sst-linux

History

Vasiliy Kovalev 11e24802e7 ocfs2: validate l_tree_depth to avoid out-of-bounds access [ Upstream commit a406aff8c05115119127c962cbbbbd202e1973ef ] The l_tree_depth field is 16-bit (__le16), but the actual maximum depth is limited to OCFS2_MAX_PATH_DEPTH. Add a check to prevent out-of-bounds access if l_tree_depth has an invalid value, which may occur when reading from a corrupted mounted disk [1]. Link: https://lkml.kernel.org/r/20250214084908.736528-1-kovalev@altlinux.org Fixes: `ccd979bdbc` ("[PATCH] OCFS2: The Second Oracle Cluster Filesystem") Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> Reported-by: syzbot+66c146268dc88f4341fd@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=66c146268dc88f4341fd [1] Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Jun Piao <piaojun@huawei.com> Cc: Kurt Hackel <kurt.hackel@oracle.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Vasiliy Kovalev <kovalev@altlinux.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2025-04-10 14:33:36 +02:00
..
cluster	ocfs2: Fix use of slab data with sendpage	2023-07-19 16:21:13 +02:00
dlm
dlmfs	ocfs2: kill EBUSY from dlmfs_evict_inode	2022-06-16 19:58:20 -07:00
acl.c	vfs: add rcu argument to ->get_acl() callback	2021-08-18 22:08:24 +02:00
acl.h	vfs: add rcu argument to ->get_acl() callback	2021-08-18 22:08:24 +02:00
alloc.c	ocfs2: validate l_tree_depth to avoid out-of-bounds access	2025-04-10 14:33:36 +02:00
alloc.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
aops.c	ocfs2: fix uninit-value in ocfs2_get_block()	2024-10-17 15:21:56 +02:00
aops.h	ocfs2: fix uninitialized value in ocfs2_file_read_iter()	2024-12-14 19:53:41 +01:00
blockcheck.c	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
blockcheck.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
buffer_head_io.c	ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate	2024-10-17 15:21:57 +02:00
buffer_head_io.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
dcache.c	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
dcache.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
dir.c	ocfs2: check dir i_size in ocfs2_find_entry	2025-02-21 13:49:54 +01:00
dir.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
dlmglue.c	ocfs2: update seq_file index in ocfs2_dlm_seq_next	2024-12-14 19:54:36 +01:00
dlmglue.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
export.c	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
export.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
extent_map.c	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
extent_map.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
file.c	ocfs2: fix uninitialized value in ocfs2_file_read_iter()	2024-12-14 19:53:41 +01:00
file.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
filecheck.c	ocfs2: use default_groups in kobj_type	2022-01-15 16:30:24 +02:00
filecheck.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
heartbeat.c	ocfs2: fix a typo in a comment	2022-07-29 18:12:36 -07:00
heartbeat.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
inode.c	ocfs2: fix mounting crash if journal is not alloced	2022-04-29 14:37:58 -07:00
inode.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
ioctl.c	block: add a bdev_discard_granularity helper	2022-04-17 19:49:59 -06:00
ioctl.h	ocfs2: convert to fileattr	2021-04-12 15:04:30 +02:00
journal.c	ocfs2: fix null-ptr-deref when journal load failed.	2024-10-17 15:21:57 +02:00
journal.h	ocfs2: fix DIO failure due to insufficient transaction credits	2024-07-05 09:31:52 +02:00
Kconfig	ocfs2: replace HTTP links with HTTPS ones	2020-08-07 11:33:22 -07:00
localalloc.c	ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume"	2024-12-14 19:54:52 +01:00
localalloc.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
locks.c	fs: remove mandatory file locking support	2021-08-23 06:15:36 -04:00
locks.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
Makefile	ocfs2: improve ocfs2 Makefile	2018-12-28 12:11:45 -08:00
mmap.c	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
mmap.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
move_extents.c	ocfs2: fix non-auto defrag path not working issue	2023-03-10 09:34:09 +01:00
move_extents.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
namei.c	ocfs2: free inode when ocfs2_get_init_inode() fails	2024-12-14 19:54:30 +01:00
namei.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
ocfs1_fs_compat.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
ocfs2_fs.h	ocfs2: replace zero-length arrays with DECLARE_FLEX_ARRAY() helper	2022-10-03 14:21:42 -07:00
ocfs2_ioctl.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
ocfs2_lockid.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
ocfs2_lockingver.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
ocfs2_trace.h	ocfs2: fix DIO failure due to insufficient transaction credits	2024-07-05 09:31:52 +02:00
ocfs2.h	Revert "ocfs2: mount shared volume without ha stack"	2022-07-18 15:09:15 -07:00
quota_global.c	ocfs2: mark dquot as inactive if failed to start trans while releasing dquot	2025-02-21 13:49:20 +01:00
quota_local.c	ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv	2025-01-17 13:34:48 +01:00
quota.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
refcounttree.c	ocfs2: reserve space for inline xattr before attaching reflink tree	2024-10-17 15:21:56 +02:00
refcounttree.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
reservations.c	ocfs2: change return type of ocfs2_resmap_init	2022-04-29 14:37:58 -07:00
reservations.h	ocfs2: change return type of ocfs2_resmap_init	2022-04-29 14:37:58 -07:00
resize.c	ocfs2: uncache inode which has failed entering the group	2024-11-22 15:37:30 +01:00
resize.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
slot_map.c	Revert "ocfs2: mount shared volume without ha stack"	2022-07-18 15:09:15 -07:00
slot_map.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
stack_o2cb.c	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
stack_user.c	fs: dlm: remove DLM_LSFL_FS from uapi	2022-08-23 14:54:54 -05:00
stackglue.c	ocfs2: fix memory leak in ocfs2_stack_glue_init()	2022-12-31 13:31:56 +01:00
stackglue.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
suballoc.c	ocfs2: fix a deadlock when commit trans	2022-01-30 09:56:58 +02:00
suballoc.h	fs/ocfs2/suballoc.h: fix spelling typo in comment	2022-10-03 14:21:42 -07:00
super.c	ocfs2: fix incorrect CPU endianness conversion causing mount failure	2025-02-21 13:49:50 +01:00
super.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
symlink.c	ocfs2: handle a symlink read error correctly	2025-02-21 13:49:51 +01:00
symlink.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
sysfile.c	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
sysfile.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
uptodate.c	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
uptodate.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00
xattr.c	ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()	2024-11-14 13:15:19 +01:00
xattr.h	treewide: remove editor modelines and cruft	2021-05-07 00:26:34 -07:00