lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 May 2017 09:12:57 -0700 From: "Darrick J. Wong" <darrick.wong@...cle.com> To: Tahsin Erdogan <tahsin@...gle.com> Cc: Jan Kara <jack@...e.com>, "Theodore Ts'o" <tytso@....edu>, Andreas Dilger <adilger.kernel@...ger.ca>, Dave Kleikamp <shaggy@...nel.org>, Alexander Viro <viro@...iv.linux.org.uk>, Mark Fasheh <mfasheh@...sity.com>, Joel Becker <jlbec@...lplan.org>, Jens Axboe <axboe@...com>, Deepa Dinamani <deepa.kernel@...il.com>, Mike Christie <mchristi@...hat.com>, Fabian Frederick <fabf@...net.be>, linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org, jfs-discussion@...ts.sourceforge.net, linux-fsdevel@...r.kernel.org, ocfs2-devel@....oracle.com, reiserfs-devel@...r.kernel.org Subject: Re: [PATCH 07/28] ext4: call journal revoke when freeing ea_inode blocks On Wed, May 31, 2017 at 01:14:56AM -0700, Tahsin Erdogan wrote: > ea_inode contents are treated as metadata, that's why it is journaled > during initial writes. Failing to call revoke during freeing could cause > user data to be overwritten with original ea_inode contents during journal > replay. > > Signed-off-by: Tahsin Erdogan <tahsin@...gle.com> > --- > fs/ext4/extents.c | 3 ++- > fs/ext4/indirect.c | 3 ++- > 2 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c > index 3e36508610b7..e0a8425ff74d 100644 > --- a/fs/ext4/extents.c > +++ b/fs/ext4/extents.c > @@ -2488,7 +2488,8 @@ int ext4_ext_index_trans_blocks(struct inode *inode, int extents) > > static inline int get_default_free_blocks_flags(struct inode *inode) > { > - if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) > + if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode) || > + ext4_test_inode_flag(inode, EXT4_INODE_EA_INODE)) > return EXT4_FREE_BLOCKS_METADATA | EXT4_FREE_BLOCKS_FORGET; > else if (ext4_should_journal_data(inode)) > return EXT4_FREE_BLOCKS_FORGET; > diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c > index bc15c2c17633..7ffa290cbb8e 100644 > --- a/fs/ext4/indirect.c > +++ b/fs/ext4/indirect.c > @@ -829,7 +829,8 @@ static int ext4_clear_blocks(handle_t *handle, struct inode *inode, > int flags = EXT4_FREE_BLOCKS_VALIDATED; > int err; > > - if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) > + if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode) || > + ext4_test_inode_flag(inode, EXT4_INODE_EA_INODE)) I appreciate the thoroughness of doing this even for blockmapped ea_inode files, and I'm not complaining about this hunk at all. :) However, please consider requiring the extents feature + format as a prerequisite for ea_inodes. ext4 has traditionally been very ... permissive about supporting a diverse range of feature options, but the cost of that diversity is that the feature support matrix that the community has to support is already untestably large. I think it would be wise not to support !extents && ea_inode, particularly since blockmaps aren't protected by metadata_csum and so in the long run it's probably best to minimize the introduction of new blockmap files (on ext4 anyway). --D > flags |= EXT4_FREE_BLOCKS_FORGET | EXT4_FREE_BLOCKS_METADATA; > else if (ext4_should_journal_data(inode)) > flags |= EXT4_FREE_BLOCKS_FORGET; > -- > 2.13.0.219.gdb65acc882-goog >
Powered by blists - more mailing lists