lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 17 Sep 2012 16:21:44 +0400
From:	Dmitry Monakhov <dmonakhov@...nvz.org>
To:	Theodore Ts'o <tytso@....edu>, Marti Raudsepp <marti@...fo.org>
Cc:	Kernel hackers <linux-kernel@...r.kernel.org>,
	ext4 hackers <linux-ext4@...r.kernel.org>, maze@...gle.com
Subject: Re: NULL pointer dereference in ext4_ext_remove_space on 3.5.1

On Wed, 15 Aug 2012 22:46:54 -0400, Theodore Ts'o <tytso@....edu> wrote:
> On Wed, Aug 15, 2012 at 09:33:29PM +0300, Marti Raudsepp wrote:
> > I was moving and deleting some files between two of my ext4 partitions
> > when it suddenly crashed and dropped me into an kernel oops screen
> > (below). I'm using ext4 on kernel 3.5.1 (Arch Linux). 
Ohh, I've missed that gigantic topic, but still i've found the bug.
patch is available here http://patchwork.ozlabs.org/patch/183649/
> 
> > BUG: unable to handle kernel NULL pointer dereference at 000...00028
> > IP: [...] ext4_ext_remove_space+0xaa4/0xef0 [ext4]
> 
> Someone else has reported a similar crash, but we don't yet have
> enough information to narrow it down quite yet.
> 
> If you could try applying the following debugging patch, and then try
> to reproduce the failure, it would be really helpful.
> 
> Thanks!!
> 
> 					- Ted
> 
> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
> index 769151d..3394d52 100644
> --- a/fs/ext4/extents.c
> +++ b/fs/ext4/extents.c
> @@ -2432,6 +2432,10 @@ ext4_ext_rm_leaf(handle_t *handle, struct inode *inode,
>  
>  	/* the header must be checked already in ext4_ext_remove_space() */
>  	ext_debug("truncate since %u in leaf to %u\n", start, end);
> +	if (!path[depth].p_hdr && !path[depth].p_bh) {
> +		EXT4_ERROR_INODE(inode, "depth %d", depth);
> +		BUG_ON(1);
> +	}
>  	if (!path[depth].p_hdr)
>  		path[depth].p_hdr = ext_block_hdr(path[depth].p_bh);
>  	eh = path[depth].p_hdr;
> @@ -2730,6 +2734,10 @@ cont:
>  		/* this is index block */
>  		if (!path[i].p_hdr) {
>  			ext_debug("initialize header\n");
> +			if (!path[i].p_hdr && !path[i].p_bh) {
> +				EXT4_ERROR_INODE(inode, "i=%d", i);
> +				BUG_ON(1);
> +			}
>  			path[i].p_hdr = ext_block_hdr(path[i].p_bh);
>  		}
>  
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists