| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 7 Jan 2023 09:37:53 +0800
From: Baokun Li <libaokun1@...wei.com>
To: Jan Kara <jack@...e.cz>
CC: <linux-ext4@...r.kernel.org>, <tytso@....edu>,
<adilger.kernel@...ger.ca>, <ritesh.list@...il.com>,
<linux-kernel@...r.kernel.org>, <yi.zhang@...wei.com>,
<yukuai3@...wei.com>,
Luís Henriques <lhenriques@...e.de>
Subject: Re: [PATCH 1/2] ext4: fail ext4_iget if special inode unallocated
On 2023/1/6 22:28, Jan Kara wrote:
> On Fri 06-01-23 18:47:05, Baokun Li wrote:
>> In ext4_fill_super(), EXT4_ORPHAN_FS flag is cleared after
>> ext4_orphan_cleanup() is executed. Therefore, when __ext4_iget() is
>> called to get an inode whose i_nlink is 0 when the flag exists, no error
>> is returned. If the inode is a special inode, a null pointer dereference
>> may occur. If the value of i_nlink is 0 for any inodes (except boot loader
>> inodes) got by using the EXT4_IGET_SPECIAL flag, the current file system
>> is corrupted. Therefore, make the ext4_iget() function return an error if
>> it gets such an abnormal special inode.
>>
>> Link: https://bugzilla.kernel.org/show_bug.cgi?id=199179
>> Link: https://bugzilla.kernel.org/show_bug.cgi?id=216541
>> Link: https://bugzilla.kernel.org/show_bug.cgi?id=216539
>> Reported-by: Luís Henriques <lhenriques@...e.de>
>> Suggested-by: Theodore Ts'o <tytso@....edu>
>> Signed-off-by: Baokun Li <libaokun1@...wei.com>
> Thanks for the patch! A few comments below.
>
>> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
>> index 9d9f414f99fe..3f7cfa91ba89 100644
>> --- a/fs/ext4/inode.c
>> +++ b/fs/ext4/inode.c
>> @@ -4872,13 +4872,6 @@ struct inode *__ext4_iget(struct super_block *sb, unsigned long ino,
>> goto bad_inode;
>> raw_inode = ext4_raw_inode(&iloc);
>>
>> - if ((ino == EXT4_ROOT_INO) && (raw_inode->i_links_count == 0)) {
>> - ext4_error_inode(inode, function, line, 0,
>> - "iget: root inode unallocated");
>> - ret = -EFSCORRUPTED;
>> - goto bad_inode;
>> - }
>> -
>> if ((flags & EXT4_IGET_HANDLE) &&
>> (raw_inode->i_links_count == 0) && (raw_inode->i_mode == 0)) {
>> ret = -ESTALE;
>> @@ -4951,10 +4944,13 @@ struct inode *__ext4_iget(struct super_block *sb, unsigned long ino,
>> * NeilBrown 1999oct15
>> */
>> if (inode->i_nlink == 0) {
>> - if ((inode->i_mode == 0 ||
>> + if ((inode->i_mode == 0 || (flags & EXT4_IGET_SPECIAL) ||
> ^ extra parenthesis here ^
Indeed, I'll remove the extra parenthesis.
>> !(EXT4_SB(inode->i_sb)->s_mount_state & EXT4_ORPHAN_FS)) &&
>> ino != EXT4_BOOT_LOADER_INO) {
>> /* this inode is deleted */
>> + if (flags & EXT4_IGET_SPECIAL)
>> + ext4_error_inode(inode, function, line, 0,
>> + "iget: special inode unallocated");
> I think it would be better to return -EFSCORRUPTED and not -ESTALE in this
> case.
Totally agree! For special inode, -EFSCORRUPTED is more reasonable.
>> ret = -ESTALE;
>> goto bad_inode;
>> }
> Otherwise the patch looks good to me.
>
> Honza
>
Thank you very much for your review!
I will send a patch V2 with the changes suggested by you.
--
With Best Regards,
Baokun Li
.
Powered by blists - more mailing lists