[SRU][B][PATCH 0/2] CVE-2019-19449
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Thu Sep 30 18:28:45 UTC 2021
[Impact]
Mounting a crafted f2fs file system with a segment count in a section
that is less than segs_per_sec causes out-of-boundary memory access
during fs initalization.
[Backports]
Changed f2fs_info to f2fs_msg due to the fact that the f2fs_info
infastructure is not present and would require backporting many patches
to implement.
[Test case]
Reproduced bug with syzbot reproducer
(https://syzkaller.appspot.com/x/repro.c?x=102fbac5900000)
with slight modification to target a valid loop device.
Confirmed that after the patches were applied the fs reports that there
are malformed segments/sections and mounting the file system fails,
which stops the initialization from continuing and preventing the
out-of-boundary memory access.
[Potential regression]
The patches add checks that are a superset of the previous checks, which
might cause some filesystems that succeeded in mounting to now fail.
Luke Nowakowski-Krijger (1):
f2fs: fix to do sanity check on segment/section count
Wang Xiaojun (1):
f2fs: fix wrong total_sections check and fsmeta check
fs/f2fs/segment.h | 1 +
fs/f2fs/super.c | 15 +++++++++++----
2 files changed, 12 insertions(+), 4 deletions(-)
--
2.30.2
More information about the kernel-team
mailing list