lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 6 Apr 2023 01:18:27 -0400
From:   "Theodore Ts'o" <tytso@....edu>
To:     Kemeng Shi <shikemeng@...weicloud.com>
Cc:     linux-ext4@...r.kernel.org
Subject: Re: [PATCH v3 1/20] ext4: set goal start correctly in
 ext4_mb_normalize_request

On Sat, Mar 04, 2023 at 01:21:01AM +0800, Kemeng Shi wrote:
> We need to set ac_g_ex to notify the goal start used in
> ext4_mb_find_by_goal. Set ac_g_ex instead of ac_f_ex in
> ext4_mb_normalize_request.
> Besides we should assure goal start is in range [first_data_block,
> blocks_count) as ext4_mb_initialize_context does.
> 
> Signed-off-by: Kemeng Shi <shikemeng@...weicloud.com>
> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@...il.com>
> ---
>  fs/ext4/mballoc.c | 15 +++++++++------
>  1 file changed, 9 insertions(+), 6 deletions(-)
> 
> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
> index 5b2ae37a8b80..36cd545f5ab4 100644
> --- a/fs/ext4/mballoc.c
> +++ b/fs/ext4/mballoc.c
> @@ -3993,6 +3993,7 @@ ext4_mb_normalize_request(struct ext4_allocation_context *ac,
>  				struct ext4_allocation_request *ar)
>  {
>  	struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
> +	struct ext4_super_block *es = sbi->s_es;
>  	int bsbits, max;
>  	ext4_lblk_t end;
>  	loff_t size, start_off;
> @@ -4188,18 +4189,20 @@ ext4_mb_normalize_request(struct ext4_allocation_context *ac,
>  	ac->ac_g_ex.fe_len = EXT4_NUM_B2C(sbi, size);
>  
>  	/* define goal start in order to merge */
> -	if (ar->pright && (ar->lright == (start + size))) {
> +	if (ar->pright && (ar->lright == (start + size)) &&
> +	    ar->pright - size >= le32_to_cpu(es->s_first_data_block)) {
>  		/* merge to the right */

I had to ammend this commit to add this check:

 	/* define goal start in order to merge */
 	if (ar->pright && (ar->lright == (start + size)) &&
+	    ar->pright >= size &&
 	    ar->pright - size >= le32_to_cpu(es->s_first_data_block)) {

Without this check, it's possible for ar->pright - size to go negative
(well, underflow since it's an unsigned value).  This will later
trigger a BUG_ON, which was easily reproduced via:

   kvm-xfstests -c ext4/ext3conv generic/231

Cheers,

							- Ted

Powered by blists - more mailing lists