lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 20 May 2013 22:50:57 +0800
From:	boxi liu <boxi10liu@...il.com>
To:	"linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org>
Subject: it may be a ext4 feature-inlinedata bug

In fs/ext4/xattr.c file, the function ex4_xattr_set_entry(), the size
of xattr space we use the pad to count it .In line 675:
   size_t size = EXT4_XATTR_SIZE(i->value_len);
We use the EXT_XATTR_SIZE to count the value_len,then get the xattr's
used space.
But in fs/ext4/inline.c file,we just use the actual size to count the
inlinedata free size,in function get_max_inline_xattr_value_size()
,line 75,such as:
    free += le32_to_cpu(entry->e_value_size);
This may bring in a bug about count the inlinedata free space.
The bug reproduction way:
1. in the subarea with inline_data feature
    touch test
2. use echo to add to write the test file 129 bytes
3. use the "stat" to get the test file's status
    stat test
    the result is:  .....size:129 block:0 .....
4.use echo to add one byte in the test file
   echo -n "0">>test
5.use the "stat" to get the test file's status
   stat test
   the result is:  .....size:130 block:8 .....
It is incorrect.In inline_data feature,only when the size is bigger
then 132,it will use the block.

The patch about this bug:
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index 3e2bf87..bea5ced 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -72,7 +72,7 @@ static int get_max_inline_xattr_value_size(struct
inode *inode,
                entry = (struct ext4_xattr_entry *)
                        ((void *)raw_inode + EXT4_I(inode)->i_inline_off);

-               free += le32_to_cpu(entry->e_value_size);
+              free += EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size));
                goto out;
        }
It might be fix this bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ