lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 12 Jun 2018 23:12:02 -0600
From:   Andreas Dilger <adilger@...ger.ca>
To:     Theodore Ts'o <tytso@....edu>
Cc:     Ext4 Developers List <linux-ext4@...r.kernel.org>,
        Wen Xu <wen.xu@...ech.edu>
Subject: Re: [PATCH 2/2] ext4: always verify the magic number in xattr blocks

On Jun 12, 2018, at 10:52 PM, Theodore Ts'o <tytso@....edu> wrote:
> 
> If there an inode points to a block which is also some other type of
> metadata block (such as a block allocation bitmap), the
> buffer_verified flag can be set when it was validated as that other
> metadata block type; however, it would make a really terrible external
> attribute block.  The reason why we use the verified flag is to avoid
> constantly reverifying the block.  However, it doesn't take much
> overhead to make sure the magic number of the xattr block is correct,
> and this will avoid potential crashes.
> 
> https://bugzilla.kernel.org/show_bug.cgi?id=200001
> https://bugzilla.kernel.org/show_bug.cgi?id=199997
> 
> Signed-off-by: Theodore Ts'o <tytso@....edu>

This also could be a problem with other incorrectly-shared blocks that
use the verified flag (e.g. directory leaf blocks), etc.  Should we
separate these into BH_verified_dir, BH_verified_ibmap, BH_verified_bbmap,
and BH_verified_xattr to avoid the potential conflicts?

It looks like we still have enough free bits to handle this.

That said, this patch is still an improvement over the current state.

Reviewed-by: Andreas Dilger <adilger@...ger.ca>

> ---
> fs/ext4/xattr.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
> index 230ba79715f6..0263692979ec 100644
> --- a/fs/ext4/xattr.c
> +++ b/fs/ext4/xattr.c
> @@ -230,12 +230,12 @@ __ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh,
> {
> 	int error = -EFSCORRUPTED;
> 
> -	if (buffer_verified(bh))
> -		return 0;
> -
> 	if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) ||
> 	    BHDR(bh)->h_blocks != cpu_to_le32(1))
> 		goto errout;
> +	if (buffer_verified(bh))
> +		return 0;
> +
> 	error = -EFSBADCRC;
> 	if (!ext4_xattr_block_csum_verify(inode, bh))
> 		goto errout;
> --
> 2.18.0.rc0
> 


Cheers, Andreas






Download attachment "signature.asc" of type "application/pgp-signature" (874 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ