lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4FFD7D9B.2080503@bobich.net>
Date:	Wed, 11 Jul 2012 14:20:27 +0100
From:	Gordan Bobic <gordan@...ich.net>
To:	linux-ext4@...r.kernel.org
Subject: e2fsprogs alignment issues

I would like to bring the following bug report to people's attention:

https://bugzilla.redhat.com/show_bug.cgi?id=680090

The issue is that the code used in e2fsprogs WRT allocating unaligned 
buffers and then casting them into structs is non-portable and dangerous 
- eyewateringly dangerous in something like e2fsprogs where it can lead 
to thorough trashing of the file system.

Can something be done to improve the portability of the userspace code?

The issue has been discussed on the Fedora-ARM mailing list:
http://lists.fedoraproject.org/pipermail/arm/2012-July/003637.html
but the argument there was that the issue needs to be fixed upstream, 
hence why I am posting it here.

This is an issue on all ARMs up to ARMv5, possibly ARMv6, and likely 
other CPU architectures that don't have transparent alignment fixup in 
hardware (Itanium, SPARC, probably others).

Apart from being dangerous, using unaligned arrays also affects 
performance because it leads to data needlessly straddling cache lines 
in the CPU. But that doesn't really matter in this case.

Many thanks.

Gordan
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ