lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Dec 2012 12:10:12 +0900 From: Namjae Jeon <linkinjeon@...il.com> To: jaegeuk.kim@...sung.com Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, Namjae Jeon <linkinjeon@...il.com>, Namjae Jeon <namjae.jeon@...sung.com>, Amit Sahrawat <a.sahrawat@...sung.com> Subject: [PATCH 4/5] f2fs: fix fsync_inode list addition logic and avoid invalid access to memory From: Namjae Jeon <namjae.jeon@...sung.com> In function find_fsync_dnodes() - the fsync inodes gets added to the list, but in one path suppose f2fs_iget results in error, in such case - error gets added to the fsync inode list. In next call to recover_data()->get_fsync_inode() entry = list_entry(this, struct fsync_inode_entry, list); if (entry->inode->i_ino == ino) This can result in "invalid access to memory" when it encounters 'error' as entry in the fsync inode list. So, add the fsync inode entry to the list only in case of no errors. And, free the object at that point itself in case of issue. Signed-off-by: Namjae Jeon <namjae.jeon@...sung.com> Signed-off-by: Amit Sahrawat <a.sahrawat@...sung.com> --- fs/f2fs/recovery.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/f2fs/recovery.c b/fs/f2fs/recovery.c index 632e679..e602bfa 100644 --- a/fs/f2fs/recovery.c +++ b/fs/f2fs/recovery.c @@ -144,14 +144,15 @@ static int find_fsync_dnodes(struct f2fs_sb_info *sbi, struct list_head *head) goto out; } - INIT_LIST_HEAD(&entry->list); - list_add_tail(&entry->list, head); - entry->inode = f2fs_iget(sbi->sb, ino_of_node(page)); if (IS_ERR(entry->inode)) { err = PTR_ERR(entry->inode); + kmem_cache_free(fsync_entry_slab, entry); goto out; } + + INIT_LIST_HEAD(&entry->list); + list_add_tail(&entry->list, head); entry->blkaddr = blkaddr; } if (IS_INODE(page)) { -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists