lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070916120221.GA24232@router.lepton.home>
Date:	Sun, 16 Sep 2007 20:02:21 +0800
From:	lepton <ytht.net@...il.com>
To:	reiserfs-dev@...esys.com
Cc:	lkm <linux-kernel@...r.kernel.org>
Subject: [PATCH] 2.6.22.6 reiserfs: work around for dead loop in finish_unfinished

Hi,
  There is possible dead loop in finish_unfinished function.
  In most situation, the call chain iput -> ... -> 
  reiserfs_delete_inode -> remove_save_link will success. But for
  some reason such as data corruption, reiserfs_delete_inode fails 
  on reiserfs_do_truncate -> search_for_position_by_key. Then 
  remove_save_link doesn't be called. We always get the same 
  "save_link_key" in the while loop in finish_unfinished function.
  The following patch adds a check for the possible dead loop and 
  just remove save link when deap loop. (against 2.6.22.6)

Signed-off-by: Lepton Wu <ytht.net@...il.com>

diff -X linux-2.6.22.6/Documentation/dontdiff -pru linux-2.6.22.6/fs/reiserfs/super.c linux-2.6.22.6-lepton/fs/reiserfs/super.c
--- linux-2.6.22.6/fs/reiserfs/super.c	2007-09-14 17:41:15.000000000 +0800
+++ linux-2.6.22.6-lepton/fs/reiserfs/super.c	2007-09-16 19:06:39.000000000 +0800
@@ -144,7 +144,7 @@ static int finish_unfinished(struct supe
 {
 	INITIALIZE_PATH(path);
 	struct cpu_key max_cpu_key, obj_key;
-	struct reiserfs_key save_link_key;
+	struct reiserfs_key save_link_key, last_inode_key;
 	int retval = 0;
 	struct item_head *ih;
 	struct buffer_head *bh;
@@ -165,6 +165,8 @@ static int finish_unfinished(struct supe
 	set_cpu_key_k_offset(&max_cpu_key, ~0U);
 	max_cpu_key.key_length = 3;
 
+	memset(&last_inode_key, 0, sizeof(last_inode_key));
+
 #ifdef CONFIG_QUOTA
 	/* Needed for iput() to work correctly and not trash data */
 	if (s->s_flags & MS_ACTIVE) {
@@ -277,8 +279,16 @@ static int finish_unfinished(struct supe
 			REISERFS_I(inode)->i_flags |= i_link_saved_unlink_mask;
 			/* not completed unlink (rmdir) found */
 			reiserfs_info(s, "Removing %k..", INODE_PKEY(inode));
-			/* removal gets completed in iput */
-			retval = 0;
+			if(memcmp(&last_inode_key, INODE_PKEY(inode),
+				  sizeof(last_inode_key))){
+				last_inode_key = *INODE_PKEY(inode);
+				/* removal gets completed in iput */
+				retval = 0;
+			} else {
+				reiserfs_warning(s, "Dead loop in finish_unfinished detected, just remove save link\n");
+				retval = remove_save_link_only(s, 
+							       &save_link_key, 0);
+			}
 		}
 
 		iput(inode);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ