From: Ian Kent raven@themaw.net
commit 0633da48f0793aeba27f82d30605624416723a91 upstream.
autofs_sbi() does not check the superblock magic number to verify it has been given an autofs super block.
Backport Note: autofs4 has been renamed to autofs upstream. As a result the upstream patch does not apply cleanly onto 4.14.y.
Link: http://lkml.kernel.org/r/153475422934.17131.7563724552005298277.stgit@pluto.... Reported-by: syzbot+87c3c541582e56943277@syzkaller.appspotmail.com Signed-off-by: Ian Kent raven@themaw.net Reviewed-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Zubin Mithra zsm@chromium.org --- fs/autofs4/autofs_i.h | 4 +++- fs/autofs4/inode.c | 1 - 2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/autofs4/autofs_i.h b/fs/autofs4/autofs_i.h index 4737615f0eaa..ce696d6c4641 100644 --- a/fs/autofs4/autofs_i.h +++ b/fs/autofs4/autofs_i.h @@ -26,6 +26,7 @@ #include <linux/list.h> #include <linux/completion.h> #include <asm/current.h> +#include <linux/magic.h>
/* This is the range of ioctl() numbers we claim as ours */ #define AUTOFS_IOC_FIRST AUTOFS_IOC_READY @@ -124,7 +125,8 @@ struct autofs_sb_info {
static inline struct autofs_sb_info *autofs4_sbi(struct super_block *sb) { - return (struct autofs_sb_info *)(sb->s_fs_info); + return sb->s_magic != AUTOFS_SUPER_MAGIC ? + NULL : (struct autofs_sb_info *)(sb->s_fs_info); }
static inline struct autofs_info *autofs4_dentry_ino(struct dentry *dentry) diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c index 09e7d68dff02..3c7e727612fa 100644 --- a/fs/autofs4/inode.c +++ b/fs/autofs4/inode.c @@ -14,7 +14,6 @@ #include <linux/pagemap.h> #include <linux/parser.h> #include <linux/bitops.h> -#include <linux/magic.h> #include "autofs_i.h" #include <linux/module.h>
On Thu, Aug 30, 2018 at 10:10:25AM -0700, Zubin Mithra wrote:
From: Ian Kent raven@themaw.net
commit 0633da48f0793aeba27f82d30605624416723a91 upstream.
autofs_sbi() does not check the superblock magic number to verify it has been given an autofs super block.
Backport Note: autofs4 has been renamed to autofs upstream. As a result the upstream patch does not apply cleanly onto 4.14.y.
What about other kernel trees, this should also go into 4.18.y, right? Anything older than 4.14.y?
thanks,
greg k-h
On Mon, Sep 3, 2018 at 9:18 AM Greg KH gregkh@linuxfoundation.org wrote:
On Thu, Aug 30, 2018 at 10:10:25AM -0700, Zubin Mithra wrote:
From: Ian Kent raven@themaw.net
commit 0633da48f0793aeba27f82d30605624416723a91 upstream.
autofs_sbi() does not check the superblock magic number to verify it has been given an autofs super block.
Backport Note: autofs4 has been renamed to autofs upstream. As a result the upstream patch does not apply cleanly onto 4.14.y.
What about other kernel trees, this should also go into 4.18.y, right?
Upstream commit 0633da48f0793aeba27f82d30605624416723a91 applies directly to 4.18.y.
Anything older than 4.14.y?
It does apply to v4.4.y and v4.9,y, but it has minor include file conflicts (different for each release).
Guenter
thanks,
greg k-h
On Mon, Sep 03, 2018 at 05:40:54PM -0700, Guenter Roeck wrote:
On Mon, Sep 3, 2018 at 9:18 AM Greg KH gregkh@linuxfoundation.org wrote:
On Thu, Aug 30, 2018 at 10:10:25AM -0700, Zubin Mithra wrote:
From: Ian Kent raven@themaw.net
commit 0633da48f0793aeba27f82d30605624416723a91 upstream.
autofs_sbi() does not check the superblock magic number to verify it has been given an autofs super block.
Backport Note: autofs4 has been renamed to autofs upstream. As a result the upstream patch does not apply cleanly onto 4.14.y.
What about other kernel trees, this should also go into 4.18.y, right?
Upstream commit 0633da48f0793aeba27f82d30605624416723a91 applies directly to 4.18.y.
Ah, makes sense, now queued up for 4.14.y and 4.18.y, thanks.
Anything older than 4.14.y?
It does apply to v4.4.y and v4.9,y, but it has minor include file conflicts (different for each release).
Thanks, that was easy to fix up.
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Greg Kroah-Hartman
-
Guenter Roeck -
Zubin Mithra