Due to lack of proper validation that cached inodes are free during allocation, causes a crash (refer to CVE-2018-13093 for more details). To address this issue, I'm backporting upstream commit [1] to 4.4 and 4.9 stable trees (a backport of [1] to 4.14 already exists).
Also, commit [1] references another commit [2] which added checks only to xfs_iget_cache_miss(). In this patch, those checks have been moved into a dedicated checker method and both xfs_iget_cache_miss() and xfs_iget_cache_hit() are made to call that method. This code reorg in commit [1], makes commit [2] redundant in the history of the 4.9 and 4.4 stable trees. So commit [2] is not being backported. -- Sid [1]: afca6c5b2595f ("xfs: validate cached inodes are free when allocated") [2]: ee457001ed6c ("xfs: catch inode allocation state mismatch corruption") [v4.9] Dave Chinner (1): xfs: More robust inode extent count validation fs/xfs/libxfs/xfs_format.h | 3 ++ fs/xfs/libxfs/xfs_inode_buf.c | 112 ++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 112 insertions(+), 3 deletions(-) [v.4.4] Dave Chinner (1): xfs: validate cached inodes are free when allocated fs/xfs/xfs_icache.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 50 insertions(+), 7 deletions(-) -- 2.7.4