| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Mar 2022 00:26:15 +0800
From: zhanchengbin <zhanchengbin1@...wei.com>
To: Theodore Ts'o <tytso@....edu>
CC: <linux-ext4@...r.kernel.org>, <liuzhiqiang26@...wei.com>,
linfeilong <linfeilong@...wei.com>
Subject: [PATCH] e2fsck: handle->level is overflow in scan_extent_node
In function check_blocks_extents, program call scan_extent_node
recursively until
leaf extent is found, and if this leaf extent is the last one in this
extent_idx,
it will delete the parent extent_idx of this leaf extent in
ext2fs_extent_delete,
and do handle->level--. After scan_extent_node return, program allways
to get up extent,
but level was already decreased.
So calling ext2fs_extent_get(EXT2_EXTENT_UP) again will return
EXT2_ET_EXTENT_NO_UP,
and then print failed.
Signed-off-by: zhanchengbin <zhanchengbin1@...wei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@...wei.com>
---
e2fsck/pass1.c | 18 +++++++++++-------
lib/ext2fs/ext2fs.h | 1 +
lib/ext2fs/extent.c | 5 +++++
3 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/e2fsck/pass1.c b/e2fsck/pass1.c
index 26b9ab71..e4395709 100644
--- a/e2fsck/pass1.c
+++ b/e2fsck/pass1.c
@@ -3050,6 +3050,7 @@ report_problem:
goto report_problem;
return;
}
+ int level_bak = ext2fs_current_level_get(ehandle);
/* The next extent should match this index's logical start */
if (extent.e_lblk != lblk) {
struct ext2_extent_info e_info;
@@ -3079,14 +3080,17 @@ report_problem:
next_try_repairs);
if (pctx->errcode)
return;
- pctx->errcode = ext2fs_extent_get(ehandle,
- EXT2_EXTENT_UP, &extent);
- if (pctx->errcode) {
- pctx->str = "EXT2_EXTENT_UP";
- return;
+
+ if (level_bak == ext2fs_current_level_get(ehandle)) {
+ pctx->errcode = ext2fs_extent_get(ehandle,
+ EXT2_EXTENT_UP, &extent);
+ if (pctx->errcode) {
+ pctx->str = "EXT2_EXTENT_UP";
+ return;
+ }
+ mark_block_used(ctx, blk);
+ pb->num_blocks++;
}
- mark_block_used(ctx, blk);
- pb->num_blocks++;
goto next;
}
diff --git a/lib/ext2fs/ext2fs.h b/lib/ext2fs/ext2fs.h
index 68f9c1fe..d0468f11 100644
--- a/lib/ext2fs/ext2fs.h
+++ b/lib/ext2fs/ext2fs.h
@@ -1333,6 +1333,7 @@ extern errcode_t ext2fs_extent_open2(ext2_filsys
fs, ext2_ino_t ino,
extern void ext2fs_extent_free(ext2_extent_handle_t handle);
extern errcode_t ext2fs_extent_get(ext2_extent_handle_t handle,
int flags, struct ext2fs_extent *extent);
+extern int ext2fs_current_level_get(ext2_extent_handle_t handle);
extern errcode_t ext2fs_extent_node_split(ext2_extent_handle_t handle);
extern errcode_t ext2fs_extent_replace(ext2_extent_handle_t handle,
int flags,
struct ext2fs_extent *extent);
diff --git a/lib/ext2fs/extent.c b/lib/ext2fs/extent.c
index b324c7b0..07acd4e0 100644
--- a/lib/ext2fs/extent.c
+++ b/lib/ext2fs/extent.c
@@ -575,6 +575,11 @@ retry:
return 0;
}
+int ext2fs_current_level_get(ext2_extent_handle_t handle)
+{
+ return handle->level;
+}
+
static errcode_t update_path(ext2_extent_handle_t handle)
{
blk64_t blk;
--
2.27.0
Powered by blists - more mailing lists