From patchwork Tue Feb 19 14:32:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Pisati X-Patchwork-Id: 1044717 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 443jr740Ncz9s5c; Wed, 20 Feb 2019 01:32:39 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1gw6Rl-0002Wf-FM; Tue, 19 Feb 2019 14:32:33 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1gw6Rk-0002WI-1T for kernel-team@lists.ubuntu.com; Tue, 19 Feb 2019 14:32:32 +0000 Received: from 1.general.ppisati.uk.vpn ([10.172.193.134] helo=canonical.com) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1gw6Rj-0005gp-N1 for kernel-team@lists.ubuntu.com; Tue, 19 Feb 2019 14:32:31 +0000 From: Paolo Pisati To: kernel-team@lists.ubuntu.com Subject: [PATCH 0/2] [SRU][X/master] squashfs hardening Date: Tue, 19 Feb 2019 15:32:29 +0100 Message-Id: <1550586751-15363-1-git-send-email-paolo.pisati@canonical.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" "There are a number of squashfs hardening fixes. They don't have CVE number assigned but it would be good to backport the fixes to harden our kernel against malicious squashfs images. Snaps are simply squashfs images so an attacker could craft a malicious snap and attack the kernel of end users that install their crafted snaps." Patch 0001 required a rename s/PAGE_SIZE/PAGE_CACHE_SIZE/g[*], patch 0002 is a clean cherry pick - the othe patches that i previously submitted to Bionic/master, already landed as part of upstream SRU. *: see 09cbfeaf1a5a67bfb3201e0c83c810cecb2efa5a for more info wrt PAGE_SIZE vs PAGE_CACHE_SIZE - they are essentially the same, PAGE_CACHE_SIZE was never *really* used since it was always assumed to be equale to PAGE_SIZE so it was retired, etc. Linus Torvalds (1): squashfs metadata 2: electric boogaloo Phillip Lougher (1): Squashfs: Compute expected length from inode size rather than block length fs/squashfs/file.c | 50 ++++++++++++++++++++++++++--------------------- fs/squashfs/file_cache.c | 4 ++-- fs/squashfs/file_direct.c | 24 +++++++++++------------ fs/squashfs/squashfs.h | 3 ++- 4 files changed, 44 insertions(+), 37 deletions(-) Acked-by: Thadeu Lima de Souza Cascardo