Patch "ext4: fail ext4_iget if special inode unallocated" has been added to the 4.14-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    ext4: fail ext4_iget if special inode unallocated

to the 4.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ext4-fail-ext4_iget-if-special-inode-unallocated.patch
and it can be found in the queue-4.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 21d7d4e131e0013ba689dda89e4fb5f7bde12005
Author: Baokun Li <libaokun1@xxxxxxxxxx>
Date:   Sat Jan 7 11:21:25 2023 +0800

    ext4: fail ext4_iget if special inode unallocated
    
    [ Upstream commit 5cd740287ae5e3f9d1c46f5bfe8778972fd6d3fe ]
    
    In ext4_fill_super(), EXT4_ORPHAN_FS flag is cleared after
    ext4_orphan_cleanup() is executed. Therefore, when __ext4_iget() is
    called to get an inode whose i_nlink is 0 when the flag exists, no error
    is returned. If the inode is a special inode, a null pointer dereference
    may occur. If the value of i_nlink is 0 for any inodes (except boot loader
    inodes) got by using the EXT4_IGET_SPECIAL flag, the current file system
    is corrupted. Therefore, make the ext4_iget() function return an error if
    it gets such an abnormal special inode.
    
    Link: https://bugzilla.kernel.org/show_bug.cgi?id=199179
    Link: https://bugzilla.kernel.org/show_bug.cgi?id=216541
    Link: https://bugzilla.kernel.org/show_bug.cgi?id=216539
    Reported-by: Luís Henriques <lhenriques@xxxxxxx>
    Suggested-by: Theodore Ts'o <tytso@xxxxxxx>
    Signed-off-by: Baokun Li <libaokun1@xxxxxxxxxx>
    Reviewed-by: Jan Kara <jack@xxxxxxx>
    Link: https://lore.kernel.org/r/20230107032126.4165860-2-libaokun1@xxxxxxxxxx
    Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 9d6d3cb515140..69360b08db736 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4814,13 +4814,6 @@ struct inode *__ext4_iget(struct super_block *sb, unsigned long ino,
 		goto bad_inode;
 	raw_inode = ext4_raw_inode(&iloc);
 
-	if ((ino == EXT4_ROOT_INO) && (raw_inode->i_links_count == 0)) {
-		ext4_error_inode(inode, function, line, 0,
-				 "iget: root inode unallocated");
-		ret = -EFSCORRUPTED;
-		goto bad_inode;
-	}
-
 	if ((flags & EXT4_IGET_HANDLE) &&
 	    (raw_inode->i_links_count == 0) && (raw_inode->i_mode == 0)) {
 		ret = -ESTALE;
@@ -4891,11 +4884,16 @@ struct inode *__ext4_iget(struct super_block *sb, unsigned long ino,
 	 * NeilBrown 1999oct15
 	 */
 	if (inode->i_nlink == 0) {
-		if ((inode->i_mode == 0 ||
+		if ((inode->i_mode == 0 || flags & EXT4_IGET_SPECIAL ||
 		     !(EXT4_SB(inode->i_sb)->s_mount_state & EXT4_ORPHAN_FS)) &&
 		    ino != EXT4_BOOT_LOADER_INO) {
-			/* this inode is deleted */
-			ret = -ESTALE;
+			/* this inode is deleted or unallocated */
+			if (flags & EXT4_IGET_SPECIAL) {
+				ext4_error_inode(inode, function, line, 0,
+						 "iget: special inode unallocated");
+				ret = -EFSCORRUPTED;
+			} else
+				ret = -ESTALE;
 			goto bad_inode;
 		}
 		/* The only unlinked inodes we let through here have



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux