lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d1f6c2da-4473-d0ae-88a2-dc379a9857e8@gmail.com>
Date:   Tue, 18 Oct 2022 15:33:25 +0700
From:   Bagas Sanjaya <bagasdotme@...il.com>
To:     Jintao Yin <nicememory@...il.com>, phillip@...ashfs.org.uk
Cc:     linux-kernel@...r.kernel.org, marcmiltenberger@...il.com,
        mirsad.todorovac@....unizg.hr, regressions@...mhuis.info,
        regressions@...ts.linux.dev, srw@...dewatkins.net
Subject: Re: BISECT result: 6.0.0-RC kernels trigger Firefox snap bug with
 6.0.0-rc3 through 6.0.0-rc7

On 10/18/22 14:23, Bagas Sanjaya wrote:
> On 10/18/22 09:15, Jintao Yin wrote:
>> Hi Phillip,
>>   There is a logical bug in commit 8fc78b6fe24c36b151ac98d7546591ed92083d4f
>>   which is parent commit of commit b09a7a036d2035b14636cd4c4c69518d73770f65.
>>   
>>   In function squashfs_readahead(...),
>>   file_end is initialized with i_size_read(inode) >> msblk->block_log,
>>   which means the last block index of the file.
>>   But later in the logic to check if the page is last one or not the
>>   code is 
>>     if (pages[nr_pages - 1]->index == file_end && bytes) {
>>       ...
>>     }
>>   , use file_end as the last page index of file but actually is the last
>>   block index, so for the common setup of page and block size, the first 
>>   comparison is true only when pages[nr_pages - 1]->index is 0.
>>   Otherwise, the trailing bytes of last page won't be zeroed.
>>
>>   Maybe it's the real cause of the snap bug in some way.
>>
> 
> Hi Jintao, thanks for explaining the real culprit. However, I'd like to
> see the fixup patch from you so that we can test.
> 

Sorry for inconvenience. Hsin-Yi Wang have already submitted the candidate
fix at [1]. Thanks anyway.

[1]: https://lore.kernel.org/lkml/CAJMQK-hgQEkhgpO9VFOCgn-cKtVsr7Hb_58pAYiGoDi5SzGZtA@mail.gmail.com/

-- 
An old man doll... just what I always wanted! - Clara

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ