| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Jun 2011 16:27:29 +0800
From: Robin Dong <hao.bigrat@...il.com>
To: Yongqiang Yang <xiaoqiangnk@...il.com>
Cc: Eric Sandeen <sandeen@...hat.com>, linux-ext4@...r.kernel.org,
Robin Dong <sanbai@...bao.com>
Subject: Re: [PATCH v2] ext4: avoid eh_entries overflow before insert extent_idx
2011/6/24 Yongqiang Yang <xiaoqiangnk@...il.com>:
> On Thu, Jun 23, 2011 at 10:57 PM, Eric Sandeen <sandeen@...hat.com> wrote:
>> On 6/23/11 3:47 AM, Robin Dong wrote:
>>> If eh_entries is equal to (or greater than) eh_max, the operation of
>>> inserting new extent_idx will make number of entries overflow.
>>> So check eh_entries before inserting the new extent_idx.
>>
>> Do you have any testcase you can share which shows this bug?
> I am not sure if Robin has any test case.
>
> According to code, I think there is no bug case. Because this
> function is called by ext4_ext_split() and ext4_ext_split() is called
> only if the index block has free space.
>
> I think the right logic should be as this patch shows, that is, we
> should lookup the capacity before insertion.
Exactly! :-)
--
--
Best Regard
Robin Dong
>
> Yongqiang.
>>
>> Thanks,
>> -Eric
>>
>>> Signed-off-by: Robin Dong <sanbai@...bao.com>
>>> ---
>>> fs/ext4/extents.c | 18 ++++++++++--------
>>> 1 files changed, 10 insertions(+), 8 deletions(-)
>>>
>>> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
>>> index eb63c7b..792e77e 100644
>>> --- a/fs/ext4/extents.c
>>> +++ b/fs/ext4/extents.c
>>> @@ -776,6 +776,16 @@ static int ext4_ext_insert_index(handle_t *handle, struct inode *inode,
>>> logical, le32_to_cpu(curp->p_idx->ei_block));
>>> return -EIO;
>>> }
>>> +
>>> + if (unlikely(le16_to_cpu(curp->p_hdr->eh_entries)
>>> + >= le16_to_cpu(curp->p_hdr->eh_max))) {
>>> + EXT4_ERROR_INODE(inode,
>>> + "eh_entries %d >= eh_max %d!",
>>> + le16_to_cpu(curp->p_hdr->eh_entries),
>>> + le16_to_cpu(curp->p_hdr->eh_max));
>>> + return -EIO;
>>> + }
>>> +
>>> len = EXT_MAX_INDEX(curp->p_hdr) - curp->p_idx;
>>> if (logical > le32_to_cpu(curp->p_idx->ei_block)) {
>>> /* insert after */
>>> @@ -805,14 +815,6 @@ static int ext4_ext_insert_index(handle_t *handle, struct inode *inode,
>>> ext4_idx_store_pblock(ix, ptr);
>>> le16_add_cpu(&curp->p_hdr->eh_entries, 1);
>>>
>>> - if (unlikely(le16_to_cpu(curp->p_hdr->eh_entries)
>>> - > le16_to_cpu(curp->p_hdr->eh_max))) {
>>> - EXT4_ERROR_INODE(inode,
>>> - "eh_entries %d > eh_max %d!",
>>> - le16_to_cpu(curp->p_hdr->eh_entries),
>>> - le16_to_cpu(curp->p_hdr->eh_max));
>>> - return -EIO;
>>> - }
>>> if (unlikely(ix > EXT_LAST_INDEX(curp->p_hdr))) {
>>> EXT4_ERROR_INODE(inode, "ix > EXT_LAST_INDEX!");
>>> return -EIO;
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
>> the body of a message to majordomo@...r.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>
>
>
> --
> Best Wishes
> Yongqiang Yang
>
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists