lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <49BE90E0.3090309@redhat.com> Date: Mon, 16 Mar 2009 12:48:16 -0500 From: Eric Sandeen <sandeen@...hat.com> To: Frank Mayhar <fmayhar@...gle.com> CC: ext4 development <linux-ext4@...r.kernel.org> Subject: Re: [PATCH V3] fix bb_prealloc_list corruption due to wrong group locking Frank Mayhar wrote: > On Mon, 2009-03-16 at 12:28 -0500, Eric Sandeen wrote: >> This is for Red Hat bug 490026, >> EXT4 panic, list corruption in ext4_mb_new_inode_pa >> >> ext4_lock_group(sb, group) is supposed to protect this list for >> each group, and a common code flow to remove an album is like >> this: >> >> ext4_get_group_no_and_offset(sb, pa->pa_pstart, &grp, NULL); >> ext4_lock_group(sb, grp); >> list_del(&pa->pa_group_list); >> ext4_unlock_group(sb, grp); >> >> so it's critical that we get the right group number back for >> this prealloc context, to lock the right group (the one >> associated with this pa) and prevent concurrent list manipulation. > > Eric, this may just be coincidence, but is it possible that this may be > related to our bitmap problem I described last week? We haven't tracked > it down yet but it certainly smells like a race and your fix corrects > just such a race in the same code. > > The bitmap problem, btw, involves stuff apparently being marked as used > when it's really free (or something very much like that), ultimately > resulting in double frees. Hi Frank - I don't *think* so just because deleted items are poisoned and I would expect that we'd trip over a bad pointer in the corrupted list item as the first indicator of trouble... but I could be wrong. I think you said you could reproduce it, right? So certainly worth testing with this fix I suppose. Thanks, -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists