lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Mar 2023 01:31:14 +0000 From: bugzilla-daemon@...nel.org To: linux-ext4@...r.kernel.org Subject: [Bug 217209] New: ext4_da_write_end: i_disksize exceeds i_size in paritally written case https://bugzilla.kernel.org/show_bug.cgi?id=217209 Bug ID: 217209 Summary: ext4_da_write_end: i_disksize exceeds i_size in paritally written case Product: File System Version: 2.5 Kernel Version: 6.3.0-rc2 Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: ext4 Assignee: fs_ext4@...nel-bugs.osdl.org Reporter: chengzhihao1@...wei.com Regression: No Following process makes i_disksize exceed i_size: generic_perform_write copied = iov_iter_copy_from_user_atomic(len) // copied < len ext4_da_write_end | ext4_update_i_disksize | new_i_size = pos + copied; | WRITE_ONCE(EXT4_I(inode)->i_disksize, newsize) // update i_disksize | generic_write_end | copied = block_write_end(copied, len) // copied = 0 | if (unlikely(copied < len)) | if (!PageUptodate(page)) | copied = 0; | if (pos + copied > inode->i_size) // return false if (unlikely(copied == 0)) goto again; if (unlikely(iov_iter_fault_in_readable(i, bytes))) { status = -EFAULT; break; } We get i_disksize greater than i_size here, which could trigger WARNING check 'i_size_read(inode) < EXT4_I(inode)->i_disksize' while doing dio: ext4_dio_write_iter iomap_dio_rw __iomap_dio_rw // return err, length is not aligned to 512 ext4_handle_inode_extension WARN_ON_ONCE(i_size_read(inode) < EXT4_I(inode)->i_disksize) // Oops -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
Powered by blists - more mailing lists