lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAHB1NajJsvZgF5AdpaaZbnbBYt4L=Atcymag3aqTknLL0PeGTQ@mail.gmail.com>
Date: Mon, 19 Aug 2024 22:43:32 +0800
From: Julian Sun <sunjunchao2870@...il.com>
To: Edward Adam Davis <eadavis@...com>
Cc: syzbot+05b9b39d8bdfe1a0861f@...kaller.appspotmail.com, jack@...e.com, 
	jlbec@...lplan.org, joseph.qi@...ux.alibaba.com, linux-ext4@...r.kernel.org, 
	linux-kernel@...r.kernel.org, mark@...heh.com, ocfs2-devel@...ts.linux.dev, 
	syzkaller-bugs@...glegroups.com, tytso@....edu
Subject: Re: [PATCH] ocfs2: Fix null-ptr-deref in jbd2_journal_update_sb_log_tail

Well,In my modest opinion, j_sb_buffer is an internal variable of
jbd2. Directly accessing internal variables from other modules can
degrade the maintainability of the code (for instance, this variable
might be removed at some point in the future). I have just sent
another patch to address this issue [1].

[1]: https://lore.kernel.org/ocfs2-devel/20240819131120.746077-1-sunjunchao2870@gmail.com/

Edward Adam Davis <eadavis@...com> 于2024年8月19日周一 21:41写道:
>
> Journal too short will cause ocfs2_check_volume failed, and will set
> journal->j_sb_buffer to NULL in journal_fail_superblock before running
> journal shutdown.
>
> Reported-and-tested-by: syzbot+05b9b39d8bdfe1a0861f@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=05b9b39d8bdfe1a0861f
> Signed-off-by: Edward Adam Davis <eadavis@...com>
> ---
>  fs/ocfs2/journal.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/fs/ocfs2/journal.c b/fs/ocfs2/journal.c
> index 530fba34f6d3..25821077b855 100644
> --- a/fs/ocfs2/journal.c
> +++ b/fs/ocfs2/journal.c
> @@ -1077,9 +1077,11 @@ void ocfs2_journal_shutdown(struct ocfs2_super *osb)
>         BUG_ON(atomic_read(&(osb->journal->j_num_trans)) != 0);
>
>         if (ocfs2_mount_local(osb)) {
> -               jbd2_journal_lock_updates(journal->j_journal);
> -               status = jbd2_journal_flush(journal->j_journal, 0);
> -               jbd2_journal_unlock_updates(journal->j_journal);
> +               if (journal->j_journal->j_sb_buffer) {
> +                       jbd2_journal_lock_updates(journal->j_journal);
> +                       status = jbd2_journal_flush(journal->j_journal, 0);
> +                       jbd2_journal_unlock_updates(journal->j_journal);
> +               }
>                 if (status < 0)
>                         mlog_errno(status);
>         }
> --
> 2.43.0
>
>

Thanks,
-- 
Julian Sun <sunjunchao2870@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ