diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2015-12-01 02:50:10 +0000 |
|---|---|---|
| committer | Willy Tarreau <w@1wt.eu> | 2016-01-29 22:12:40 +0100 |
| commit | 6e5577bfd9e561ddb3167c4fcc815a8032b7952c (patch) | |
| tree | 762f6ae09fe8fee674886471551585429ac36566 | |
| parent | 60bc010667ef06e0fb08d5ec599c0977adc2ac72 (diff) | |
| download | linux-stable-6e5577bfd9e561ddb3167c4fcc815a8032b7952c.tar.gz linux-stable-6e5577bfd9e561ddb3167c4fcc815a8032b7952c.tar.bz2 linux-stable-6e5577bfd9e561ddb3167c4fcc815a8032b7952c.zip | |
ext4: Fix null dereference in ext4_fill_super()
Fix failure paths in ext4_fill_super() that can lead to a null
dereference. This was designated CVE-2015-8324.
Mostly extracted from commit 744692dc0598 ("ext4: use
ext4_get_block_write in buffer write").
However there's one more incorrect goto to fix, removed upstream in
commit cf40db137cc2 ("ext4: remove failed journal checksum check").
Reference: https://bugs.openvz.org/browse/OVZ-6541
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Willy Tarreau <w@1wt.eu>
| -rw-r--r-- | fs/ext4/super.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 045e7bf9c753..8ec8e1f28764 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2767,14 +2767,14 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) EXT4_SB(sb)->s_mount_state |= EXT4_ERROR_FS; es->s_state |= cpu_to_le16(EXT4_ERROR_FS); ext4_commit_super(sb, 1); - goto failed_mount4; + goto failed_mount_wq; } } } else if (test_opt(sb, NOLOAD) && !(sb->s_flags & MS_RDONLY) && EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER)) { ext4_msg(sb, KERN_ERR, "required journal recovery " "suppressed and not mounted read-only"); - goto failed_mount4; + goto failed_mount_wq; } else { clear_opt(sbi->s_mount_opt, DATA_FLAGS); set_opt(sbi->s_mount_opt, WRITEBACK_DATA); @@ -2787,7 +2787,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) !jbd2_journal_set_features(EXT4_SB(sb)->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_64BIT)) { ext4_msg(sb, KERN_ERR, "Failed to set 64-bit journal feature"); - goto failed_mount4; + goto failed_mount_wq; } if (test_opt(sb, JOURNAL_ASYNC_COMMIT)) { @@ -2826,7 +2826,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) (sbi->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_REVOKE)) { ext4_msg(sb, KERN_ERR, "Journal does not support " "requested data journaling mode"); - goto failed_mount4; + goto failed_mount_wq; } default: break; |