lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <49900FB5.9080705@ph.tum.de>
Date:	Mon, 09 Feb 2009 12:12:53 +0100
From:	Thiemo Nagel <thiemo.nagel@...tum.de>
To:	"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>
CC:	tytso@....edu, linux-ext4@...r.kernel.org
Subject: Re: [PATCH] Validate extent details only when read from the disk

Aneesh Kumar K.V wrote:
> On Mon, Feb 09, 2009 at 11:31:46AM +0100, Thiemo Nagel wrote:
>> Aneesh Kumar K.V wrote:
>>> Make sure we validate extent details only when read from the disk.
>>>
>>> @@ -602,15 +607,13 @@ struct ext4_ext_path *
>>>  ext4_ext_find_extent(struct inode *inode, ext4_lblk_t block,
>>>  					struct ext4_ext_path *path)
>>>  {
>>> +	int need_to_validate = 0;
>>>  	struct ext4_extent_header *eh;
>>>  	struct buffer_head *bh;
>>>  	short int depth, i, ppos = 0, alloc = 0;
>>>  
>>>  	eh = ext_inode_hdr(inode);
>>>  	depth = ext_depth(inode);
>>> -	if (ext4_ext_check(inode, eh, depth))
>>> -		return ERR_PTR(-EIO);
>>> -
> 
> I am doing the check in ext4_iget while reading the inode from disk.

You're right, there is a check.  I didn't notice that, because 
ext4_iget() doesn't return an error.

> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
> index 03ba20b..a8bab39 100644
> --- a/fs/ext4/inode.c
> +++ b/fs/ext4/inode.c
> @@ -4273,6 +4273,11 @@ struct inode *ext4_iget(struct super_block *sb, unsigned long ino)
>  			(__u64)(le32_to_cpu(raw_inode->i_version_hi)) << 32;
>  	}
>  
> +	if (ei->i_flags & EXT4_EXTENTS_FL) {
> +		/* Validate extent which is part of inode */
> +		ext4_ext_check_inode(inode);
> +	}
> +

I'd propose to change that to:

	if (ei->i_flags & EXT4_EXTENTS_FL) {
		/* Validate extent which is part of inode */
		if ((ret = ext4_ext_check_inode(inode)))
			goto bad_inode;
	}

Kind regards,

Thiemo
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ