lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 11 Oct 2021 23:56:22 +0300
From:   Mohammad Rasim <mohammad.rasim96@...il.com>
To:     Konstantin Komarov <almaz.alexandrovich@...agon-software.com>
Cc:     ntfs3@...ts.linux.dev, linux-kernel@...r.kernel.org,
        linux-fsdevel@...r.kernel.org,
        Kari Argillander <kari.argillander@...il.com>
Subject: Re: [PATCH] fs/ntfs3: Check for NULL if ATTR_EA_INFO is incorrect


On 10/11/21 19:55, Konstantin Komarov wrote:
> Hello.
>
> Presumably we found the code, that panics.
> But it panics in place, where pointer must be always not NULL.
> Please try patch provided below.
> If it helps (there is no panic), then check dmesg for
> message "Looks like internal error".
> And please compare copied folders.
> This way it will be clear what file / folder cause this logic error.
>
> Thanks for all your help so far.

Ok,

This helped, unfortunately the error is sporadic and i can't easily 
track down which file caused the crash .

In one test it seemd it was caused by files in three directories 
"package", "system" , "support" (all these directories are from the 
"buildroot" tree, most of the files that failed to copy were symlinks, 
don't know if that makes a difference)  but after rebooting and loading 
the unpatched ntfs3.ko i was able to copy these files without a crash!

It seems that the crash happens when copying large number of files so 
even a failed file can be copied if it was copied alone (I might be very 
wrong in my conclusion here)

anyways, i did multiple tests. in the first a few it copied without a 
crash and skipped a few files( the dmesg didn't contain the "Looks like 
internal error" message).

on subsequent tests i did get that message like so:

[  186.295722] ntfs3: sdb1: ino=1a, Looks like internal error
[  186.296219] ntfs3: sdb1: ntfs3_write_inode r=1a failed, -22

That "ino=1a" looks wrong to me !

  I will try to do more tests if i can but it's a bit annoying because 
each crash causes the file system to be corrupted and "ntfsfix" can't 
fix these errors so i have to reboot to windows os to be able to use 
"chkdsk" to fix the filesystem before doing the next test.

It would be nice if Paragon  releases "fsck.ntfs" that works well in 
these situations so we don't need to boot to windows to fix them


Regards


>
> [PATCH] fs/ntfs3: Check for NULL pointers in ni_try_remove_attr_list
>
> All these checks must be redundant.
> If this commit helps, then there is bug in code.
>
> Signed-off-by: Konstantin 
> Komarov<almaz.alexandrovich@...agon-software.com>
> ---
> fs/ntfs3/frecord.c | 23 ++++++++++++++++++++++-
> 1 file changed, 22 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c
> index ecb965e4afd0..37e19fe7d496 100644
> --- a/fs/ntfs3/frecord.c
> +++ b/fs/ntfs3/frecord.c
> @@ -705,18 +705,35 @@ static int ni_try_remove_attr_list(struct 
> ntfs_inode *ni)
> continue;
> mi = ni_find_mi(ni, ino_get(&le->ref));
> + if (!mi) {
> + /* Should never happened, 'cause already checked. */
> + goto bad;
> + }
> attr = mi_find_attr(mi, NULL, le->type, le_name(le),
> le->name_len, &le->id);
> + if (!attr) {
> + /* Should never happened, 'cause already checked. */
> + goto bad;
> + }
> asize = le32_to_cpu(attr->size);
> /* Insert into primary record. */
> attr_ins = mi_insert_attr(&ni->mi, le->type, le_name(le),
> le->name_len, asize,
> le16_to_cpu(attr->name_off));
> - id = attr_ins->id;
> + if (!attr_ins) {
> + /*
> + * Internal error.
> + * Either no space in primary record (already checked).
> + * Either tried to insert another
> + * non indexed attribute (logic error).
> + */
> + goto bad;
> + }
> /* Copy all except id. */
> + id = attr_ins->id;
> memcpy(attr_ins, attr, asize);
> attr_ins->id = id;
> @@ -732,6 +749,10 @@ static int ni_try_remove_attr_list(struct 
> ntfs_inode *ni)
> ni->attr_list.dirty = false;
> return 0;
> +bad:
> + ntfs_inode_err(&ni->vfs_inode, "Looks like internal error");
> + make_bad_inode(&ni->vfs_inode);
> + return -EINVAL;
> }
> /*

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ