lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 Feb 2021 21:05:25 +0800
From:   Gao Xiang <hsiangkao@...hat.com>
To:     Chao Yu <chao@...nel.org>, Chao Yu <yuchao0@...wei.com>
Cc:     linux-erofs@...ts.ozlabs.org, LKML <linux-kernel@...r.kernel.org>,
        syzkaller-bugs@...glegroups.com,
        syzbot+c68f467cd7c45860e8d4@...kaller.appspotmail.com
Subject: Re: [PATCH] erofs: fix shift-out-of-bounds of blkszbits

Hi Chao,

On Wed, Jan 20, 2021 at 09:30:16AM +0800, Gao Xiang wrote:
> From: Gao Xiang <hsiangkao@...hat.com>
> 
> syzbot generated a crafted bitszbits which can be shifted
> out-of-bounds[1]. So directly print unsupported blkszbits
> instead of blksize.
> 
> [1] https://lore.kernel.org/r/000000000000c72ddd05b9444d2f@google.com
> Reported-by: syzbot+c68f467cd7c45860e8d4@...kaller.appspotmail.com
> Signed-off-by: Gao Xiang <hsiangkao@...hat.com>

Could you kindly review this trivial syzaller patch as well? Since
"erofs: initialized fields can only be observed after bit is set"
is somewhat serious on some weak-memory-order designed platforms
(no idea why our hisilison ARM64 platform didn't observe it before.)
I intended to prepare this for 5.13 cycle directly with ongoing
multi pcluster / LZMA in-kernel decompresion. But that regression
seems a bit important to upstream for the next 5.12 cycle....

Thanks,
Gao Xiang

> ---
>  fs/erofs/super.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/erofs/super.c b/fs/erofs/super.c
> index be10b16ea66e..d5a6b9b888a5 100644
> --- a/fs/erofs/super.c
> +++ b/fs/erofs/super.c
> @@ -158,8 +158,8 @@ static int erofs_read_superblock(struct super_block *sb)
>  	blkszbits = dsb->blkszbits;
>  	/* 9(512 bytes) + LOG_SECTORS_PER_BLOCK == LOG_BLOCK_SIZE */
>  	if (blkszbits != LOG_BLOCK_SIZE) {
> -		erofs_err(sb, "blksize %u isn't supported on this platform",
> -			  1 << blkszbits);
> +		erofs_err(sb, "blkszbits %u isn't supported on this platform",
> +			  blkszbits);
>  		goto out;
>  	}
>  
> -- 
> 2.24.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ