https://bugzilla.kernel.org/show_bug.cgi?id=199403 Theodore Tso (tytso@xxxxxxx) changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |tytso@xxxxxxx --- Comment #3 from Theodore Tso (tytso@xxxxxxx) --- There is a completely issue with the latest Linux tree. (I suspect the earlier UAF was fixed recent fix.) As far as the latest UAF is concerned, this is triggered by the fact that allocation bitmaps are marked as uninitialized for block group #0. Ext4 shouldn't have paid attention to these flags, since the prerequisite file system feature (uninit_bg or metadata_csum) was not set. In addition, even if one of those two feature flags were set, ext4 should report an file system corruption if bitmaps for bg 0 are marked as uninitialized and refuse to try to clear those bitmaps, since nothing good can happen. This will be fixed by the patch: ext4: only look at the bg_flags field if it is valid The bg_flags field in the block group descripts is only valid if the uninit_bg or metadata_csum feature is enabled. We were not consistently looking at this field; fix this. Also block group #0 must never have uninitialized allocation bitmaps, or need to be zeroed, since that's where the root inode, and other special inodes are set up. Check for these conditions and mark the file system as corrupted if they are detected. -- You are receiving this mail because: You are watching the assignee of the bug.
