lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Sep 2012 08:24:38 +0800 From: Wang Sheng-Hui <shhuiw@...il.com> To: chris.mason@...ionio.com, jbacik@...ionio.com, linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: Btrfs: check range early in map_private_extent_buffer On 2012年09月25日 00:17, David Sterba wrote: > On Mon, Sep 24, 2012 at 12:38:07PM +0800, Wang Sheng-Hui wrote: >> Check range early to avoid further check/compute in case >> of range error. >> >> Signed-off-by: Wang Sheng-Hui <shhuiw@...il.com> >> --- >> fs/btrfs/extent_io.c | 16 ++++++++-------- >> 1 files changed, 8 insertions(+), 8 deletions(-) >> >> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c >> index 4c87847..9250cf5 100644 >> --- a/fs/btrfs/extent_io.c >> +++ b/fs/btrfs/extent_io.c >> @@ -4643,6 +4643,14 @@ int map_private_extent_buffer(struct extent_buffer *eb, unsigned long start, >> unsigned long end_i = (start_offset + start + min_len - 1) >> >> PAGE_CACHE_SHIFT; >> >> + if (start + min_len > eb->len) { >> + printk(KERN_ERR "btrfs bad mapping eb start %llu len %lu, " >> + "wanted %lu %lu\n", (unsigned long long)eb->start, >> + eb->len, start, min_len); >> + WARN_ON(1); >> + return -EINVAL; >> + } >> + >> if (i != end_i) >> return -EINVAL; > > 4665 unsigned long i = (start_offset + start) >> PAGE_CACHE_SHIFT; > 4666 unsigned long end_i = (start_offset + start + min_len - 1) >> > 4667 PAGE_CACHE_SHIFT; > > so the check above effectively verifies that > > min_len - 1 < PAGE_CACHE_SIZE > AND > is within the same page > > The other check > > if (start + min_len > eb->len) { > > looks if the requested data do not lie out of the bounds of the extent > buffer, where min_len is filled with sizeof(something). > > So, both the checks look for corrupted metadata, I don't see the need to > swap them. Reread the code and it really does the check. Got it. Thanks for your explanation. > > david -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists