ext4: init timer earlier to avoid a kernel panic in __save_error_info, CVE-2011-2493
authorTao Ma <boyu.mt@taobao.com>
Thu, 7 Jul 2011 12:39:00 +0000 (13:39 +0100)
committerTim Gardner <tim.gardner@canonical.com>
Thu, 7 Jul 2011 13:15:21 +0000 (07:15 -0600)
commit2d64a696525142d261c4041ecb115125db8444f4
treeaca853f22f206ae974ed08f0d98ec197c7cb0471
parente4950a6c72538831b0e1a63aa316b574c0193ece
ext4: init timer earlier to avoid a kernel panic in __save_error_info, CVE-2011-2493

During mount, when we fail to open journal inode or root inode, the
__save_error_info will mod_timer. But actually s_err_report isn't
initialized yet and the kernel oops. The detailed information can
be found https://bugzilla.kernel.org/show_bug.cgi?id=32082.

The best way is to check whether the timer s_err_report is initialized
or not. But it seems that in include/linux/timer.h, we can't find a
good function to check the status of this timer, so this patch just
move the initializtion of s_err_report earlier so that we can avoid
the kernel panic. The corresponding del_timer is also added in the
error path.

Reported-by: Sami Liedes <sliedes@cc.hut.fi>
Signed-off-by: Tao Ma <boyu.mt@taobao.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
(cherry picked from commit 0449641130f5652b344ef6fa39fa019d7e94660a)
CVE-2011-2493
BugLink: http://bugs.launchpad.net/bugs/806929
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
fs/ext4/super.c