lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 14 Oct 2020 21:00:51 +0200
From:   Andreas Gruenbacher <agruenba@...hat.com>
To:     Anant Thazhemadam <anant.thazhemadam@...il.com>
Cc:     Andrew Price <anprice@...hat.com>,
        Bob Peterson <rpeterso@...hat.com>,
        syzbot+a5e2482a693e6b1e444b@...kaller.appspotmail.com,
        LKML <linux-kernel@...r.kernel.org>,
        linux-kernel-mentees@...ts.linuxfoundation.org,
        cluster-devel <cluster-devel@...hat.com>,
        Fox Chen <foxhlchen@...il.com>,
        syzbot+af90d47a37376844e731@...kaller.appspotmail.com
Subject: Re: [PATCH v2] fs: gfs2: add validation checks for size of superblock

Anant,

On Wed, Oct 14, 2020 at 6:31 PM Anant Thazhemadam
<anant.thazhemadam@...il.com> wrote:
> In gfs2_check_sb(), no validation checks are performed with regards to
> the size of the superblock.
> syzkaller detected a slab-out-of-bounds bug that was primarily caused
> because the block size for a superblock was set to zero.
> A valid size for a superblock is a power of 2 between 512 and PAGE_SIZE.
> Performing validation checks and ensuring that the size of the superblock
> is valid fixes this bug.
>
> Reported-by: syzbot+af90d47a37376844e731@...kaller.appspotmail.com
> Tested-by: syzbot+af90d47a37376844e731@...kaller.appspotmail.com
> Suggested-by: Andrew Price <anprice@...hat.com>
> Signed-off-by: Anant Thazhemadam <anant.thazhemadam@...il.com>
> ---
>
> Changes in v2:
>
>         * Completely dropped the changes proposed in v1. Instead,
>           validity checks for superblock size have been introduced.
>           (Suggested by Andrew Price<anprice@...hat.com>)
>
>         * Addded a "Suggested-by" tag accrediting the patch idea to
>           Andrew. If there's any issue with that, please let me know.
>
>         * Changed the commit header and commit message appropriately.
>
>         * Updated "Reported-by" and "Tested-by" tags to the same instance
>           of the bug that was detected earlier (non consequential change).
>
>
>  fs/gfs2/ops_fstype.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
> index 6d18d2c91add..f0605fae2c4c 100644
> --- a/fs/gfs2/ops_fstype.c
> +++ b/fs/gfs2/ops_fstype.c
> @@ -169,6 +169,13 @@ static int gfs2_check_sb(struct gfs2_sbd *sdp, int silent)
>                 return -EINVAL;
>         }
>
> +       /* Check if the size of the block is valid - a power of 2 between 512 and  PAGE_SIZE */
> +       if (sb->sb_bsize < 512 || sb->sb_bsize > PAGE_SIZE || (sb->sb_bsize & (sb->sb_bsize - 1))) {
> +               if (!silent)
> +                       pr_warn("Invalid superblock size\n");
> +               return -EINVAL;
> +       }
> +

I'll add that to for-next.

Thanks,
Andreas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ