lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Tue, 25 Sep 2012 08:24:38 +0800
From:	Wang Sheng-Hui <shhuiw@...il.com>
To:	chris.mason@...ionio.com, jbacik@...ionio.com,
	linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Btrfs: check range early in map_private_extent_buffer

On 2012年09月25日 00:17, David Sterba wrote:
> On Mon, Sep 24, 2012 at 12:38:07PM +0800, Wang Sheng-Hui wrote:
>> Check range early to avoid further check/compute in case
>> of range error.
>>
>> Signed-off-by: Wang Sheng-Hui <shhuiw@...il.com>
>> ---
>>  fs/btrfs/extent_io.c |   16 ++++++++--------
>>  1 files changed, 8 insertions(+), 8 deletions(-)
>>
>> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
>> index 4c87847..9250cf5 100644
>> --- a/fs/btrfs/extent_io.c
>> +++ b/fs/btrfs/extent_io.c
>> @@ -4643,6 +4643,14 @@ int map_private_extent_buffer(struct extent_buffer *eb, unsigned long start,
>>  	unsigned long end_i = (start_offset + start + min_len - 1) >>
>>  		PAGE_CACHE_SHIFT;
>>  
>> +	if (start + min_len > eb->len) {
>> +		printk(KERN_ERR "btrfs bad mapping eb start %llu len %lu, "
>> +		       "wanted %lu %lu\n", (unsigned long long)eb->start,
>> +		       eb->len, start, min_len);
>> +		WARN_ON(1);
>> +		return -EINVAL;
>> +	}
>> +
>>  	if (i != end_i)
>>  		return -EINVAL;
> 
> 4665         unsigned long i = (start_offset + start) >> PAGE_CACHE_SHIFT;
> 4666         unsigned long end_i = (start_offset + start + min_len - 1) >>
> 4667                 PAGE_CACHE_SHIFT;
> 
> so the check above effectively verifies that
> 
>   min_len - 1 < PAGE_CACHE_SIZE
> AND
>   is within the same page
> 
> The other check
> 
> 	if (start + min_len > eb->len) {
> 
> looks if the requested data do not lie out of the bounds of the extent
> buffer, where min_len is filled with sizeof(something).
> 
> So, both the checks look for corrupted metadata, I don't see the need to
> swap them.

Reread the code and it really does the check.
Got it. Thanks for your explanation.

> 
> david

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists