ACK/CMNT: [PATCH 0/5] [SRU][B/master] squashfs hardening

[Tyler Hicks]

On 2019-02-19 15:23:24, Paolo Pisati wrote:
> "There are a number of squashfs hardening fixes. They don't have CVE number
> assigned but it would be good to backport the fixes to harden our kernel against
> malicious squashfs images. Snaps are simply squashfs images so an attacker could
> craft a malicious snap and attack the kernel of end users that install their
> crafted snaps."
> 
> All clean cherry-picks from upstream.

The code changes all look good to me. They're all clean cherry-picks and
I've given the actual changes a close review, as well.

The only problem I see is that, since there's no CVE ID associated,
we're missing an SRU bug. I've just created an SRU bug. All commit
messages need the following line added:

BugLink: https://bugs.launchpad.net/bugs/1816756

With that change,

Acked-by: Tyler Hicks <tyhicks at canonical.com>

Tyler

> 
> Linus Torvalds (4):
>   squashfs: be more careful about metadata corruption
>   squashfs: more metadata hardening
>   squashfs metadata 2: electric boogaloo
>   squashfs: more metadata hardening
> 
> Phillip Lougher (1):
>   Squashfs: Compute expected length from inode size rather than block
>     length
> 
>  fs/squashfs/block.c          |  2 ++
>  fs/squashfs/cache.c          |  3 +++
>  fs/squashfs/file.c           | 58 ++++++++++++++++++++++++++------------------
>  fs/squashfs/file_cache.c     |  4 +--
>  fs/squashfs/file_direct.c    | 24 +++++++++---------
>  fs/squashfs/fragment.c       | 17 +++++++------
>  fs/squashfs/squashfs.h       |  3 ++-
>  fs/squashfs/squashfs_fs.h    |  6 +++++
>  fs/squashfs/squashfs_fs_sb.h |  1 +
>  fs/squashfs/super.c          |  5 ++--
>  10 files changed, 75 insertions(+), 48 deletions(-)
> 
> -- 
> 2.7.4
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team