Fix denial of service vulnerability in kernel ext4 file system
Multiple race conditions in the ext4 filesystem implementation in the Linux kernel
before 4.5 allow local users to cause a denial of service (disk corruption) by
writing to a page that is associated with a different user's file after
unsynchronized hole punching and page-fault handling.
The fix is designed to disable support for the fallocate
FALLOC_FL_PUNCH_HOLE to prevent the race conditions.
A-28760453
CVE-2015-8839
Change-Id: I83afe9d006b3d3e31b182ecbbf5db32a15178e7c
Signed-off-by: Itsuki Yamashita <yamashitai@casio.co.jp>
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 0d8ffe5..aaf84ee 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3501,6 +3501,7 @@
int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
{
+#if 0
struct super_block *sb = inode->i_sb;
ext4_lblk_t first_block, stop_block;
struct address_space *mapping = inode->i_mapping;
@@ -3624,6 +3625,12 @@
out_mutex:
mutex_unlock(&inode->i_mutex);
return ret;
+#else
+ /*
+ * Disabled as per b/28760453
+ */
+ return -EOPNOTSUPP;
+#endif
}
int ext4_inode_attach_jinode(struct inode *inode)
