| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Dec 2012 19:36:33 +0900
From: OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>
To: Namjae Jeon <linkinjeon@...il.com>
Cc: akpm@...ux-foundation.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org,
Namjae Jeon <namjae.jeon@...sung.com>,
Ravishankar N <ravi.n1@...sung.com>,
Amit Sahrawat <a.sahrawat@...sung.com>
Subject: Re: [PATCH v5 7/8] fat (exportfs): rebuild directory-inode if fat_dget() fails
OGAWA Hirofumi <hirofumi@...l.parknet.co.jp> writes:
> Namjae Jeon <linkinjeon@...il.com> writes:
>
>>> Yes, we can't use fat_search_long() as is, of course. However, we can
>>> share the basic algorithm and code.
>>>
>>> The both are doing,
>>>
>>> 1) traverse the blocks chained by ->i_start.
>>> 2) get the record (dirent) from blocks.
>>> 3) check the detail of record
>>>
>>> The difference is only (3), right? I know, the code has many differences
>>> though. The actual logic are almost same.
>>>
>>> And see, e.g., fat_get_cluster() is checking several unexpected
>>> state. We have to care about corrupting data. It is not only
>>> "infinite-loop" case. And why I'm saying it is better to share code.
>>
>> Regarding unexpected conditions,
>> When we compare the unexpected conditions in fat_get_cluster:
>> We get these as conditions which can arise:
>> fat_end_read() returns:
>> 1) < 0
>> 2) FAT_ENT_FREE
>> 3) FAT_ENT_EOF
>> And the last is
>> 4) Preventing the infinite looping of cluster chain.
>>
>> Our patch is already covering the cases:
>> case 1) , 2) => if (search_clus < 0 || search_clus == FAT_ENT_FREE)
>> about case 3) => while (search_clus != FAT_ENT_EOF);
>>
>> while for Case 4:
>> We can make changes like this:
>>
>> @@ -179,8 +179,9 @@ struct dentry *fat_get_parent(struct dentry *child_dir)
>> struct inode *parent_inode = NULL;
>> struct msdos_sb_info *sbi = MSDOS_SB(sb);
>> int parent_logstart;
>> - int search_clus, clus_to_match;
>> + int search_clus, clus_to_match, clus_count = 0;
>> sector_t blknr;
>> + const int limit = sb->s_maxbytes >> MSDOS_SB(sb)->cluster_bits;
>>
>> if (!fat_get_dotdot_entry(child_dir->d_inode, &dotdot_bh, &de)) {
>> parent_logstart = fat_get_start(sbi, de);
>> @@ -223,6 +224,14 @@ struct dentry *fat_get_parent(struct dentry *child_dir)
>> search_clus, clus_to_match);
>> if (IS_ERR(parent_inode) || parent_inode)
>> break;
>> + if (++clus_count > limit) {
>> + fat_fs_error_ratelimit(sb,
>> + "%s: detected the cluster chain loop"
>> + " while reading directory entries from"
>> + " cluster %d", __func__, search_clus);
>> + parent_inode = ERR_PTR(-EIO);
>> + break;
>> + }
>> fatent_init(&fatent);
>> search_clus = fat_ent_read(sb, &fatent,
>> search_clus);
>
> and it is copy of fat_get_cluster(), right? It would be sane as start
> though, it is true to increase maintain cost, and it makes more similar
> to fat_search_long() path. It is why I said, copy at first, and
> refactoring after that.
BTW, fat_search_long() was wrong as similar function. Actually it would
be fat_scan(), because we don't care longname entry.
--
OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists