diff options
Diffstat (limited to 'debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch')
-rw-r--r-- | debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch b/debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch new file mode 100644 index 000000000000..ea530a7a2665 --- /dev/null +++ b/debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch @@ -0,0 +1,34 @@ +From: Theodore Ts'o <tytso@mit.edu> +Date: Sat, 16 Jun 2018 15:40:48 -0400 +Subject: ext4: never move the system.data xattr out of the inode body +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=896003d9fd652666080a06411d4238ee6eb4fb76 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10880 + +When expanding the extra isize space, we must never move the +system.data xattr out of the inode body. For performance reasons, it +doesn't make any sense, and the inline data implementation assumes +that system.data xattr is never in the external xattr block. + +This addresses CVE-2018-10880 + +https://bugzilla.kernel.org/show_bug.cgi?id=200005 + +Signed-off-by: Theodore Ts'o <tytso@mit.edu> +--- + fs/ext4/xattr.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -2657,6 +2657,11 @@ static int ext4_xattr_make_inode_space(h + last = IFIRST(header); + /* Find the entry best suited to be pushed into EA block */ + for (; !IS_LAST_ENTRY(last); last = EXT4_XATTR_NEXT(last)) { ++ /* never move system.data out of the inode */ ++ if ((last->e_name_len == 4) && ++ (last->e_name_index == EXT4_XATTR_INDEX_SYSTEM) && ++ !memcmp(last->e_name, "data", 4)) ++ continue; + total_size = EXT4_XATTR_LEN(last->e_name_len); + if (!last->e_value_inum) + total_size += EXT4_XATTR_SIZE( |