lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20081105152547.GD6244@skywalker>
Date:	Wed, 5 Nov 2008 20:55:47 +0530
From:	"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>
To:	Theodore Tso <tytso@....edu>
Cc:	cmm@...ibm.com, sandeen@...hat.com, linux-ext4@...r.kernel.org
Subject: Re: [RFC PATCH -v2 8/9] ext4: Fix double free of blocks

On Tue, Nov 04, 2008 at 11:46:04AM -0500, Theodore Tso wrote:
> On Mon, Nov 03, 2008 at 11:06:08PM +0530, Aneesh Kumar K.V wrote:
> > blocks freed but not yet committed will be marked free
> > in disk bitmap. We need to consider them as used when
> > releasing inode prealloc space. Otherwise we would
> > double free them via mb_free_blocks
> 
> Stupid question...   
> 
> Blocks that are added to an inode's preallocation list were initially
> free, right?  And once they are in the inode's preallocation they are
> marked in use by mballoc, so they can't be allocated for another
> inode.  If a block in the preallocation list is used, it's removed
> from the preallocation line.  So even if that inode is subsequented
> unlinked or truncated, I'm curious how the double free situation
> happens in the first place.
> 
> What am I missing?
> 

We we discard  inode preallocation we look at the block bitmap
and mark the blocks found free in the bitmap using mb_free_blocks.
Now if we  allocate some blocks and later free some of them we would
have called ext4_mb_free blocks on them which mean we would have
marked the blocks free on bitmap. Now on file close we release
inode pa. We look at the block bitmap and if the block is free
in bitmap we call mb_free_blocks. Also on committing the transaction we
call mb_free_blocks on them. To avoid the above we need to make sure
when we discard_inode_pa we look at a bitmap that have block freed
and not yet committed as used.

-aneesh
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ