lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 18 Sep 2017 11:11:53 +0200
From:   Greg Kroah-Hartman <>
Cc:     Greg Kroah-Hartman <>,
        Brian Foster <>,
        "Darrick J. Wong" <>
Subject: [PATCH 4.9 44/78] xfs: fix quotacheck dquot id overflow infinite loop

4.9-stable review patch.  If anyone has any objections, please let me know.


From: Brian Foster <>

commit cfaf2d034360166e569a4929dd83ae9698bed856 upstream.

If a dquot has an id of U32_MAX, the next lookup index increment
overflows the uint32_t back to 0. This starts the lookup sequence
over from the beginning, repeats indefinitely and results in a

Update xfs_qm_dquot_walk() to explicitly check for the lookup
overflow and exit the loop.

Signed-off-by: Brian Foster <>
Reviewed-by: Darrick J. Wong <>
Signed-off-by: Darrick J. Wong <>
Signed-off-by: Greg Kroah-Hartman <>
 fs/xfs/xfs_qm.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/fs/xfs/xfs_qm.c
+++ b/fs/xfs/xfs_qm.c
@@ -111,6 +111,9 @@ restart:
 			skipped = 0;
+		/* we're done if id overflows back to zero */
+		if (!next_index)
+			break;
 	if (skipped) {

Powered by blists - more mailing lists