| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090804110217.GB4016@gradator.net>
Date: Tue, 4 Aug 2009 13:02:18 +0200
From: Sylvain Rochet <gradator@...dator.net>
To: Jan Kara <jack@...e.cz>
Cc: linux-kernel@...r.kernel.org, linux-ext4@...r.kernel.org,
linux-nfs@...r.kernel.org
Subject: Re: 2.6.28.9: EXT3/NFS inodes corruption
Hi,
On Wed, Jul 29, 2009 at 02:58:12PM +0200, Jan Kara wrote:
> On Tue 28-07-09 18:41:42, Sylvain Rochet wrote:
> >
> > Lets move out the corrupted directory ;)
> >
> > root@...ooka:/data/web/ed/90/48/walotux.walon.org/htdocs/tmp/cache/e# rm -- * .ok
> > rm: cannot remove `spip%3Farticle19.f8740dca': Input/output error
> > root@...ooka:/data/web/ed/90/48/walotux.walon.org/htdocs/tmp/cache/e# cd ..
> > root@...ooka:/data/web/ed/90/48/walotux.walon.org/htdocs/tmp/cache# mv e/ /data/lost+found/wooops
>
> Actually, leaving that file in the filesystem can potentially lead to
> strange effects because eventually the inode "spip%3Farticle19.f8740dca"
> points to gets reallocated and then you can get e.g. a hardlinked
> directory. On the other hand having it lost+found should be safe enough.
This happened a few times in the past, we saw corrupted dentries reappearing with
a new file. New files with reference count set to 1 (but obviously should be 2 in
this case). So the rule is "do not delete corrupted dentries anyway, keep them
safe in lost+found and do not touch it" ;).
Sylvain
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
Powered by blists - more mailing lists