lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 22 Sep 2022 13:39:02 +0200
From:   Jan Kara <jack@...e.cz>
To:     Zhihao Cheng <chengzhihao1@...wei.com>
Cc:     Jan Kara <jack@...e.cz>, jack@...e.com, tytso@....edu,
        brauner@...nel.org, linux-fsdevel@...r.kernel.org,
        linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org,
        yukuai3@...wei.com
Subject: Re: [PATCH 1/3] quota: Check next/prev free block number after
 reading from quota file

On Thu 22-09-22 16:13:59, Zhihao Cheng wrote:
> 在 2022/9/21 21:37, Jan Kara 写道:
> > > --- a/fs/quota/quota_tree.c
> > > +++ b/fs/quota/quota_tree.c
> > > @@ -71,6 +71,35 @@ static ssize_t write_blk(struct qtree_mem_dqinfo *info, uint blk, char *buf)
> > >   	return ret;
> > >   }
> > > +static inline int do_check_range(struct super_block *sb, uint val, uint max_val)
> > > +{
> > > +	if (val >= max_val) {
> > > +		quota_error(sb, "Getting block too big (%u >= %u)",
> > > +			    val, max_val);
> > > +		return -EUCLEAN;
> > > +	}
> > > +
> > > +	return 0;
> > > +}
> > 
> > I'd already provide min_val and the string for the message here as well (as
> > you do in patch 2). It is less churn in the next patch and free blocks
> > checking actually needs that as well. See below.
> > 
> > > +
> > > +static int check_free_block(struct qtree_mem_dqinfo *info,
> > > +			    struct qt_disk_dqdbheader *dh)
> > > +{
> > > +	int err = 0;
> > > +	uint nextblk, prevblk;
> > > +
> > > +	nextblk = le32_to_cpu(dh->dqdh_next_free);
> > > +	err = do_check_range(info->dqi_sb, nextblk, info->dqi_blocks);
> > > +	if (err)
> > > +		return err;
> > > +	prevblk = le32_to_cpu(dh->dqdh_prev_free);
> > > +	err = do_check_range(info->dqi_sb, prevblk, info->dqi_blocks);
> > > +	if (err)
> > > +		return err;
> > 
> > The free block should actually be > QT_TREEOFF so I'd add the check to
> > do_check_range().
> 
> 'dh->dqdh_next_free' may be updated when quota entry removed,
> 'dh->dqdh_next_free' can be used for next new quota entris.
> Before sending v2, I found 'dh->dqdh_next_free' and 'dh->dqdh_prev_free' can
> easily be zero in newly allocated blocks when continually creating files
> onwed by different users:
> find_free_dqentry
>   get_free_dqblk
>     write_blk(info, info->dqi_blocks, buf)  // zero'd qt_disk_dqdbheader
>     blk = info->dqi_blocks++   // allocate new one block
>   info->dqi_free_entry = blk   // will be used for new quota entries
> 
> find_free_dqentry
>   if (info->dqi_free_entry)
>     blk = info->dqi_free_entry
>     read_blk(info, blk, buf)   // dh->dqdh_next_free = dh->dqdh_prev_free =
> 0
> 
> I think it's normal when 'dh->dqdh_next_free' or 'dh->dqdh_prev_free' equals
> to 0.

Good point! 0 means "not present". So any block number (either in free list
or pointed from the quota tree) should be either 0 or > QT_TREEOFF.

								Honza
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ