lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <4b6fba110810051516q72f890e2x8805dd7a0753a8ba@mail.gmail.com>
Date:	Sun, 5 Oct 2008 18:16:57 -0400
From:	"Daniel Rosenthal" <danielrosenthal@....org>
To:	LKML <linux-kernel@...r.kernel.org>
Cc:	gerg@...pgear.com, dwmw2@...radead.org
Subject: [PATCH] Fix infinite loop in INFTL_foldchain() in drivers/mtd/inftlcore.c

Below is a patch to fix an infinite loop in the last loop of
INFTL_foldchain() in drivers/mtd/inftlcore.c modified against Linus'
kernel tree.  If INFTL_formatblock() fails repeatedly, this last loop
will go forever because PUtable[thisEUN] is only checked against
BLOCK_NIL and not BLOCK_RESERVED, and if the block fails to format,
PUtable[prevEUN] is not set to BLOCK_NIL.

This will update the in memory copy of the PUchain, but it should be
verified that when the system reboots and the inftl device is
remounted, that the code will properly construct the PUchain from the
device.  I do not have the expertise to verify this myself, so perhaps
somebody else should.  A couple other people and I will try to take a
look at it over the next couple days, but make no guarantees.

-Daniel


Patch:
--------------------------

>From 8f1275749768d316788194cc198093b00f85d0d6 Mon Sep 17 00:00:00 2001
From: Daniel Rosenthal <danielrosenthal@....org>
Date: Sun, 5 Oct 2008 17:43:10 -0400
Subject: [PATCH] Fix infinite loop in INFTL_foldchain in
drivers/mtd/inftlcore.c.


Signed-off-by: Daniel Rosenthal <danielrosenthal@....org>
---
 drivers/mtd/inftlcore.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/drivers/mtd/inftlcore.c b/drivers/mtd/inftlcore.c
index c4f9d33..50ce138 100644
--- a/drivers/mtd/inftlcore.c
+++ b/drivers/mtd/inftlcore.c
@@ -388,6 +388,10 @@ static u16 INFTL_foldchain(struct INFTLrecord
*inftl, unsigned thisVUC, unsigned
 		if (thisEUN == targetEUN)
 			break;

+		/* Unlink the last block from the chain. */
+		inftl->PUtable[prevEUN] = BLOCK_NIL;
+
+		/* Now try to erase it. */
 		if (INFTL_formatblock(inftl, thisEUN) < 0) {
 			/*
 			 * Could not erase : mark block as reserved.
@@ -396,7 +400,6 @@ static u16 INFTL_foldchain(struct INFTLrecord
*inftl, unsigned thisVUC, unsigned
 		} else {
 			/* Correctly erased : mark it as free */
 			inftl->PUtable[thisEUN] = BLOCK_FREE;
-			inftl->PUtable[prevEUN] = BLOCK_NIL;
 			inftl->numfreeEUNs++;
 		}
 	}
-- 
1.5.6.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ