[CAUSE]
Commit a27a94c2b0c7 ("btrfs: Make btrfs_find_device_by_devspec return
btrfs_device directly") moves the "missing" device path check into
btrfs_rm_device().
But btrfs_rm_device() itself can have case where it only receives
@devid, with NULL as @device_path.
In that case, calling strcmp() on NULL will trigger the NULL pointer
dereference.
Before that commit, we handle the "missing" case inside
btrfs_find_device_by_devspec(), which will not check @device_path at all
if @devid is provided, thus no way to trigger the bug.
[FIX]
Before calling strcmp(), also make sure @device_path is not NULL.
(cherry picked from commit e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091)
Signed-off-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Colin King <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
ce1631d...
by
Trond Myklebust <email address hidden>
NFSv4: Initialise connection to the server in nfs4_alloc_client()
Set up the connection to the NFSv4 server in nfs4_alloc_client(), before
we've added the struct nfs_client to the net-namespace's nfs_client_list
so that a downed server won't cause other mounts to hang in the trunking
detection code.
Reported-by: Michael Wakabayashi <email address hidden>
Fixes: 5c6e5b60aae4 ("NFS: Fix an Oops in the pNFS files and flexfiles connection setup to the DS")
Signed-off-by: Trond Myklebust <email address hidden>
(cherry picked from commit dd99e9f98fbf423ff6d365b37a98e8879170f17c)
CVE-2021-38199
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
f2fs: fix to do sanity check on segment/section count
As syzbot reported:
BUG: KASAN: slab-out-of-bounds in init_min_max_mtime fs/f2fs/segment.c:4710 [inline]
BUG: KASAN: slab-out-of-bounds in f2fs_build_segment_manager+0x9302/0xa6d0 fs/f2fs/segment.c:4792
Read of size 8 at addr ffff8880a1b934a8 by task syz-executor682/6878
The root cause is: if segs_per_sec is larger than one, and segment count
in last section is less than segs_per_sec, we will suffer out-of-boundary
memory access on sit_i->sentries[] in init_min_max_mtime().
Fix this by adding sanity check among segment count, section count and
segs_per_sec value in sanity_check_raw_super().
Reported-by: <email address hidden>
Signed-off-by: Chao Yu <email address hidden>
Signed-off-by: Jaegeuk Kim <email address hidden>
(cherry-picked from commit 3a22e9ac71585bcb7667e44641f1bbb25295f0ce)
CVE-2019-19449
Signed-off-by: Luke Nowakowski-Krijger <email address hidden>
Acked-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
f2fs: fix wrong total_sections check and fsmeta check
Meta area is not included in section_count computation.
So the minimum number of total_sections is 1 meanwhile it cannot be
greater than segment_count_main.
The minimum number of meta segments is 8 (SB + 2 (CP + SIT + NAT) + SSA).
Signed-off-by: Wang Xiaojun <email address hidden>
Reviewed-by: Chao Yu <email address hidden>
Signed-off-by: Jaegeuk Kim <email address hidden>
(cherry-picked from commit f99ba9add67ce63eca3fe68a3d5e9996cd2c33b5)
CVE-2019-19449
Signed-off-by: Luke Nowakowski-Krijger <email address hidden>
Acked-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>