| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTim_U+mJtHk7drvqMOmUwd4ro8J0dazZMDsNqH=o@mail.gmail.com> Date: Wed, 16 Feb 2011 13:36:18 +0900 From: Minchan Kim <minchan.kim@...il.com> To: Dan Magenheimer <dan.magenheimer@...cle.com> Cc: Matt <jackdachef@...il.com>, gregkh@...e.de, Chris Mason <chris.mason@...cle.com>, linux-kernel@...r.kernel.org, linux-mm@...ck.org, ngupta@...are.org, linux-btrfs@...r.kernel.org, Josef Bacik <josef@...hat.com>, Dan Rosenberg <drosenberg@...curity.com>, Yan Zheng <zheng.z.yan@...el.com>, miaox@...fujitsu.com, Li Zefan <lizf@...fujitsu.com> Subject: Re: [PATCH V2 0/3] drivers/staging: zcache: dynamic page cache/swap compression On Wed, Feb 16, 2011 at 10:27 AM, Dan Magenheimer <dan.magenheimer@...cle.com> wrote: >> -----Original Message----- >> From: Matt [mailto:jackdachef@...il.com] >> Sent: Tuesday, February 15, 2011 5:12 PM >> To: Minchan Kim >> Cc: Dan Magenheimer; gregkh@...e.de; Chris Mason; linux- >> kernel@...r.kernel.org; linux-mm@...ck.org; ngupta@...are.org; linux- >> btrfs@...r.kernel.org; Josef Bacik; Dan Rosenberg; Yan Zheng; >> miaox@...fujitsu.com; Li Zefan >> Subject: Re: [PATCH V2 0/3] drivers/staging: zcache: dynamic page >> cache/swap compression >> >> On Mon, Feb 14, 2011 at 4:35 AM, Minchan Kim <minchan.kim@...il.com> >> > Just my guessing. I might be wrong. >> > >> > __cleancache_flush_inode calls cleancache_get_key with >> cleancache_filekey. >> > cleancache_file_key's size is just 6 * u32. >> > cleancache_get_key calls btrfs_encode_fh with the key. >> > but btrfs_encode_fh does typecasting the key to btrfs_fid which is >> > bigger size than cleancache_filekey's one so it should not access >> > fields beyond cleancache_get_key. >> > >> > I think some file systems use extend fid so in there, this problem >> can >> > happen. I don't know why we can't find it earlier. Maybe Dan and >> > others test it for a long time. >> > >> > Am I missing something? >> > >> > >> > >> > -- >> > Kind regards, >> > Minchan Kim >> > >> >> reposting Minchan's message for reference to the btrfs mailing list >> while also adding >> >> Li Zefan, Miao Xie, Yan Zheng, Dan Rosenberg and Josef Bacik to CC >> >> Regards >> >> Matt > > Hi Matt and Minchan -- > > (BTRFS EXPERTS SEE *** BELOW) > > I definitely see a bug in cleancache_get_key in the monolithic > zcache+cleancache+frontswap patch I posted on oss.oracle.com > that is corrected in linux-next but I don't see how it could > get provoked by btrfs. > > The bug is that, in cleancache_get_key, the return value of fhfn should > be checked against 255. If the return value is 255, cleancache_get_key > should return -1. This should disable cleancache for any filesystem > where KEY_MAX is too large. > > But cleancache_get_key always calls fhfn with connectable == 0 and > CLEANCACHE_KEY_MAX==6 should be greater than BTRFS_FID_SIZE_CONNECTABLE > (which I think should be 5?). And the elements written into the > typecast btrfs_fid should be only writing the first 5 32-bit words. BTRFS_FID_SIZE_NON_CONNECTALBE is 5, not BTRFS_FID_SIZE_CONNECTABLE. Anyway, you passed connectable with 0 so it should be only writing the first 5 32-bit words as you said. That's one I missed. ;-) Thanks. -- Kind regards, Minchan Kim -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists