| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Jul 2017 13:46:31 +0200
From: Jan Kara <jack@...e.cz>
To: Ernesto A. Fernández
<ernesto.mnd.fernandez@...il.com>
Cc: jack@...e.com, linux-ext4@...r.kernel.org
Subject: Re: [PATCH] ext2: Fix memory leak when truncate races ext2_get_blocks
On Fri 23-06-17 21:37:21, Ernesto A. Fernández wrote:
> Buffer heads referencing indirect blocks may not be released if the file
> is truncated at the right time. This happens because ext2_get_branch()
> returns NULL when it finds the whole chain of indirect blocks already
> set, and when truncate alters the chain this value of NULL is
> treated as the address of the last head to be released. Handle this in the
> same way as it's done after the got_it label.
>
> Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@...il.com>
> ---
> Despite trying I haven't actually managed to trigger this race. I tested
> the patch by inducing regular failures in verify_chain().
Thanks! I've merged the patch to my tree.
Honza
>
> fs/ext2/inode.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/fs/ext2/inode.c b/fs/ext2/inode.c
> index 2dcbd56..30163d0 100644
> --- a/fs/ext2/inode.c
> +++ b/fs/ext2/inode.c
> @@ -659,6 +659,7 @@ static int ext2_get_blocks(struct inode *inode,
> */
> err = -EAGAIN;
> count = 0;
> + partial = chain + depth - 1;
> break;
> }
> blk = le32_to_cpu(*(chain[depth-1].p + count));
> --
> 2.1.4
>
>
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists