| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130624132804.GA7709@gmail.com>
Date: Mon, 24 Jun 2013 21:28:04 +0800
From: Zheng Liu <gnehzuil.liu@...il.com>
To: Theodore Ts'o <tytso@....edu>
Cc: Daniel J Blueman <daniel@...ra.org>, linux-ext4@...r.kernel.org
Subject: Re: 3.9-rc6 ext4: free_rb_tree_fname oops
On Mon, Jun 24, 2013 at 08:37:26AM -0400, Theodore Ts'o wrote:
> (LKML and Linux-fsdevel moved to bcc)
>
> On Mon, Jun 24, 2013 at 02:34:00PM +0800, Daniel J Blueman wrote:
> > On 16 April 2013 15:37, Daniel J Blueman <daniel@...ra.org> wrote:
> > > When using e4defrag on a ext4 filesystem created a month ago, I ran
> > > into this fatal page fault [1]
> > > while running e4defrag on 3.9-rc6 (Ubuntu mainline).
> > >
> > > e2fsdump output is at http://quora.org/2012/e2fsdump.txt ; let me know
> > > if you need any more info.
> >
> > With 3.9.6 mainline, I got the exact same protection fault at
> > free_rb_tree_fname() from ext4_htree_free_dir_info() [1]. This
> > suggests use-after-free, as there's no pagetable mapping.
> >
> > There is nothing special with my setups, so there is fair chance it's
> > reproducible there with e4defrag on a few month old filesystem and
> > recent kernels.
>
> Sounds like we may have a bug in how the new extent_status tree code
> was integrated into fs/ext4/move_extent.c. Zheng, if you could take a
> look I'd really appreciate it.
Sorry for the late reply. I will take a close look at this bug.
Regards,
- Zheng
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists