| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Sep 2019 09:47:24 +0800
From: yangerkun <yangerkun@...wei.com>
To: "Theodore Y. Ts'o" <tytso@....edu>
CC: <jack@...e.cz>, <linux-ext4@...r.kernel.org>,
<yi.zhang@...wei.com>, <houtao1@...wei.com>
Subject: Re: [PATCH] ext4: fix a bug in ext4_wait_for_tail_page_commit
On 2019/9/17 23:31, Theodore Y. Ts'o wrote:
> On Tue, Sep 17, 2019 at 04:48:14PM +0800, yangerkun wrote:
>> No need to wait when offset equals to 0. And it will trigger a bug since
>> the latter __ext4_journalled_invalidatepage can free the buffers but leave
>> page still dirty.
> That's only true if the block size == the page size, no? If the
> offset is zero and the block size is 1k, we still need to wait.
> Shouldn't the better fix be:
>
>> - if (offset > PAGE_SIZE - i_blocksize(inode))
>> + if (offset >= PAGE_SIZE - i_blocksize(inode))
It can trigger free buffers in
__ext4_journalled_invalidatepage(offset==0,blocksize=1k), and we will
see the bug again.
For some other case, like offset==3k blocksize=1k, actually we should
wait the commit, but now we will return directly.
Thanks.
> - Ted
>
> .
>
Powered by blists - more mailing lists