lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Dec 2022 00:12:24 +0800 From: "yebin (H)" <yebin10@...wei.com> To: Theodore Ts'o <tytso@....edu>, Ye Bin <yebin@...weicloud.com> CC: <adilger.kernel@...ger.ca>, <linux-ext4@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <jack@...e.cz>, <syzbot+4d99a966fd74bdeeec36@...kaller.appspotmail.com> Subject: Re: [PATCH v2] ext4: fix WARNING in ext4_expand_extra_isize_ea On 2022/12/2 0:00, Theodore Ts'o wrote: > On Thu, Dec 01, 2022 at 10:59:23PM +0800, Ye Bin wrote: >> Reason is allocate 16M memory by kmalloc, but MAX_ORDER is 11, kmalloc >> can allocate maxium size memory is 4M. >> XATTR_SIZE_MAX is currently 64k, but EXT4_XATTR_SIZE_MAX is '(1 << 24)', >> so 'ext4_xattr_check_entries()' regards this length as legal. Then trigger >> warning in 'ext4_xattr_move_to_block()'. >> To solve above issue, according to Jan Kara's suggestion use kvmalloc() >> to allocate memory in ext4_xattr_move_to_block(). > See my comment to the v1 version of the patch. I suspect the real > problem is that the e_value_size is completely bogus, and we should > have checked it much earlier in the stack call trace, via a call to > xattr_check_inode(). Yes, Not only the e_value_size is wrong, but also the inode is wrong: EXT4-fs: Ignoring removed nobh option EXT4-fs error (device loop0): ext4_xattr_inode_iget:389: comm rep: inode #1: comm rep: iget: illegal inode # EXT4-fs error (device loop0): ext4_xattr_inode_iget:392: comm rep: error while reading EA inode 1 err=-117 EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2788: Unable to expand inode 15. Delete some EAs or run e2fsck. Maybe we can do follow check in ext4_xattr_check_entries() when "entry->e_value_inum != 0". ··· err = ext4_xattr_inode_iget(inode, le32_to_cpu(entry->e_value_inum), le32_to_cpu(entry->e_hash), &ea_inode); if (err) { ea_inode = NULL; goto out; } if (i_size_read(ea_inode) != size) { ext4_warning_inode(ea_inode, "ea_inode file size=%llu entry size=%zu", i_size_read(ea_inode), size); err = -EFSCORRUPTED; goto out; } ··· > > Cheers, > > - Ted > > . >
Powered by blists - more mailing lists