lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 23 Jun 2015 08:48:39 +0800
From:	Joseph Qi <joseph.qi@...wei.com>
To:	"Theodore Ts'o" <tytso@....edu>
CC:	<linux-ext4@...r.kernel.org>,
	"ocfs2-devel@....oracle.com" <ocfs2-devel@....oracle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Mark Fasheh <mfasheh@...e.com>,
	Joel Becker <jlbec@...lplan.org>,
	"Junxiao Bi" <junxiao.bi@...cle.com>,
	jiangyiwen <jiangyiwen@...wei.com>
Subject: Re: [PATCH] jbd2: fix ocfs2 corrupt when updating journal superblock
 fails

Hi Ted,
Thanks for pointing out this issue and fixing it. If return 1 it may
break out those can only handle zero/negative return value.
I am sorry for not considering this before.

On 2015/6/19 22:48, Theodore Ts'o wrote:
> This patch caused test ext4/306 to fail, because it caused resize2fs
> to fail.  The problem is that jbd2_cleanup_journal_tail() will return
> 1 if there is nothing to cleanup, and a negative error number if there
> is an error.  Unfortunately, this patch hunk:
> 
> On Mon, Jun 08, 2015 at 09:31:12AM +0800, Joseph Qi wrote:
>> diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
>> index b96bd80..6b33a42 100644
>> --- a/fs/jbd2/journal.c
>> +++ b/fs/jbd2/journal.c
>> @@ -1950,7 +1966,13 @@ int jbd2_journal_flush(journal_t *journal)
>>  		return -EIO;
>>
>>  	mutex_lock(&journal->j_checkpoint_mutex);
>> -	jbd2_cleanup_journal_tail(journal);
>> +	if (!err) {
>> +		err = jbd2_cleanup_journal_tail(journal);
>> +		if (err < 0) {
>> +			mutex_unlock(&journal->j_checkpoint_mutex);
>> +			goto out;
>> +		}
>> +	}
> 
> ... would let the non-negative return value leak out to
> jbd2_journal_flush(), and its callers are *not* prepared to handle the
> non-negative return value (since jbd2_journal_flush wasn't doing this
> before.)
> 
> I've fixed this by adding a "err = 0;" after the if statement.
> 
>           	   	   	    	 - Ted
> 
> .
> 


--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in

Powered by blists - more mailing lists