diff options
Diffstat (limited to 'meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-11059/0001-Fix-ext4-block-group-descriptor-sizing.patch')
| -rw-r--r-- | meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-11059/0001-Fix-ext4-block-group-descriptor-sizing.patch | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-11059/0001-Fix-ext4-block-group-descriptor-sizing.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-11059/0001-Fix-ext4-block-group-descriptor-sizing.patch new file mode 100644 index 000000000..d35ee0ac1 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2019-11059/0001-Fix-ext4-block-group-descriptor-sizing.patch @@ -0,0 +1,62 @@ +From febbc583319b567fe3d83e521cc2ace9be8d1501 Mon Sep 17 00:00:00 2001 +From: Benjamin Lim <jarsp.ctf@gmail.com> +Date: Fri, 29 Mar 2019 07:29:45 -0400 +Subject: [PATCH] Fix ext4 block group descriptor sizing + +Ext4 allows for arbitrarily sized block group descriptors when 64-bit +addressing is enabled, which was previously not properly supported. This +patch dynamically allocates a chunk of memory of the correct size. + +Signed-off-by: Benjamin Lim <jarsp.ctf@gmail.com> +--- + fs/ext4/ext4_common.c | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c +index feffbfa9a9eb..464c33d0d74c 100644 +--- a/fs/ext4/ext4_common.c ++++ b/fs/ext4/ext4_common.c +@@ -1587,7 +1587,7 @@ static int ext4fs_blockgroup + + int ext4fs_read_inode(struct ext2_data *data, int ino, struct ext2_inode *inode) + { +- struct ext2_block_group blkgrp; ++ struct ext2_block_group *blkgrp; + struct ext2_sblock *sblock = &data->sblock; + struct ext_filesystem *fs = get_fs(); + int log2blksz = get_fs()->dev_desc->log2blksz; +@@ -1595,17 +1595,28 @@ int ext4fs_read_inode(struct ext2_data *data, int ino, struct ext2_inode *inode) + long int blkno; + unsigned int blkoff; + ++ /* Allocate blkgrp based on gdsize (for 64-bit support). */ ++ blkgrp = zalloc(get_fs()->gdsize); ++ if (!blkgrp) ++ return 0; ++ + /* It is easier to calculate if the first inode is 0. */ + ino--; + status = ext4fs_blockgroup(data, ino / le32_to_cpu +- (sblock->inodes_per_group), &blkgrp); +- if (status == 0) ++ (sblock->inodes_per_group), blkgrp); ++ if (status == 0) { ++ free(blkgrp); + return 0; ++ } + + inodes_per_block = EXT2_BLOCK_SIZE(data) / fs->inodesz; +- blkno = ext4fs_bg_get_inode_table_id(&blkgrp, fs) + ++ blkno = ext4fs_bg_get_inode_table_id(blkgrp, fs) + + (ino % le32_to_cpu(sblock->inodes_per_group)) / inodes_per_block; + blkoff = (ino % inodes_per_block) * fs->inodesz; ++ ++ /* Free blkgrp as it is no longer required. */ ++ free(blkgrp); ++ + /* Read the inode. */ + status = ext4fs_devread((lbaint_t)blkno << (LOG2_BLOCK_SIZE(data) - + log2blksz), blkoff, +-- +2.17.1 + |