lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 14 Jun 2022 16:50:22 +0800
From:   Qu Wenruo <quwenruo.btrfs@....com>
To:     Christoph Hellwig <hch@....de>, dsterba@...e.cz,
        syzbot <syzbot+d2dd123304b4ae59f1bd@...kaller.appspotmail.com>,
        akpm@...ux-foundation.org, clm@...com, dsterba@...e.com,
        josef@...icpanda.com, linux-btrfs@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, syzkaller-bugs@...glegroups.com,
        willy@...radead.org
Subject: Re: [syzbot] KASAN: use-after-free Read in copy_page_from_iter_atomic
 (2)



On 2022/6/14 15:17, Christoph Hellwig wrote:
> On Mon, Jun 13, 2022 at 09:39:12PM +0200, David Sterba wrote:
>> On Fri, Jun 10, 2022 at 12:10:19AM -0700, syzbot wrote:
>>> syzbot has bisected this issue to:
>>>
>>> commit 4cd4aed63125ccd4efc35162627827491c2a7be7
>>> Author: Christoph Hellwig <hch@....de>
>>> Date:   Fri May 27 08:43:20 2022 +0000
>>>
>>>      btrfs: fold repair_io_failure into btrfs_repair_eb_io_failure
>>
>> Josef also reported a crash and found a bug in the patch, now added as
>> fixup that'll be in for-next:
>
> The patch looks correct to me.  Two things to note here:
>
>   - I hadn't realized you had queued up the series.  I've actually
>     started to merge some of my bio work with the bio split at
>     submission time work from Qu and after a few iterations I think
>     I would do the repair code a bit differently based on that.
>     Can you just drop the series for now?
>   - I find it interesting that syzbot hits btrfs metadata repair.
>     xfstests seems to have no coverage and I could not come up with
>     a good idea how to properly test it.  Does anyone have a good
>     idea on how to intentially corrupt metadata in a deterministic
>     way?

The same way as data?

map-logical to find the location of a mirror, write 4 bytes of zero into
the location, then call it a day.

Although for metadata, you may want to choose a metadata that would
definitely get read.
Thus tree root is a good candidate.

Thanks,
Qu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ