diff options
| author | Jan Kara <jack@suse.cz> | 2023-03-01 11:59:39 +0100 |
|---|---|---|
| committer | Jan Kara <jack@suse.cz> | 2023-03-06 16:42:10 +0100 |
| commit | 62aeb94433fcec80241754b70d0d1836d5926b0a (patch) | |
| tree | 5b191d6bd8f8289d41507f3f67728d6ebf29134e /fs/ext2/super.c | |
| parent | e9cd1d9a34131fb56bef469d4e1cd31bd1b515e2 (diff) | |
| download | lwn-62aeb94433fcec80241754b70d0d1836d5926b0a.tar.gz lwn-62aeb94433fcec80241754b70d0d1836d5926b0a.zip | |
ext2: Check block size validity during mount
Check that log of block size stored in the superblock has sensible
value. Otherwise the shift computing the block size can overflow leading
to undefined behavior.
Reported-by: syzbot+4fec412f59eba8c01b77@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs/ext2/super.c')
| -rw-r--r-- | fs/ext2/super.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/fs/ext2/super.c b/fs/ext2/super.c index 69c88facfe90..f342f347a695 100644 --- a/fs/ext2/super.c +++ b/fs/ext2/super.c @@ -945,6 +945,13 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent) goto failed_mount; } + if (le32_to_cpu(es->s_log_block_size) > + (EXT2_MAX_BLOCK_LOG_SIZE - BLOCK_SIZE_BITS)) { + ext2_msg(sb, KERN_ERR, + "Invalid log block size: %u", + le32_to_cpu(es->s_log_block_size)); + goto failed_mount; + } blocksize = BLOCK_SIZE << le32_to_cpu(sbi->s_es->s_log_block_size); if (test_opt(sb, DAX)) { |