lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 25 Nov 2020 09:55:27 -0600
From:   Eric Sandeen <sandeen@...deen.net>
To:     Qinglang Miao <miaoqinglang@...wei.com>,
        "Darrick J. Wong" <darrick.wong@...cle.com>,
        linux-xfs@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH] xfs: check the return value of krealloc() in
 xfs_uuid_mount

On 11/25/20 12:50 AM, Qinglang Miao wrote:
> krealloc() may fail to expand the memory space.

Even with __GFP_NOFAIL?

  * ``GFP_KERNEL | __GFP_NOFAIL`` - overrides the default allocator behavior
    and all allocation requests will loop endlessly until they succeed.
    This might be really dangerous especially for larger orders.

> Add sanity checks to it,
> and WARN() if that really happened.

As aside, there is no WARN added in this patch for a memory failure.

> Fixes: 771915c4f688 ("xfs: remove kmem_realloc()")
> Reported-by: Hulk Robot <hulkci@...wei.com>
> Signed-off-by: Qinglang Miao <miaoqinglang@...wei.com>
> ---
>  fs/xfs/xfs_mount.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c
> index 150ee5cb8..c07f48c32 100644
> --- a/fs/xfs/xfs_mount.c
> +++ b/fs/xfs/xfs_mount.c
> @@ -80,9 +80,13 @@ xfs_uuid_mount(
>  	}
>  
>  	if (hole < 0) {
> -		xfs_uuid_table = krealloc(xfs_uuid_table,
> +		uuid_t *if_xfs_uuid_table;
> +		if_xfs_uuid_table = krealloc(xfs_uuid_table,
>  			(xfs_uuid_table_size + 1) * sizeof(*xfs_uuid_table),
>  			GFP_KERNEL | __GFP_NOFAIL);
> +		if (!if_xfs_uuid_table)
> +			goto out_duplicate;

And this would emit "Filesystem has duplicate UUID" which is not correct.

But anyway, the __GFP_NOFAIL in the call makes this all moot AFAICT.

-Eric

> +		xfs_uuid_table = if_xfs_uuid_table;
>  		hole = xfs_uuid_table_size++;
>  	}
>  	xfs_uuid_table[hole] = *uuid;
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ