diff --git a/patches.suse/0001-squashfs-fix-inode-lookup-sanity-checks.patch b/patches.suse/0001-squashfs-fix-inode-lookup-sanity-checks.patch new file mode 100644 index 0000000..c025ced --- /dev/null +++ b/patches.suse/0001-squashfs-fix-inode-lookup-sanity-checks.patch @@ -0,0 +1,67 @@ +From ea22982aa6cb0a6503df6b1023a6823adbe22dab Mon Sep 17 00:00:00 2001 +From: Sean Nyekjaer +Date: Thu, 18 Mar 2021 17:01:21 +1100 +Subject: [PATCH 1/2] squashfs: fix inode lookup sanity checks +Patch-mainline: Not yet, queued in akpm's -mm patchqueue +References: bsc#1183850 + +When mouting a squashfs image created without inode compression it fails +With: "unable to read inode lookup table" + +It turns out that the BLOCK_OFFSET is missing when checking the +SQUASHFS_METADATA_SIZE agaist the actual size. + +Link: https://lkml.kernel.org/r/20210226092903.1473545-1-sean@geanix.com +Fixes: eabac19e40c0 ("squashfs: add more sanity checks in inode lookup") +Signed-off-by: Sean Nyekjaer +Acked-by: Phillip Lougher +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Stephen Rothwell +Signed-off-by: Varad Gautam + +--- + fs/squashfs/export.c | 8 ++++++-- + fs/squashfs/squashfs_fs.h | 1 + + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/fs/squashfs/export.c b/fs/squashfs/export.c +index eb02072d28dd..723763746238 100644 +--- a/fs/squashfs/export.c ++++ b/fs/squashfs/export.c +@@ -152,14 +152,18 @@ __le64 *squashfs_read_inode_lookup_table(struct super_block *sb, + start = le64_to_cpu(table[n]); + end = le64_to_cpu(table[n + 1]); + +- if (start >= end || (end - start) > SQUASHFS_METADATA_SIZE) { ++ if (start >= end ++ || (end - start) > ++ (SQUASHFS_METADATA_SIZE + SQUASHFS_BLOCK_OFFSET)) { + kfree(table); + return ERR_PTR(-EINVAL); + } + } + + start = le64_to_cpu(table[indexes - 1]); +- if (start >= lookup_table_start || (lookup_table_start - start) > SQUASHFS_METADATA_SIZE) { ++ if (start >= lookup_table_start || ++ (lookup_table_start - start) > ++ (SQUASHFS_METADATA_SIZE + SQUASHFS_BLOCK_OFFSET)) { + kfree(table); + return ERR_PTR(-EINVAL); + } +diff --git a/fs/squashfs/squashfs_fs.h b/fs/squashfs/squashfs_fs.h +index 8d64edb80ebf..b3fdc8212c5f 100644 +--- a/fs/squashfs/squashfs_fs.h ++++ b/fs/squashfs/squashfs_fs.h +@@ -17,6 +17,7 @@ + + /* size of metadata (inode and directory) blocks */ + #define SQUASHFS_METADATA_SIZE 8192 ++#define SQUASHFS_BLOCK_OFFSET 2 + + /* default size of block device I/O */ + #ifdef CONFIG_SQUASHFS_4K_DEVBLK_SIZE +-- +2.30.2 + diff --git a/patches.suse/0002-squashfs-fix-xattr-id-and-id-lookup-sanity-checks.patch b/patches.suse/0002-squashfs-fix-xattr-id-and-id-lookup-sanity-checks.patch new file mode 100644 index 0000000..461cbf4 --- /dev/null +++ b/patches.suse/0002-squashfs-fix-xattr-id-and-id-lookup-sanity-checks.patch @@ -0,0 +1,73 @@ +From bd6fa56a90d9f928e30efd165dc46e9afe4d443d Mon Sep 17 00:00:00 2001 +From: Phillip Lougher +Date: Thu, 18 Mar 2021 17:01:21 +1100 +Subject: [PATCH 2/2] squashfs: fix xattr id and id lookup sanity checks +Patch-mainline: Not yet, queued in akpm's -mm patchqueue +References: bsc#1183850 + +The checks for maximum metadata block size is missing +SQUASHFS_BLOCK_OFFSET (the two byte length count). + +Link: https://lkml.kernel.org/r/2069685113.2081245.1614583677427@webmail.123-reg.co.uk +Fixes: f37aa4c7366e23f ("squashfs: add more sanity checks in id lookup") +Signed-off-by: Phillip Lougher +Cc: Sean Nyekjaer +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Stephen Rothwell +Signed-off-by: Varad Gautam + +--- + fs/squashfs/id.c | 6 ++++-- + fs/squashfs/xattr_id.c | 6 ++++-- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/fs/squashfs/id.c b/fs/squashfs/id.c +index 11581bf31af4..ea5387679723 100644 +--- a/fs/squashfs/id.c ++++ b/fs/squashfs/id.c +@@ -97,14 +97,16 @@ __le64 *squashfs_read_id_index_table(struct super_block *sb, + start = le64_to_cpu(table[n]); + end = le64_to_cpu(table[n + 1]); + +- if (start >= end || (end - start) > SQUASHFS_METADATA_SIZE) { ++ if (start >= end || (end - start) > ++ (SQUASHFS_METADATA_SIZE + SQUASHFS_BLOCK_OFFSET)) { + kfree(table); + return ERR_PTR(-EINVAL); + } + } + + start = le64_to_cpu(table[indexes - 1]); +- if (start >= id_table_start || (id_table_start - start) > SQUASHFS_METADATA_SIZE) { ++ if (start >= id_table_start || (id_table_start - start) > ++ (SQUASHFS_METADATA_SIZE + SQUASHFS_BLOCK_OFFSET)) { + kfree(table); + return ERR_PTR(-EINVAL); + } +diff --git a/fs/squashfs/xattr_id.c b/fs/squashfs/xattr_id.c +index ead66670b41a..087cab8c78f4 100644 +--- a/fs/squashfs/xattr_id.c ++++ b/fs/squashfs/xattr_id.c +@@ -109,14 +109,16 @@ __le64 *squashfs_read_xattr_id_table(struct super_block *sb, u64 table_start, + start = le64_to_cpu(table[n]); + end = le64_to_cpu(table[n + 1]); + +- if (start >= end || (end - start) > SQUASHFS_METADATA_SIZE) { ++ if (start >= end || (end - start) > ++ (SQUASHFS_METADATA_SIZE + SQUASHFS_BLOCK_OFFSET)) { + kfree(table); + return ERR_PTR(-EINVAL); + } + } + + start = le64_to_cpu(table[indexes - 1]); +- if (start >= table_start || (table_start - start) > SQUASHFS_METADATA_SIZE) { ++ if (start >= table_start || (table_start - start) > ++ (SQUASHFS_METADATA_SIZE + SQUASHFS_BLOCK_OFFSET)) { + kfree(table); + return ERR_PTR(-EINVAL); + } +-- +2.30.2 + diff --git a/series.conf b/series.conf index e46e224..8dfa1b3 100644 --- a/series.conf +++ b/series.conf @@ -47436,6 +47436,8 @@ # out-of-tree patches patches.suse/perf-x86-intel-uncore-Store-the-logical-die-id-inste.patch patches.suse/perf-x86-intel-uncore-With-8-nodes-get-pci-bus-die-i.patch + patches.suse/0001-squashfs-fix-inode-lookup-sanity-checks.patch + patches.suse/0002-squashfs-fix-xattr-id-and-id-lookup-sanity-checks.patch ######################################################## # end of sorted patches