| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Oct 2022 14:23:42 +0700
From: Bagas Sanjaya <bagasdotme@...il.com>
To: Jintao Yin <nicememory@...il.com>, phillip@...ashfs.org.uk
Cc: linux-kernel@...r.kernel.org, marcmiltenberger@...il.com,
mirsad.todorovac@....unizg.hr, regressions@...mhuis.info,
regressions@...ts.linux.dev, srw@...dewatkins.net
Subject: Re: BISECT result: 6.0.0-RC kernels trigger Firefox snap bug with
6.0.0-rc3 through 6.0.0-rc7
On 10/18/22 09:15, Jintao Yin wrote:
> Hi Phillip,
> There is a logical bug in commit 8fc78b6fe24c36b151ac98d7546591ed92083d4f
> which is parent commit of commit b09a7a036d2035b14636cd4c4c69518d73770f65.
>
> In function squashfs_readahead(...),
> file_end is initialized with i_size_read(inode) >> msblk->block_log,
> which means the last block index of the file.
> But later in the logic to check if the page is last one or not the
> code is
> if (pages[nr_pages - 1]->index == file_end && bytes) {
> ...
> }
> , use file_end as the last page index of file but actually is the last
> block index, so for the common setup of page and block size, the first
> comparison is true only when pages[nr_pages - 1]->index is 0.
> Otherwise, the trailing bytes of last page won't be zeroed.
>
> Maybe it's the real cause of the snap bug in some way.
>
Hi Jintao, thanks for explaining the real culprit. However, I'd like to
see the fixup patch from you so that we can test.
Thanks.
--
An old man doll... just what I always wanted! - Clara
Powered by blists - more mailing lists