| From: Theodore Ts'o <tytso@mit.edu> |
| Date: Tue, 22 May 2018 17:14:07 -0400 |
| Subject: ext4: bubble errors from ext4_find_inline_data_nolock() up to |
| ext4_iget() |
| |
| commit eb9b5f01c33adebc31cbc236c02695f605b0e417 upstream. |
| |
| If ext4_find_inline_data_nolock() returns an error it needs to get |
| reflected up to ext4_iget(). In order to fix this, |
| ext4_iget_extra_inode() needs to return an error (and not return |
| void). |
| |
| This is related to "ext4: do not allow external inodes for inline |
| data" (which fixes CVE-2018-11412) in that in the errors=continue |
| case, it would be useful to for userspace to receive an error |
| indicating that file system is corrupted. |
| |
| Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
| Reviewed-by: Andreas Dilger <adilger@dilger.ca> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| fs/ext4/inode.c | 10 +++++++--- |
| 1 file changed, 7 insertions(+), 3 deletions(-) |
| |
| --- a/fs/ext4/inode.c |
| +++ b/fs/ext4/inode.c |
| @@ -4159,19 +4159,21 @@ static blkcnt_t ext4_inode_blocks(struct |
| } |
| } |
| |
| -static inline void ext4_iget_extra_inode(struct inode *inode, |
| +static inline int ext4_iget_extra_inode(struct inode *inode, |
| struct ext4_inode *raw_inode, |
| struct ext4_inode_info *ei) |
| { |
| __le32 *magic = (void *)raw_inode + |
| EXT4_GOOD_OLD_INODE_SIZE + ei->i_extra_isize; |
| + |
| if (EXT4_GOOD_OLD_INODE_SIZE + ei->i_extra_isize + sizeof(__le32) <= |
| EXT4_INODE_SIZE(inode->i_sb) && |
| *magic == cpu_to_le32(EXT4_XATTR_MAGIC)) { |
| ext4_set_inode_state(inode, EXT4_STATE_XATTR); |
| - ext4_find_inline_data_nolock(inode); |
| + return ext4_find_inline_data_nolock(inode); |
| } else |
| EXT4_I(inode)->i_inline_off = 0; |
| + return 0; |
| } |
| |
| struct inode *ext4_iget(struct super_block *sb, unsigned long ino) |
| @@ -4331,7 +4333,9 @@ struct inode *ext4_iget(struct super_blo |
| ei->i_extra_isize = sizeof(struct ext4_inode) - |
| EXT4_GOOD_OLD_INODE_SIZE; |
| } else { |
| - ext4_iget_extra_inode(inode, raw_inode, ei); |
| + ret = ext4_iget_extra_inode(inode, raw_inode, ei); |
| + if (ret) |
| + goto bad_inode; |
| } |
| } |
| |