MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2026-01-27 12:47:24 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
f271155ff3
linux-yocto/fs
History
Phillip Lougher f271155ff3 Squashfs: reject negative file sizes in squashfs_read_inode() 
[ Upstream commit 9f1c14c1de ]

Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs.

This warning is ultimately caused because the underlying Squashfs file
system returns a file with a negative file size.

This commit checks for a negative file size and returns EINVAL.

[phillip@squashfs.org.uk: only need to check 64 bit quantity]
  Link: https://lkml.kernel.org/r/20250926222305.110103-1-phillip@squashfs.org.uk
Link: https://lkml.kernel.org/r/20250926215935.107233-1-phillip@squashfs.org.uk
Fixes: 6545b246a2 ("Squashfs: inode operations")
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reported-by: syzbot+f754e01116421e9754b9@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/68d580e5.a00a0220.303701.0019.GAE@google.com/
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-10-19 16:37:42 +02:00
..
9p vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
adfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
affs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
afs afs: Fix potential null pointer dereference in afs_put_server 2025-09-25 09:18:17 +02:00
autofs
bcachefs vfs-6.17-rc1.fileattr 2025-07-28 15:24:14 -07:00
befs
bfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
btrfs btrfs: avoid potential out-of-bounds in btrfs_encode_fh() 2025-10-19 16:37:23 +02:00
cachefiles vfs-6.17-rc1.misc 2025-07-28 11:22:56 -07:00
ceph ceph: fix crash after fscrypt_encrypt_pagecache_blocks() error 2025-09-09 12:57:03 +02:00
coda vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
configfs
cramfs cramfs: fix incorrect physical page address calculation 2025-10-15 12:04:11 +02:00
crypto fscrypt: Remove gfp_t argument from fscrypt_encrypt_block_inplace() 2025-07-10 12:33:13 -07:00
debugfs debugfs: fix mount options not being applied 2025-08-17 12:22:25 +02:00
devpts
dlm
ecryptfs vfs-6.17-rc1.fileattr 2025-07-28 15:24:14 -07:00
efivarfs efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare 2025-08-28 08:39:49 +02:00
efs
erofs erofs: avoid reading more for fragment maps 2025-10-15 12:03:16 +02:00
exfat exfat: add cluster chain loop check for dir 2025-08-01 08:34:23 +09:00
exportfs
ext2 \n 2025-07-28 16:16:09 -07:00
ext4 ext4: free orphan info with kvfree 2025-10-19 16:37:42 +02:00
f2fs f2fs: fix UAF issue in f2fs_merge_page_bio() 2025-10-15 12:04:11 +02:00
fat Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
freevxfs
fuse fuse: fix livelock in synchronous file put from fuseblk workers 2025-10-19 16:37:26 +02:00
gfs2 gfs2: Add proper lockspace locking 2025-10-15 12:03:15 +02:00
hfs hfs/hfsplus updates for v6.17 2025-07-28 16:17:44 -07:00
hfsplus hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() 2025-10-15 12:03:14 +02:00
hostfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
hpfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
hugetlbfs mm/hugetlb: fix folio is still mapped when deleted 2025-09-25 16:10:34 -07:00
iomap iomap: Fix broken data integrity guarantees for O_SYNC writes 2025-08-11 14:51:49 +02:00
isofs Current exclusion rules for ->d_flags stores are rather unpleasant. 2025-07-28 09:17:57 -07:00
jbd2 jbd2: prevent softlockup in jbd2_log_do_checkpoint() 2025-08-13 14:24:14 -04:00
jffs2 vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
jfs Fixes and cleanups for JFS filesystem 2025-07-31 10:27:11 -07:00
kernfs kernfs: Fix UAF in polling when open file is released 2025-09-06 20:11:27 +02:00
lockd
minix vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
netfs netfs: fix reference leak 2025-09-26 10:14:19 +02:00
nfs nfs/localio: avoid issuing misaligned IO using O_DIRECT 2025-10-15 12:04:13 +02:00
nfs_common NFS/localio: nfs_uuid_put() fix the wake up after unlinking the file 2025-08-05 16:45:40 -07:00
nfsd nfsd: nfserr_jukebox in nlm_fopen should lead to a retry 2025-10-19 16:37:39 +02:00
nilfs2 nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* 2025-09-13 13:05:38 -07:00
nls
notify fanotify: Validate the return value of mnt_ns_from_dentry() before dereferencing 2025-10-15 12:03:52 +02:00
ntfs3 fs/ntfs3: Fix a resource leak bug in wnd_extend() 2025-10-19 16:37:25 +02:00
ocfs2 ocfs2: fix double free in user_cluster_connect() 2025-10-15 12:04:11 +02:00
omfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
openpromfs
orangefs orangefs: fixes for string handling in debugfs and sysfs 2025-07-31 10:22:48 -07:00
overlayfs ovl: fix possible double unlink 2025-08-18 13:16:49 +02:00
proc fs/proc/task_mmu: check p->vec_buf for NULL 2025-09-25 16:10:34 -07:00
pstore pstore: switch to locked_recursive_removal() 2025-07-02 22:36:51 -04:00
qnx4
qnx6
quota fs: quota: create dedicated workqueue for quota_release_work 2025-10-19 16:37:25 +02:00
ramfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
resctrl fs/resctrl: Eliminate false positive lockdep warning when reading SNC counters 2025-09-09 12:43:36 +02:00
romfs
smb smb client: fix bug with newly created file in cached dir 2025-10-19 16:37:31 +02:00
squashfs Squashfs: reject negative file sizes in squashfs_read_inode() 2025-10-19 16:37:42 +02:00
sysfs
tests
tracefs Massage rpc_pipefs to use saner primitives and clean up the 2025-07-28 09:56:09 -07:00
ubifs This pull request contains the following changes for UBI and UBIFS: 2025-07-31 10:08:44 -07:00
udf fs: udf: fix OOB read in lengthAllocDescs handling 2025-10-15 12:04:16 +02:00
ufs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
unicode
vboxsf vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
verity fsverity: Switch from crypto_shash to SHA-2 library 2025-07-14 11:29:32 -07:00
xfs xfs: use deferred intent items for reaping crosslinked blocks 2025-10-19 16:37:35 +02:00
zonefs zonefs changes for 6.17-rc1 2025-07-28 17:06:51 -07:00
aio.c
anon_inodes.c module: Rename EXPORT_SYMBOL_GPL_FOR_MODULES to EXPORT_SYMBOL_FOR_MODULES 2025-08-11 16:16:36 +02:00
attr.c vfs: add ATTR_CTIME_SET flag 2025-10-19 16:37:06 +02:00
backing-file.c vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
bad_inode.c
binfmt_elf_fdpic.c execve updates for v6.17 2025-07-28 17:11:40 -07:00
binfmt_elf.c execve updates for v6.17 2025-07-28 17:11:40 -07:00
binfmt_flat.c
binfmt_misc.c binfmt_misc: switch to locked_recursive_removal() 2025-07-02 22:36:51 -04:00
binfmt_script.c
bpf_fs_kfuncs.c bpf: Introduce bpf_cgroup_read_xattr to read xattr of cgroup's node 2025-07-02 14:18:20 +02:00
buffer.c fs/buffer: fix use-after-free when call bh_read() helper 2025-08-19 13:51:28 +02:00
char_dev.c
compat_binfmt_elf.c
coredump.c coredump: don't pointlessly check and spew warnings 2025-08-21 13:54:40 +02:00
d_path.c fold fs_struct->{lock,seq} into a seqlock 2025-07-08 10:25:19 +02:00
dax.c fs/dax: Reject IOCB_ATOMIC in dax_iomap_rw() 2025-08-11 14:03:38 +02:00
dcache.c vfs-6.17-rc1.misc 2025-07-28 11:22:56 -07:00
direct-io.c Summary of significant series in this pull request: 2025-07-31 14:57:54 -07:00
drop_caches.c
eventfd.c
eventpoll.c eventpoll: Replace rwlock with spinlock 2025-10-19 16:37:25 +02:00
exec.c coredump: don't pointlessly check and spew warnings 2025-08-21 13:54:40 +02:00
fcntl.c
fhandle.c fhandle: use more consistent rules for decoding file handle from userns 2025-08-29 09:48:31 +02:00
file_attr.c fs: tighten a sanity check in file_attr_to_fileattr() 2025-07-16 10:22:01 +02:00
file_table.c \n 2025-07-31 10:31:00 -07:00
file.c fs: always return zero on success from replace_fd() 2025-10-19 16:36:59 +02:00
filesystems.c
fs_context.c
fs_parser.c
fs_pin.c
fs_struct.c fold fs_struct->{lock,seq} into a seqlock 2025-07-08 10:25:19 +02:00
fs_types.c
fs-writeback.c fs: writeback: fix use-after-free in __mark_inode_dirty() 2025-08-11 14:51:45 +02:00
fsopen.c fscontext: do not consume log entries when returning -EMSGSIZE 2025-10-19 16:36:59 +02:00
init.c
inode.c vfs: Remove unnecessary list_for_each_entry_safe() from evict_inodes() 2025-07-10 09:37:32 +02:00
internal.h vfs-6.17-rc1.pidfs 2025-07-28 14:10:15 -07:00
ioctl.c fs: split fileattr related helpers into separate file 2025-07-01 22:44:22 +02:00
Kconfig fs/Kconfig: enable HUGETLBFS only if ARCH_SUPPORTS_HUGETLBFS 2025-07-24 19:12:38 -07:00
Kconfig.binfmt
kernel_read_file.c
libfs.c vfs-6.17-rc1.pidfs 2025-07-28 14:10:15 -07:00
locks.c docs/vfs: update references to i_mutex to i_rwsem 2025-06-23 12:17:33 +02:00
Makefile fs: split fileattr related helpers into separate file 2025-07-01 22:44:22 +02:00
mbcache.c
mnt_idmapping.c
mount.h copy_tree(): don't link the mounts via mnt_list 2025-06-29 19:03:37 -04:00
mpage.c
namei.c openat2: don't trigger automounts with RESOLVE_NO_XDEV 2025-10-19 16:37:28 +02:00
namespace.c listmount: don't call path_put() under namespace semaphore 2025-10-19 16:36:59 +02:00
nsfs.c
open.c \n 2025-07-31 10:31:00 -07:00
pidfs.c pidfs: Fix memory leak in pidfd_info() 2025-08-15 16:10:46 +02:00
pipe.c
pnode.c change_mnt_propagation(): calculate propagation source only if we'll need it 2025-08-19 12:05:59 -04:00
pnode.h get rid of CL_SHARE_TO_SLAVE 2025-06-29 19:03:46 -04:00
posix_acl.c
proc_namespace.c
read_write.c vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
readdir.c
remap_range.c
select.c fs: annotate suspected data race between poll_schedule_timeout() and pollwake() 2025-06-23 12:36:51 +02:00
seq_file.c
signalfd.c
splice.c netfs: Fix unbuffered write error handling 2025-08-15 15:56:49 +02:00
stack.c docs/vfs: update references to i_mutex to i_rwsem 2025-06-23 12:17:33 +02:00
stat.c
statfs.c
super.c vfs-6.17-rc1.super 2025-07-28 15:50:15 -07:00
sync.c
sysctls.c
timerfd.c
userfaultfd.c mm/mremap: use an explicit uffd failure path for mremap 2025-07-24 19:12:29 -07:00
utimes.c
xattr.c vfs-6.17-rc1.misc 2025-07-28 11:22:56 -07:00