On Tue, Dec 06, 2016 at 04:32:22PM -0800, Darrick J. Wong wrote: > Due to insufficient input validation, various filesystem drivers can > load an inode with a negative size from a maliciously crafted fs image. > If this happens, a subsequent write-append operation can cause integer > overflows in the writeback code, causing the kernel to lock up. > > Therefore, if we catch anyone trying to link a dentry to a garbage > inode, reject the whole attempt. Yecchh... This is completely wrong place for such checks. Sorry, NAK. The set of spots chosen for those tests is random *and* it's not even sufficient (consider e.g. d_obtain_alias()). The things go wrong when such inode is set up, not when a dentry is attached to it. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
