Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
ext4: force revalidation of directory pointer after seekdir(2)
A malicious user could force the directory pointer to be in an invalid
spot by using seekdir(2). Use the mechanism we already have to notice
if the directory has changed since the last time we called
ext4_readdir() to force a revalidation of the pointer.
Reported-by: syzbot+1236ce66f79263e8a862@syzkaller.appspotmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
+5
-3
fs/ext4/dir.c
+5
-3
fs/ext4/dir.c
···
365
{
366
struct inode *inode = file->f_mapping->host;
367
int dx_dir = is_dx_dir(inode);
368
-
loff_t htree_max = ext4_get_htree_eof(file);
369
370
if (likely(dx_dir))
371
-
return generic_file_llseek_size(file, offset, whence,
372
htree_max, htree_max);
373
else
374
-
return ext4_llseek(file, offset, whence);
375
}
376
377
/*
···
365
{
366
struct inode *inode = file->f_mapping->host;
367
int dx_dir = is_dx_dir(inode);
368
+
loff_t ret, htree_max = ext4_get_htree_eof(file);
369
370
if (likely(dx_dir))
371
+
ret = generic_file_llseek_size(file, offset, whence,
372
htree_max, htree_max);
373
else
374
+
ret = ext4_llseek(file, offset, whence);
375
+
file->f_version = inode_peek_iversion(inode) - 1;
376
+
return ret;
377
}
378
379
/*