lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4947DE30.2090903@redhat.com>
Date:	Tue, 16 Dec 2008 10:58:24 -0600
From:	Eric Sandeen <sandeen@...hat.com>
To:	Yasunori Goto <y-goto@...fujitsu.com>
CC:	tytso@....edu, adilger@....com, Li Zefan <lizf@...fujitsu.com>,
	linux-ext4@...r.kernel.org, Miao Xie <miaox@...fujitsu.com>,
	Linux Kernel ML <linux-kernel@...r.kernel.org>
Subject: Re: [Patch/BUG] (ext4) s_mb_maxs[] of ext4_sb_info is too small size

Yasunori Goto wrote:
> Hello.
> 
> I chased the cause of following ext4 oops report which is tested on
> ia64 box.
> 
> http://bugzilla.kernel.org/show_bug.cgi?id=12018
> 
> The cause is the size of s_mb_maxs array that is
> defined as "unsigned short" in ext4_sb_info structure.
> Unsigned short is too small.
> 
> In this bug report, Li-san formatted with 64Kbyte block size like
> the following. Ia64 has 64Kbyte page size, then this
> block size is acceptable.
> 
> # mkfs.ext4 -b 65536 /dev/md0
> 
> In this case, the maximum value of s_mb_maxs[] becomes 
> (blocksize << 2) = 256K by the following code.
> 
> 2482 int ext4_mb_init(struct super_block *sb, int needs_recovery)
>                : 
>                :
> 2508         max = sb->s_blocksize << 2;    <---- max becomes 0x40000.
> 2509         do {
> 2510                 sbi->s_mb_offsets[i] = offset;
> 2511                 sbi->s_mb_maxs[i] = max;            <--- over flow!!!
> 2512                 offset += 1 << (sb->s_blocksize_bits - i);
> 2513                 max = max >> 1;
> 2514                 i++;
> 2515         } while (i <= sb->s_blocksize_bits + 1);
> 
> Then, some s_mb_maxs[] becomes 0 due to overflow.
> It is cause of this oops. The following patch is to fix it.

Looks good to mee; and these lines before it:

        sbi->s_mb_maxs[0] = sb->s_blocksize << 3;
        sbi->s_mb_offsets[0] = 0;

mean that we would have a problem "even" on 8k blocks, yes?

-Eric

> Thanks.
> 
> ----
> 
> The size of s_mb_maxs that is defined in ext4_sb_info is too small.
> When block size is 64K, which is possible on ia64,
> the maximum value of s_mb_maxs becomes 256K(0x40000).
> However, s_mb_maxs is defined as unsigned short. This is cause of panic.
> 
> Signed-off-by: Yasunori Goto <y-goto@...fujitsu.com>
> Cc: Li Zefan <lizf@...fujitsu.com>
> Cc: Miao Xie <miaox@...fujitsu.com>
> 
> ---
>  fs/ext4/ext4_sb.h |    3 ++-
>  fs/ext4/mballoc.c |    2 ++
>  2 files changed, 4 insertions(+), 1 deletion(-)
> 
> Index: test2/fs/ext4/ext4_sb.h
> ===================================================================
> --- test2.orig/fs/ext4/ext4_sb.h	2008-12-16 11:20:18.000000000 +0900
> +++ test2/fs/ext4/ext4_sb.h	2008-12-16 14:17:32.000000000 +0900
> @@ -101,7 +101,8 @@ struct ext4_sb_info {
>  	spinlock_t s_reserve_lock;
>  	spinlock_t s_md_lock;
>  	tid_t s_last_transaction;
> -	unsigned short *s_mb_offsets, *s_mb_maxs;
> +	unsigned short *s_mb_offsets;
> +	unsigned int *s_mb_maxs;
>  
>  	/* tunables */
>  	unsigned long s_stripe;
> Index: test2/fs/ext4/mballoc.c
> ===================================================================
> --- test2.orig/fs/ext4/mballoc.c	2008-12-16 11:20:18.000000000 +0900
> +++ test2/fs/ext4/mballoc.c	2008-12-16 14:23:21.000000000 +0900
> @@ -2493,6 +2493,8 @@ int ext4_mb_init(struct super_block *sb,
>  	if (sbi->s_mb_offsets == NULL) {
>  		return -ENOMEM;
>  	}
> +
> +	i = (sb->s_blocksize_bits + 2) * sizeof(unsigned int);

>  	sbi->s_mb_maxs = kmalloc(i, GFP_KERNEL);
>  	if (sbi->s_mb_maxs == NULL) {
>  		kfree(sbi->s_mb_maxs);
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ