lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 17 Mar 2023 01:31:14 +0000
Subject: [Bug 217209] New: ext4_da_write_end: i_disksize exceeds i_size in
 paritally written case

            Bug ID: 217209
           Summary: ext4_da_write_end: i_disksize exceeds i_size in
                    paritally written case
           Product: File System
           Version: 2.5
    Kernel Version: 6.3.0-rc2
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: ext4
        Regression: No

Following process makes i_disksize exceed i_size:

     copied = iov_iter_copy_from_user_atomic(len) // copied < len
     | ext4_update_i_disksize
     |  new_i_size = pos + copied;
     |  WRITE_ONCE(EXT4_I(inode)->i_disksize, newsize) // update i_disksize
     | generic_write_end
     |  copied = block_write_end(copied, len) // copied = 0
     |   if (unlikely(copied < len))
     |    if (!PageUptodate(page))
     |     copied = 0;
     |  if (pos + copied > inode->i_size) // return false
     if (unlikely(copied == 0))
      goto again;
     if (unlikely(iov_iter_fault_in_readable(i, bytes))) {
      status = -EFAULT;

We get i_disksize greater than i_size here, which could trigger WARNING check
'i_size_read(inode) < EXT4_I(inode)->i_disksize' while doing dio:

      __iomap_dio_rw // return err, length is not aligned to 512
      WARN_ON_ONCE(i_size_read(inode) < EXT4_I(inode)->i_disksize) // Oops

You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

Powered by blists - more mailing lists