Haogang Chen 967ac8af44 ext4: fix potential integer overflow in alloc_flex_gd() ...

In alloc_flex_gd(), when flexbg_size is large, kmalloc size would
overflow and flex_gd->groups would point to a buffer smaller than
expected, causing OOB accesses when it is used.

Note that in ext4_resize_fs(), flexbg_size is calculated using
sbi->s_log_groups_per_flex, which is read from the disk and only bounded
to [1, 31]. The patch returns NULL for too large flexbg_size.

Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Haogang Chen <haogangchen@gmail.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: stable@kernel.org

2012-05-28 14:21:55 -04:00

..

acl.c

switch posix_acl_equiv_mode() to umode_t *

2011-08-01 02:10:06 -04:00

acl.h

fs: take the ACL checks to common code

2011-07-25 14:30:23 -04:00

balloc.c

ext4: make block group checksums use metadata_csum algorithm

2012-04-29 18:45:10 -04:00

bitmap.c

ext4: calculate and verify block bitmap checksum

2012-04-29 18:35:10 -04:00

block_validity.c

ext2/3/4: delete unneeded includes of module.h

2012-01-09 13:52:10 +01:00

dir.c

ext4: calculate and verify checksums of directory leaf blocks

2012-04-29 18:41:10 -04:00

ext4_extents.h

ext4: verify and calculate checksums for extent tree blocks

2012-04-29 18:37:10 -04:00

ext4_jbd2.c

ext4: calculate and verify superblock checksum

2012-04-29 18:29:10 -04:00

ext4_jbd2.h

ext4: calculate and verify superblock checksum

2012-04-29 18:29:10 -04:00

ext4.h

ext4: remove needs_recovery in ext4_mb_init()

2012-05-28 14:19:25 -04:00

extents.c

ext4: verify and calculate checksums for extent tree blocks

2012-04-29 18:37:10 -04:00

file.c

Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

2011-11-02 10:06:20 -07:00

fsync.c

ext4: fix race between sync and completed io work

2012-03-05 10:29:52 -05:00

hash.c

ext4: return 32/64-bit dir name hash according to usage type

2012-03-18 22:44:40 -04:00

ialloc.c

ext4: fix potential NULL dereference in ext4_free_inodes_counts()

2012-05-28 14:16:57 -04:00

indirect.c

ext2/3/4: delete unneeded includes of module.h

2012-01-09 13:52:10 +01:00

inode.c

ext4: make block group checksums use metadata_csum algorithm

2012-04-29 18:45:10 -04:00

ioctl.c

ext4: calculate and verify inode checksums

2012-04-29 18:31:10 -04:00

Kconfig

ext4: load the crc32c driver if necessary

2012-04-29 18:27:10 -04:00

Makefile

ext4: move ext4_ind_* functions from inode.c to indirect.c

2011-06-27 19:40:50 -04:00

mballoc.c

ext4: remove needs_recovery in ext4_mb_init()

2012-05-28 14:19:25 -04:00

mballoc.h

ext4: remove EXT4_MB_{BITMAP,BUDDY} macros

2012-02-20 17:54:06 -05:00

migrate.c

ext4: using PTR_ERR() on the wrong variable in ext4_ext_migrate()

2012-02-20 17:53:06 -05:00

mmp.c

ext4: add checksums to the MMP block

2012-04-29 18:47:10 -04:00

move_extent.c

ext4: add some tracepoints in ext4/extents.c

2011-09-09 19:18:51 -04:00

namei.c

ext4: remove unnecessary check in add_dirent_to_buf()

2012-04-30 07:40:00 -04:00

page-io.c

Revert "ext4: don't release page refs in ext4_end_bio()"

2012-03-29 17:00:56 -07:00

resize.c

ext4: fix potential integer overflow in alloc_flex_gd()

2012-05-28 14:21:55 -04:00

super.c

ext4: remove needs_recovery in ext4_mb_init()

2012-05-28 14:19:25 -04:00

symlink.c

ext4: symlink must be handled via filesystem specific operation

2010-05-16 02:00:00 -04:00

truncate.h

ext4: move common truncate functions to header file

2011-06-27 19:16:04 -04:00

xattr_security.c

Merge branch 'for_linus' into for_linus_merged

2012-01-10 11:54:07 -05:00

xattr_trusted.c

ext2/3/4: delete unneeded includes of module.h

2012-01-09 13:52:10 +01:00

xattr_user.c

ext2/3/4: delete unneeded includes of module.h

2012-01-09 13:52:10 +01:00

xattr.c

ext4: Calculate and verify checksums of extended attribute blocks

2012-04-29 18:43:10 -04:00

xattr.h

ext4: change on-disk layout to support extended metadata checksumming

2012-04-29 18:23:10 -04:00