lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 24 Nov 2020 18:45:30 +0800
From:   Zhen Lei <thunder.leizhen@...wei.com>
To:     "Darrick J . Wong" <darrick.wong@...cle.com>,
        Brian Foster <bfoster@...hat.com>,
        linux-xfs <linux-xfs@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
CC:     Zhen Lei <thunder.leizhen@...wei.com>
Subject: [PATCH 1/2] xfs: check the return value of krealloc()

krealloc() may fail to expand the memory space. Add sanity checks to it,
and WARN() if that really happened.

Signed-off-by: Zhen Lei <thunder.leizhen@...wei.com>
---
 fs/xfs/libxfs/xfs_inode_fork.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/fs/xfs/libxfs/xfs_inode_fork.c b/fs/xfs/libxfs/xfs_inode_fork.c
index 7575de5cecb1..4e457aea8493 100644
--- a/fs/xfs/libxfs/xfs_inode_fork.c
+++ b/fs/xfs/libxfs/xfs_inode_fork.c
@@ -366,6 +366,8 @@ xfs_iroot_realloc(
 
 	ifp = XFS_IFORK_PTR(ip, whichfork);
 	if (rec_diff > 0) {
+		struct xfs_btree_block *if_broot;
+
 		/*
 		 * If there wasn't any memory allocated before, just
 		 * allocate it now and get out.
@@ -386,8 +388,13 @@ xfs_iroot_realloc(
 		cur_max = xfs_bmbt_maxrecs(mp, ifp->if_broot_bytes, 0);
 		new_max = cur_max + rec_diff;
 		new_size = XFS_BMAP_BROOT_SPACE_CALC(mp, new_max);
-		ifp->if_broot = krealloc(ifp->if_broot, new_size,
-					 GFP_NOFS | __GFP_NOFAIL);
+		if_broot = krealloc(ifp->if_broot, new_size,
+				    GFP_NOFS | __GFP_NOFAIL);
+		if (!if_broot) {
+			WARN(1, "if_broot realloc failed\n");
+			return;
+		}
+		ifp->if_broot = if_broot;
 		op = (char *)XFS_BMAP_BROOT_PTR_ADDR(mp, ifp->if_broot, 1,
 						     ifp->if_broot_bytes);
 		np = (char *)XFS_BMAP_BROOT_PTR_ADDR(mp, ifp->if_broot, 1,
@@ -477,6 +484,7 @@ xfs_idata_realloc(
 {
 	struct xfs_ifork	*ifp = XFS_IFORK_PTR(ip, whichfork);
 	int64_t			new_size = ifp->if_bytes + byte_diff;
+	char *if_data;
 
 	ASSERT(new_size >= 0);
 	ASSERT(new_size <= XFS_IFORK_SIZE(ip, whichfork));
@@ -496,8 +504,13 @@ xfs_idata_realloc(
 	 * in size so that it can be logged and stay on word boundaries.
 	 * We enforce that here.
 	 */
-	ifp->if_u1.if_data = krealloc(ifp->if_u1.if_data, roundup(new_size, 4),
+	if_data = krealloc(ifp->if_u1.if_data, roundup(new_size, 4),
 				      GFP_NOFS | __GFP_NOFAIL);
+	if (!if_data) {
+		WARN(1, "if_data realloc failed\n");
+		return;
+	}
+	ifp->if_u1.if_data = if_data;
 	ifp->if_bytes = new_size;
 }
 
-- 
2.26.0.106.g9fadedd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ