| Message ID | 1550586751-15363-1-git-send-email-paolo.pisati@canonical.com |
|---|---|
| Headers | show |
| Series | squashfs hardening | expand |
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Save for the fixups Tyler mentioned.
Cascardo.
Applied to X/master-next after adding missing BugLink On 2019-02-19 15:32:29 , Paolo Pisati wrote: > "There are a number of squashfs hardening fixes. They don't have CVE number > assigned but it would be good to backport the fixes to harden our kernel against > malicious squashfs images. Snaps are simply squashfs images so an attacker could > craft a malicious snap and attack the kernel of end users that install their > crafted snaps." > > Patch 0001 required a rename s/PAGE_SIZE/PAGE_CACHE_SIZE/g[*], patch 0002 is a > clean cherry pick - the othe patches that i previously submitted to > Bionic/master, already landed as part of upstream SRU. > > *: see 09cbfeaf1a5a67bfb3201e0c83c810cecb2efa5a for more info wrt PAGE_SIZE vs > PAGE_CACHE_SIZE - they are essentially the same, PAGE_CACHE_SIZE was never > *really* used since it was always assumed to be equale to PAGE_SIZE so it was > retired, etc. > > Linus Torvalds (1): > squashfs metadata 2: electric boogaloo > > Phillip Lougher (1): > Squashfs: Compute expected length from inode size rather than block > length > > fs/squashfs/file.c | 50 ++++++++++++++++++++++++++--------------------- > fs/squashfs/file_cache.c | 4 ++-- > fs/squashfs/file_direct.c | 24 +++++++++++------------ > fs/squashfs/squashfs.h | 3 ++- > 4 files changed, 44 insertions(+), 37 deletions(-) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
"There are a number of squashfs hardening fixes. They don't have CVE number assigned but it would be good to backport the fixes to harden our kernel against malicious squashfs images. Snaps are simply squashfs images so an attacker could craft a malicious snap and attack the kernel of end users that install their crafted snaps." Patch 0001 required a rename s/PAGE_SIZE/PAGE_CACHE_SIZE/g[*], patch 0002 is a clean cherry pick - the othe patches that i previously submitted to Bionic/master, already landed as part of upstream SRU. *: see 09cbfeaf1a5a67bfb3201e0c83c810cecb2efa5a for more info wrt PAGE_SIZE vs PAGE_CACHE_SIZE - they are essentially the same, PAGE_CACHE_SIZE was never *really* used since it was always assumed to be equale to PAGE_SIZE so it was retired, etc. Linus Torvalds (1): squashfs metadata 2: electric boogaloo Phillip Lougher (1): Squashfs: Compute expected length from inode size rather than block length fs/squashfs/file.c | 50 ++++++++++++++++++++++++++--------------------- fs/squashfs/file_cache.c | 4 ++-- fs/squashfs/file_direct.c | 24 +++++++++++------------ fs/squashfs/squashfs.h | 3 ++- 4 files changed, 44 insertions(+), 37 deletions(-)