lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 22 Jul 2010 08:03:18 +0800
From:	shenghui <crosslonelyover@...il.com>
To:	Jan Kara <jack@...e.cz>
Cc:	linux-ext4 <linux-ext4@...r.kernel.org>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	kernel-janitors <kernel-janitors@...r.kernel.org>
Subject: Re: [PATCH] check name_len before down_read xattr_sem and sb_read in 
	ext2_xattr_get

2010/7/22 Jan Kara <jack@...e.cz>:
>> Hi,
>>        I walked through ext2_xattr_get, and felt that we can
>> do some optimization on it. For name_len check, it's done
>> after down xattr_sem and sb_read, both of which are time
>> consuming operation compared with strlen:
>>          down_read(&EXT2_I(inode)->xattr_sem);
>>  ...
>>          bh = sb_bread(inode->i_sb, EXT2_I(inode)->i_file_acl);
>>  ...
>>          /* find named attribute */
>>          name_len = strlen(name);
>>
>>          error = -ERANGE;
>>          if (name_len > 255)
>>                  goto cleanup;
>>
>>        Most of the case, you'll get one valid block, but if the
>> name len > 255, then the xattr_sem down and sb_bread operation
>> can be seen as a waste of time. So I think we'd better do
>> name len check as early as possible.
>>        Following is my patch, and it's against 2.6.35-rc4.
>> Please check it.
>>
>> Signed-off-by: Wang Sheng-Hui <crosslonelyover@...il.com>
>> ---
>>  fs/ext2/xattr.c |   12 +++++++-----
>>  1 files changed, 7 insertions(+), 5 deletions(-)
>>
>> diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c
>> index 7c39157..0b94d61 100644
>> --- a/fs/ext2/xattr.c
>> +++ b/fs/ext2/xattr.c
>> @@ -161,6 +161,13 @@ ext2_xattr_get(struct inode *inode, int name_index, const char *name,
>>
>>       if (name == NULL)
>>               return -EINVAL;
>> +
>> +     /* find named attribute */
>> +     name_len = strlen(name);
>> +     error = -ERANGE;
>> +     if (name_len > 255)
>> +             goto cleanup;
>  But you cannot go to cleanup here because you don't hold xattr_sem...
>

Sorry, I'm a little confused by your words.
The patch just checks name_len, and it
doesn't need xattr_sem.



-- 


Thanks and Best Regards,
shenghui
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ