lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <87h69oclel.fsf@linux.dev>
Date: Mon, 07 Oct 2024 10:28:02 +0100
From: Luis Henriques <luis.henriques@...ux.dev>
To: linux-ext4@...r.kernel.org
Subject: Old inline-data bug with small block sizes

Hi!

I have a local branch where, some time ago, I tried to fix an old
inline_data bug[1].  The reproducer is easy to run, it just requires a
filesystem with a small block size (I've used 1024).

Looking at it again with fresh eyes I believe the bug could be easily
fixed with the patch below.

My understanding is that, when we are doing a ->read_folio() and there's
inlined data, that inlined data has to be in the first page.  However, if
we get a different page (i.e. not the first one), then we are zero'ing it
and marking it up-to-date.  And that doesn't sound right to me.

The patch bellow fixes things by reverting back to do a regular read in
those cases, because it's not inlined data.  Does it make sense?  Or am I
missing something and not seeing the real bug here?

[1] https://bugzilla.kernel.org/show_bug.cgi?id=200681

Cheers,
-- 
Luís

diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index 3536ca7e4fcc..ec96038dd75f 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -516,7 +516,8 @@ int ext4_readpage_inline(struct inode *inode, struct folio *folio)
 	int ret = 0;
 
 	down_read(&EXT4_I(inode)->xattr_sem);
-	if (!ext4_has_inline_data(inode)) {
+	if (!ext4_has_inline_data(inode) ||
+	    ((folio->index > 0) && !folio_test_uptodate(folio))) {
 		up_read(&EXT4_I(inode)->xattr_sem);
 		return -EAGAIN;
 	}
@@ -527,10 +528,6 @@ int ext4_readpage_inline(struct inode *inode, struct folio *folio)
 	 */
 	if (!folio->index)
 		ret = ext4_read_inline_folio(inode, folio);
-	else if (!folio_test_uptodate(folio)) {
-		folio_zero_segment(folio, 0, folio_size(folio));
-		folio_mark_uptodate(folio);
-	}
 
 	up_read(&EXT4_I(inode)->xattr_sem);
 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ