From: Jan Kara <jack@suse.cz> stable inclusion from stable-v4.19.278 commit ec852375bb9766b0c205fb95fb19b28319655644 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/ID33EV CVE: CVE-2023-53695 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... -------------------------------- [ Upstream commit fc8033a34a3ca7d23353e645e6dde5d364ac5f12 ] System files in UDF filesystem have link count 0. To not confuse VFS we fudge the link count to be 1 when reading such inodes however we forget to restore the link count of 0 when writing such inodes. Fix that. CC: stable@vger.kernel.org Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Sasha Levin <sashal@kernel.org> Conflicts: fs/udf/inode.c fs/udf/super.c fs/udf/udf_i.h [Context conflicts in fs/udf/inode.c due to missing commit 6a1d712b43811 ('udf: Fix BUG on corrupted inode'). Conflicts in fs/udf/super.c and fs/udf/udf_i.h caused by missing commit 6da42219d24fb ('udf: reduce leakage of blocks related to named streams').] Signed-off-by: Zhao Yipeng <zhaoyipeng5@huawei.com> --- fs/udf/inode.c | 9 +++++++-- fs/udf/super.c | 1 + fs/udf/udf_i.h | 3 ++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/fs/udf/inode.c b/fs/udf/inode.c index 11f104931254..698c369b9224 100644 --- a/fs/udf/inode.c +++ b/fs/udf/inode.c @@ -1374,6 +1374,7 @@ static int udf_read_inode(struct inode *inode, bool hidden_inode) ret = -EIO; goto out; } + iinfo->i_hidden = hidden_inode; iinfo->i_unique = 0; iinfo->i_lenEAttr = 0; iinfo->i_lenExtents = 0; @@ -1681,8 +1682,12 @@ static int udf_update_inode(struct inode *inode, int do_sync) if (S_ISDIR(inode->i_mode) && inode->i_nlink > 0) fe->fileLinkCount = cpu_to_le16(inode->i_nlink - 1); - else - fe->fileLinkCount = cpu_to_le16(inode->i_nlink); + else { + if (iinfo->i_hidden) + fe->fileLinkCount = cpu_to_le16(0); + else + fe->fileLinkCount = cpu_to_le16(inode->i_nlink); + } fe->informationLength = cpu_to_le64(inode->i_size); diff --git a/fs/udf/super.c b/fs/udf/super.c index 699cda7f89f9..5c2d7a97df9a 100644 --- a/fs/udf/super.c +++ b/fs/udf/super.c @@ -154,6 +154,7 @@ static struct inode *udf_alloc_inode(struct super_block *sb) ei->i_next_alloc_block = 0; ei->i_next_alloc_goal = 0; ei->i_strat4096 = 0; + ei->i_hidden = 0; init_rwsem(&ei->i_data_sem); ei->cached_extent.lstart = -1; spin_lock_init(&ei->i_extent_cache_lock); diff --git a/fs/udf/udf_i.h b/fs/udf/udf_i.h index 2ef0e212f08a..c6acbc7c1c85 100644 --- a/fs/udf/udf_i.h +++ b/fs/udf/udf_i.h @@ -42,7 +42,8 @@ struct udf_inode_info { unsigned i_efe : 1; /* extendedFileEntry */ unsigned i_use : 1; /* unallocSpaceEntry */ unsigned i_strat4096 : 1; - unsigned reserved : 26; + unsigned i_hidden : 1; /* hidden system inode */ + unsigned reserved : 25; union { struct short_ad *i_sad; struct long_ad *i_lad; -- 2.34.1