lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 27 Oct 2011 05:43:29 -0400
From:	Ted Ts'o <tytso@....edu>
To:	Tao Ma <tm@....ma>
Cc:	linux-ext4@...r.kernel.org, Greg Kroah-Hartman <greg@...ah.com>,
	Xiaoyun Mao <xiaoyun.maoxy@...yun-inc.com>,
	Yingbin Wang <yingbin.wangyb@...yun-inc.com>,
	Jia Wan <jia.wanj@...yun-inc.com>
Subject: Re: [PATCH] ext4: fix BUG_ON() in ext4_ext_insert_extent()

On Wed, Sep 28, 2011 at 06:45:03PM +0800, Tao Ma wrote:
> actually this bug does show up in 2.6.39 and I think stable tree still
> needs this fix. After some careful test, my colleague has generated
> the patch. Please considering ack it so that Greg can add it into the
> stable tree.

Sorry for the delay, but yes.  This patch would be good for the stable
tree for 2.6.39 (if Greg is still accepting patches for
2.6.39-stable).  It doesn't apply for upstream ext4 since the code has
been changed/refactored since then, but it's a good fix.

     			      	    	- Ted

> From 600d493b14ebd776cf8ea0e9dcdccc0d54200403 Mon Sep 17 00:00:00 2001
> From: Zheng Liu <wenqing.lz@...bao.com>
> Date: Wed, 28 Sep 2011 16:26:05 +0800
> Subject: [PATCH] ext4: fix BUG_ON() in ext4_ext_insert_extent()
> 
> We will meet with a BUG_ON() if following script is run.
> 
> mkfs.ext4 -b 4096 /dev/sdb1 1000000
> mount -t ext4 /dev/sdb1 /mnt/sdb1
> fallocate -l 100M /mnt/sdb1/test
> sync
> for((i=0;i<170;i++))
> do
>         dd if=/dev/zero of=/mnt/sdb1/test conv=notrunc bs=256k count=1 seek=`expr $i \* 2`
> done
> umount /mnt/sdb1
> mount -t ext4 /dev/sdb1 /mnt/sdb1
> dd if=/dev/zero of=/mnt/sdb1/test conv=notrunc bs=256k count=1 seek=341
> umount /mnt/sdb1
> mount /dev/sdb1 /mnt/sdb1
> dd if=/dev/zero of=/mnt/sdb1/test conv=notrunc bs=256k count=1 seek=340
> sync
> 
> The reason is that it forgot to mark dirty when splitting two extents in
> ext4_ext_convert_to_initialized(). Althrough ex has been updated in memory,
> it is not dirtied both in ext4_ext_convert_to_initialized() and
> ext4_ext_insert_extent(). The disk layout is corrupted. Then it will meet with
> a BUG_ON() when writting at the start of that extent again.
> 
> Cc: stable@...nel.org #for 2.6.39
> Cc: Greg Kroah-Hartman <greg@...ah.com>
> Cc: "Theodore Ts'o" <tytso@....edu>
> Cc: Xiaoyun Mao <xiaoyun.maoxy@...yun-inc.com>
> Cc: Yingbin Wang <yingbin.wangyb@...yun-inc.com>
> Cc: Jia Wan <jia.wanj@...yun-inc.com>
> Signed-off-by: Zheng Liu <wenqing.lz@...bao.com>
> ---
>  fs/ext4/extents.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
> index 4890d6f..cd20425 100644
> --- a/fs/ext4/extents.c
> +++ b/fs/ext4/extents.c
> @@ -2607,6 +2607,7 @@ static int ext4_ext_convert_to_initialized(handle_t *handle,
>  		ex1 = ex;
>  		ex1->ee_len = cpu_to_le16(map->m_lblk - ee_block);
>  		ext4_ext_mark_uninitialized(ex1);
> +		ext4_ext_dirty(handle, inode, path + depth);
>  		ex2 = &newex;
>  	}
>  	/*
> -- 
> 1.7.4.1
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ