctrl rather than blrl in ret_from_kernel_thread Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 10/17] powerpc/booke: Avoid link stack corruption in several places Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 11/17] KVM: PPC: Book3S HV: Initialise vcpu MSR with MSR_ME Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 12/17] RDMA/core/sa_query: Retry SA queries Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 13/17] ext4: if zeroout fails fall back to splitting the extent node Sasha Levin
2021-09-10 0:23 ` Sasha Levin [this message]
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 15/17] checkkconfigsymbols.py: Fix the '--ignore' option Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 16/17] ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() Sasha Levin
2021-09-10 0:23 ` [PATCH AUTOSEL 4.9 17/17] ocfs2: ocfs2_downconvert_lock failure results in deadlock Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210910002338.176677-14-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).