)]}'
{
  "commit": "3e0971e1551e88a5a9e615c239f034fd9fd8a423",
  "tree": "0426636933c0a5d6a977196290459b4b90607de7",
  "parents": [
    "503e802054ba6c747539b24df8c3df73ddb3f9cf"
  ],
  "author": {
    "name": "Christoph Hellwig",
    "email": "hch@lst.de",
    "time": "Tue Apr 30 06:07:55 2024 +0200"
  },
  "committer": {
    "name": "COS Cherry Picker",
    "email": "cloud-image-release@prod.google.com",
    "time": "Fri Aug 09 15:26:31 2024 -0700"
  },
  "message": "xfs: fix log recovery buffer allocation for the legacy h_size fixup\n\n[ Upstream commit 45cf976008ddef4a9c9a30310c9b4fb2a9a6602a ]\n\nNote: The upstream commit was adjusted to use kmem_free instead of\nkvfree since kmem_free was used in xfs_log_recover.c until commit\n49292576136f (xfs: convert kmem_free() for kvmalloc users to\nkvfree()), and the remainder of the file still uses kmem_free.\n\nCommit a70f9fe52daa (\"xfs: detect and handle invalid iclog size set by\nmkfs\") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions.  Later commit 0c771b99d6c9\n(\"xfs: clean up calculation of LR header blocks\") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation.\n\nBUG\u003db/352002683\nTEST\u003dpresubmit, xfstests on stable kernel\nRELEASE_NOTE\u003dFixed CVE-2024-39472 in the linux kernel\n\ncos-patch: security-moderate\nFixes: 0c771b99d6c9 (\"xfs: clean up calculation of LR header blocks\")\nReported-by: Sam Sun \u003csamsun1006219@gmail.com\u003e\nChange-Id: I1fc6411763005d2d199f98ed78bb64983fb0e99a\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nReviewed-by: Brian Foster \u003cbfoster@redhat.com\u003e\nReviewed-by: \"Darrick J. Wong\" \u003cdjwong@kernel.org\u003e\nSigned-off-by: Chandan Babu R \u003cchandanbabu@kernel.org\u003e\nReviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/78500\nReviewed-by: Oleksandr Tymoshenko \u003covt@google.com\u003e\nMain-Branch-Verified: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\nTested-by: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "322eb2ee6c5506b6d048d548d11f1f7594b0c670",
      "old_mode": 33188,
      "old_path": "fs/xfs/xfs_log_recover.c",
      "new_id": "05e48523ea400dde8de7153076f7d30ba3486ad8",
      "new_mode": 33188,
      "new_path": "fs/xfs/xfs_log_recover.c"
    }
  ]
}