lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 6 Nov 2009 14:48:50 -0500
From:	Theodore Tso <tytso@....edu>
To:	Nageswara R Sastry <rnsastry@...ux.vnet.ibm.com>
Cc:	linux-ext4 <linux-ext4@...r.kernel.org>,
	Kamalesh Babulal <kamalesh@...ux.vnet.ibm.com>,
	sachin p sant <sachinp@...ux.vnet.ibm.com>,
	Ramon <rcvalle@...ux.vnet.ibm.com>, aneesh.kumar@...ibm.com
Subject: Re: [OOPs] ext4: fixpoint divide exception at
	ext4_fill_super+0x141c/0x2908

On Wed, Nov 04, 2009 at 07:24:04PM +0530, Nageswara R Sastry wrote:
> Seems to be I have a little format related issue with the patch. So  
> resending it. Please accept my apologies.
> Sachin thanks for letting me know.
>
>>  > ------------[ cut here ]------------
>>  > Kernel BUG at 000003e00429d934 [verbose debug info unavailable]
>>  > fixpoint divide exception: 0009 [#1] SMP
>>
>> Please find the patch which solves the following 'fixpoint divide  
>> exception'. I tested the same and not seeing any KERNEL BUG/exception.

Nageswara,

Thanks for sending this patch.  The problem with it is that it leaves
sbi->s_log_groups_per_flex non-zero, but it leaves sbi->s_flex_groups
unallocated.  This should lead to number of kernel oops caused by a
null pointer dereference if there is any attempt to allocate blocks or
inodes, or to resize the filesystem.

A better fix is would be:

ext4: Avoid divide by zero when trying to mount a corrupted file system

If s_log_groups_per_flex is greater than 31, then groups_per_flex will
will overflow and cause a divide by zero error.  This can cause kernel
BUG if such a file system is mounted.

Thanks to Nageswara R Sastry for analyzing the failure and providing
an initial patch.

http://bugzilla.kernel.org/show_bug.cgi?id=14287

Signed-off-by: "Theodore Ts'o" <tytso@....edu>
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index d4ca92a..8662b2e 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1673,14 +1673,14 @@ static int ext4_fill_flex_info(struct super_block *sb)
 	size_t size;
 	int i;
 
-	if (!sbi->s_es->s_log_groups_per_flex) {
+	sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex;
+	groups_per_flex = 1 << sbi->s_log_groups_per_flex;
+
+	if (groups_per_flex < 2) {
 		sbi->s_log_groups_per_flex = 0;
 		return 1;
 	}
 
-	sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex;
-	groups_per_flex = 1 << sbi->s_log_groups_per_flex;
-
 	/* We allocate both existing and potentially added groups */
 	flex_group_count = ((sbi->s_groups_count + groups_per_flex - 1) +
 			((le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) + 1) <<
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ