ext4: only look at the bg_flags field if it is valid
authorTheodore Ts'o <tytso@mit.edu>
Thu, 14 Jun 2018 04:58:00 +0000 (00:58 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 11 Jul 2018 14:29:17 +0000 (16:29 +0200)
commit44a4bc970bfae625d0ec9ecdfefc88c9d93dfe6c
tree8dde2d1630ba1abf321efc9dce39f23f4b9998a4
parentac48bb9bc0a32f5a4432be1645b57607f8c46aa7
ext4: only look at the bg_flags field if it is valid

commit 8844618d8aa7a9973e7b527d038a2a589665002c upstream.

The bg_flags field in the block group descripts is only valid if the
uninit_bg or metadata_csum feature is enabled.  We were not
consistently looking at this field; fix this.

Also block group #0 must never have uninitialized allocation bitmaps,
or need to be zeroed, since that's where the root inode, and other
special inodes are set up.  Check for these conditions and mark the
file system as corrupted if they are detected.

This addresses CVE-2018-10876.

https://bugzilla.kernel.org/show_bug.cgi?id=199403

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/ext4/balloc.c
fs/ext4/ialloc.c
fs/ext4/mballoc.c
fs/ext4/super.c