lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 14 Oct 2014 11:19:08 +0800
From:	Eryu Guan <guaneryu@...il.com>
To:	Theodore Ts'o <tytso@....edu>
Cc:	linux-ext4@...r.kernel.org
Subject: Re: [PATCH v2] ext4: don't remove reserved inodes in ext4_unlink()

On Mon, Oct 13, 2014 at 12:21:00PM -0400, Theodore Ts'o wrote:
> On Sun, Oct 12, 2014 at 04:50:58PM +0800, Eryu Guan wrote:
> > Corrupted ext4_dir_entry_2 struct on disk may have wrong inode number,
> > when the inode number is 8 (EXT4_JOURNAL_INO) and the file is deleted,
> > the journal inode is gone, and unmounting such a fs could trigger the
> > following BUG_ON() in start_this_handle()....
> > 
> 
> I believe the bug that this patch is trying to fix has been addressed
> by this commit:
> 
> http://git.kernel.org/cgit/linux/kernel/git/tytso/ext4.git/commit/?h=dev&id=bf8ad98e1bffa5ce178ef5e4ea803a86ac30f9e5

Yes, this patch fixes the issue I'm seeing, thanks for pointing it out!

I have one concern thouth, removing a reserved inode (I tested
EXT4_JOURNAL_INO) on corrupted ext4 returns EIO as expect but the fs
is not marked as containing error(as other EIOs in ext4_iget()) and no
error logs in dmesg. User may have no idea what happened and the
corruped fs is still being used as normal. I think EXT4_ERROR_INODE
should be called too somewhere in such case.

Thanks,
Eryu
> 
> ext4: add ext4_iget_normal() which is to be used for dir tree lookups
> If there is a corrupted file system which has directory entries that
> point at reserved, metadata inodes, prohibit them from being used by
> treating them the same way we treat Boot Loader inodes --- that is,
> mark them to be bad inodes.  This prohibits them from being opened,
> deleted, or modified via chmod, chown, utimes, etc.
> 
> In particular, this prevents a corrupted file system which has a
> directory entry which points at the journal inode from being deleted
> and its blocks released, after which point Much Hilarity Ensues.
> 
> Reported-by: Sami Liedes <sami.liedes@....fi>
> Signed-off-by: Theodore Ts'o <tytso@....edu>
> Cc: stable@...r.kernel.org
> 
> 					- Ted
> 
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ