lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20090802034947.GA15828@mit.edu>
Date:	Sat, 1 Aug 2009 23:49:47 -0400
From:	Theodore Tso <tytso@....edu>
To:	Valerie Aurora <vaurora@...hat.com>
Cc:	linux-ext4@...r.kernel.org, Eric Sandeen <sandeen@...hat.com>,
	Ric Wheeler <rwheeler@...hat.com>
Subject: Re: Fix device too big bug in mainline?

On Sat, Aug 01, 2009 at 10:22:09PM -0400, Theodore Tso wrote:
> temporary checkin; about to do checksum conversion
> 
> From: Valerie Aurora Henson <vaurora@...hat.com>
> 
> Signed-off-by: Valerie Aurora Henson <vaurora@...hat.com>

BTW, while I was painstakingly picking apart this patch, separating it
into its constiuent pieces, I found the following bug in it:

diff --git a/e2fsck/super.c b/e2fsck/super.c
index c269b0e..a1fb878 100644
--- a/e2fsck/super.c
+++ b/e2fsck/super.c
	....
 			if (fix_problem(ctx, PR_0_GDT_UNINIT, &pctx)) {
-				gd->bg_flags &= ~(EXT2_BG_BLOCK_UNINIT |
-						  EXT2_BG_INODE_UNINIT);
-				gd->bg_itable_unused = 0;
+				ext2fs_bg_flag_clear (fs, i, EXT2_BG_BLOCK_UNINIT);
+				ext2fs_bg_flag_clear (fs, i, EXT2_BG_INODE_UNINIT);
 				should_be = 1;
 			}


This patch hunk (buried deep within the 800+ lines of the "temporary
checkin; about to do checksum conversion" patch) removed this line:

				gd->bg_itable_unused = 0;

... but failed to replace it with this line:

				ext2fs_bg_itable_unused_set(fs, i, 0);

This is *why* I insist on auditable patches, and why I can't just
blindly merge the 64-bit branch.  When multiple semantic changes are
mushed up all together in one gigundo patch, it's really easy to miss
omissions like this, and since we don't have a regression test to test
this specific repair, we would have never noticed.

And no, it's no fun for me to be picking through this patch set at on
a Saturday evening on a Summer evening; I'd rather be in Lenox,
enjoying a concert at Tanglewood.  But someone has got to do it...

	     	      		     	     	     - Ted

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ