Re: [PATCH v2] ext4: fix use-after-free in ext4_ext_shift_extents

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2022/9/30 11:19, Theodore Ts'o wrote:
On Thu, 22 Sep 2022 20:04:34 +0800, Baokun Li wrote:
If the starting position of our insert range happens to be in the hole
between the two ext4_extent_idx, because the lblk of the ext4_extent in
the previous ext4_extent_idx is always less than the start, which leads
to the "extent" variable access across the boundary, the following UAF is
triggered:
==================================================================
BUG: KASAN: use-after-free in ext4_ext_shift_extents+0x257/0x790
Read of size 4 at addr ffff88819807a008 by task fallocate/8010
CPU: 3 PID: 8010 Comm: fallocate Tainted: G            E     5.10.0+ #492
Call Trace:
  dump_stack+0x7d/0xa3
  print_address_description.constprop.0+0x1e/0x220
  kasan_report.cold+0x67/0x7f
  ext4_ext_shift_extents+0x257/0x790
  ext4_insert_range+0x5b6/0x700
  ext4_fallocate+0x39e/0x3d0
  vfs_fallocate+0x26f/0x470
  ksys_fallocate+0x3a/0x70
  __x64_sys_fallocate+0x4f/0x60
  do_syscall_64+0x33/0x40
  entry_SYSCALL_64_after_hwframe+0x44/0xa9
==================================================================

[...]
Applied, thanks!

[1/1] ext4: fix use-after-free in ext4_ext_shift_extents
       (no commit info)

Best regards,

Hi Theodore,

Could you tell me why this patch has been applied, but there is no cmmit info,

and the patch cannot be found on any branch?

--
With Best Regards,
Baokun Li




[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux