From fda70d3865d39d6ae277bc02351d16e092f8381e Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Mon, 29 Nov 2021 12:06:00 +0100 Subject: [PATCH] drop oboslete ocfs2 patch now upstreamed in a slightly different way Signed-off-by: Thomas Lamprecht --- ...fails-with-buffer-overflow-in-strlen.patch | 68 ------------------- 1 file changed, 68 deletions(-) delete mode 100644 patches/kernel/0008-ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch diff --git a/patches/kernel/0008-ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch b/patches/kernel/0008-ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch deleted file mode 100644 index b01e25b..0000000 --- a/patches/kernel/0008-ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Valentin Vidic -Date: Mon, 27 Sep 2021 17:44:59 +0200 -Subject: [PATCH] ocfs2: mount fails with buffer overflow in strlen - -Starting with kernel v5.11 mouting an ocfs2 filesystem with either o2cb -or pcmk cluster stack fails with the trace below. Problem seems to be -that strings for cluster stack and cluster name are not guaranteed to be -null terminated in the disk representation, while strlcpy assumes that -the source string is always null terminated. This causes a read outside -of the source string triggering the buffer overflow detection. - -detected buffer overflow in strlen -------------[ cut here ]------------ -kernel BUG at lib/string.c:1149! -invalid opcode: 0000 [#1] SMP PTI -CPU: 1 PID: 910 Comm: mount.ocfs2 Not tainted 5.14.0-1-amd64 #1 - Debian 5.14.6-2 -RIP: 0010:fortify_panic+0xf/0x11 -... -Call Trace: - ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2] - ocfs2_fill_super+0x359/0x19b0 [ocfs2] - mount_bdev+0x185/0x1b0 - ? ocfs2_remount+0x440/0x440 [ocfs2] - legacy_get_tree+0x27/0x40 - vfs_get_tree+0x25/0xb0 - path_mount+0x454/0xa20 - __x64_sys_mount+0x103/0x140 - do_syscall_64+0x3b/0xc0 - entry_SYSCALL_64_after_hwframe+0x44/0xae - -Signed-off-by: Valentin Vidic -Signed-off-by: Thomas Lamprecht ---- - fs/ocfs2/super.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c -index c86bd4e60e20..1dea535224df 100644 ---- a/fs/ocfs2/super.c -+++ b/fs/ocfs2/super.c -@@ -2169,9 +2169,10 @@ static int ocfs2_initialize_super(struct super_block *sb, - if (ocfs2_clusterinfo_valid(osb)) { - osb->osb_stackflags = - OCFS2_RAW_SB(di)->s_cluster_info.ci_stackflags; -- strlcpy(osb->osb_cluster_stack, -+ memcpy(osb->osb_cluster_stack, - OCFS2_RAW_SB(di)->s_cluster_info.ci_stack, -- OCFS2_STACK_LABEL_LEN + 1); -+ OCFS2_STACK_LABEL_LEN); -+ osb->osb_cluster_stack[OCFS2_STACK_LABEL_LEN] = '\0'; - if (strlen(osb->osb_cluster_stack) != OCFS2_STACK_LABEL_LEN) { - mlog(ML_ERROR, - "couldn't mount because of an invalid " -@@ -2180,9 +2181,10 @@ static int ocfs2_initialize_super(struct super_block *sb, - status = -EINVAL; - goto bail; - } -- strlcpy(osb->osb_cluster_name, -+ memcpy(osb->osb_cluster_name, - OCFS2_RAW_SB(di)->s_cluster_info.ci_cluster, -- OCFS2_CLUSTER_NAME_LEN + 1); -+ OCFS2_CLUSTER_NAME_LEN); -+ osb->osb_cluster_name[OCFS2_CLUSTER_NAME_LEN] = '\0'; - } else { - /* The empty string is identical with classic tools that - * don't know about s_cluster_info. */ -- 2.39.2