| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1237225369.3964.4.camel@bobble.smo.corp.google.com> Date: Mon, 16 Mar 2009 10:42:49 -0700 From: Frank Mayhar <fmayhar@...gle.com> To: Eric Sandeen <sandeen@...hat.com> Cc: ext4 development <linux-ext4@...r.kernel.org> Subject: Re: [PATCH V3] fix bb_prealloc_list corruption due to wrong group locking On Mon, 2009-03-16 at 12:28 -0500, Eric Sandeen wrote: > This is for Red Hat bug 490026, > EXT4 panic, list corruption in ext4_mb_new_inode_pa > > ext4_lock_group(sb, group) is supposed to protect this list for > each group, and a common code flow to remove an album is like > this: > > ext4_get_group_no_and_offset(sb, pa->pa_pstart, &grp, NULL); > ext4_lock_group(sb, grp); > list_del(&pa->pa_group_list); > ext4_unlock_group(sb, grp); > > so it's critical that we get the right group number back for > this prealloc context, to lock the right group (the one > associated with this pa) and prevent concurrent list manipulation. Eric, this may just be coincidence, but is it possible that this may be related to our bitmap problem I described last week? We haven't tracked it down yet but it certainly smells like a race and your fix corrects just such a race in the same code. The bitmap problem, btw, involves stuff apparently being marked as used when it's really free (or something very much like that), ultimately resulting in double frees. -- Frank Mayhar <fmayhar@...gle.com> Google, Inc. -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists