ext4: avoid cycles in directory h-tree
authorJan Kara <jack@suse.cz>
Wed, 18 May 2022 09:33:29 +0000 (11:33 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 9 Jun 2022 08:21:23 +0000 (10:21 +0200)
commitff4cafa51762da3824881a9000ca421d4b78b138
tree871afff771b7baf4ccff862aee5950a9d230e294
parentda2f05919238c7bdc6e28c79539f55c8355408bb
ext4: avoid cycles in directory h-tree

commit 3ba733f879c2a88910744647e41edeefbc0d92b2 upstream.

A maliciously corrupted filesystem can contain cycles in the h-tree
stored inside a directory. That can easily lead to the kernel corrupting
tree nodes that were already verified under its hands while doing a node
split and consequently accessing unallocated memory. Fix the problem by
verifying traversed block numbers are unique.

Cc: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220518093332.13986-2-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/ext4/namei.c