lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250612221826.GE6134@frogsfrogsfrogs>
Date: Thu, 12 Jun 2025 15:18:26 -0700
From: "Darrick J. Wong" <djwong@...nel.org>
To: tytso@....edu
Cc: linux-ext4@...r.kernel.org
Subject: [PATCH 4/3] libext2fs: fix bounding error in the extent fallocate
 code

From: Darrick J. Wong <djwong@...nel.org>

generic/361 popped up this weird error:

generic/361       [failed, exit status 1]- output mismatch (see /var/tmp/fstests/generic/361.out.bad)
    --- tests/generic/361.out   2025-04-30 16:20:44.563589363 -0700
    +++ /var/tmp/fstests/generic/361.out.bad    2025-06-11 10:40:07.475036412 -0700
    @@ -1,2 +1,2 @@
     QA output created by 361
    -Silence is golden
    +mkfs.fuse.ext4: Input/output error while writing out and closing file system
    ...
    (Run 'diff -u /run/fstests/bin/tests/generic/361.out /var/tmp/fstests/generic/361.out.bad'  to see the entire diff)

The test formats a small filesystem, creates a larger sparse file, loop
mounts it, and tries to format an ext4 filesystem on the loopdev.  The
loop driver sends fallocate zero_range requests to fuse2fs, but stumbles
over this extent tree layout when fallocating 16 blocks at offset 145:

EXTENTS:
(262128-262143[u]):2127-2142

fallocate goes to offset 145, and sees the right-extent at 262128.
Oddly, it then tries to allocate 262128-145 blocks instead of the 16
that were asked for, so it tries to allocate a huge number of blocks
but then crashes and burns when it runs out of space.

Fix this by constraining the len parameter to ext_falloc_helper to the
correct value.

Cc: <linux-ext4@...r.kernel.org> # v1.43
Fixes: 5aad5b8e0e3cfa ("libext2fs: implement fallocate")
Signed-off-by: "Darrick J. Wong" <djwong@...nel.org>
---
 lib/ext2fs/fallocate.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/ext2fs/fallocate.c b/lib/ext2fs/fallocate.c
index 063242c5fa4e6b..1ef989cd38214d 100644
--- a/lib/ext2fs/fallocate.c
+++ b/lib/ext2fs/fallocate.c
@@ -718,7 +718,8 @@ static errcode_t extent_fallocate(ext2_filsys fs, int flags, ext2_ino_t ino,
 		goal = left_extent.e_pblk - (left_extent.e_lblk - start);
 		err = ext_falloc_helper(fs, flags, ino, inode, handle, NULL,
 					&left_extent, start,
-					left_extent.e_lblk - start, goal);
+					min(len, left_extent.e_lblk - start),
+					goal);
 		if (err)
 			goto errout;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ