| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Nov 2014 11:48:52 -0500 From: Theodore Ts'o <tytso@....edu> To: "Darrick J. Wong" <darrick.wong@...cle.com> Cc: Sami Liedes <sami.liedes@....fi>, linux-ext4@...r.kernel.org Subject: Re: [PATCH 05/39] libext2fs: don't memcpy identical pointers when writing a cache block On Sat, Oct 25, 2014 at 01:56:55PM -0700, Darrick J. Wong wrote: > Sami Liedes found a scenario where we could memcpy incorrectly: > > If a block read fails during an e2fsck run, the UNIX IO manager will > call the io->read_error routine with a pointer to the internal block > cache. The e2fsck read error handler immediately tries to write the > buffer back out to disk(!), at which point the block write code will > try to copy the buffer contents back into the block cache. Normally > this is fine, but not when the write buffer is the cache itself! > > So, plumb in a trivial check for this condition. A more thorough > solution would pass a duplicated buffer to the IO error handlers, but > I don't know if that happens frequently enough to be worth the extra > point of failure. > > Signed-off-by: Darrick J. Wong <darrick.wong@...cle.com> > Reported-by: Sami Liedes <sami.liedes@....fi> Applied, thanks. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists