[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bug-200015-13602-kOV89PCroe@https.bugzilla.kernel.org/>
Date: Thu, 14 Jun 2018 23:35:50 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: linux-ext4@...nel.org
Subject: [Bug 200015] BUG() triggered in ext4_get_group_info() when mounting
and operating a crafted ext4 image
https://bugzilla.kernel.org/show_bug.cgi?id=200015
--- Comment #3 from Wen Xu (wen.xu@...ech.edu) ---
(In reply to Theodore Tso from comment #2)
> Thanks for the simplified POC. But unfortunately that doesn't really tell
> me anything new. What I need is a simplified POC *image*.
>
> I can add a simplistic check to see if we get a negative group number in
> ext4_discard_preallocations(), but that's not the real root cause. And it
> wouldn't be a complete solution, since we would have add gazillions of
> checks anywhere we use s_first_data_block. It's much better if we can
> check s_first_data_block at mount time (which we do), and then make sure
> that it can't get corrupted afterwards.
>
> So the real root cause is somehow, the superblock buffer has gotten
> corrupted. We have a lot of checks to prevent this from happening ---
> that's what the ext4_data_block_valid() function in fs/ext4/block_validity.c
> is all about --- but obviously, we're missing a check somewhere. The
> question is where. If we had a simplified POC image, I could look to find
> the file system corruption that was causing the superblock to get trashed.
> The problem is that there are so many random corruptions, many of them
> completely irrelevant to the bug at hand, that this is extremely difficult.
Yeah, I know. I will spend some time to make a simplified POC image for you :)
--
You are receiving this mail because:
You are watching the assignee of the bug.
Powered by blists - more mailing lists