lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20221028165404.hzslvndpg26wop6k@cs.cmu.edu>
Date:   Fri, 28 Oct 2022 12:54:04 -0400
From:   Jan Harkes <jaharkes@...cmu.edu>
To:     Bagas Sanjaya <bagasdotme@...il.com>
Cc:     наб <nabijaczleweli@...ijaczleweli.xyz>,
        Jonathan Corbet <corbet@....net>,
        Federico Vaga <federico.vaga@...a.pv.it>,
        Alex Shi <alexs@...nel.org>,
        Yanteng Si <siyanteng@...ngson.cn>,
        Hu Haowen <src.res@...il.cn>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jiri Slaby <jirislaby@...nel.org>, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        linux-doc-tw-discuss@...ts.sourceforge.net
Subject: Re: [PATCH 05/15] coda: remove CODA_MAGIC

On Fri, Oct 28, 2022 at 08:23:38PM +0700, Bagas Sanjaya wrote:
> On 10/27/22 05:42, наб wrote:
> > We have largely moved away from this approach,
> > and we have better debugging tooling nowadays: kill it
> > 
> 
> Again, see [1] and [2].
> 
> [1]: https://lore.kernel.org/linux-doc/47c2bffb-6bfe-7f5d-0d2d-3cbb99d31019@gmail.com/
> [2]: https://lore.kernel.org/linux-doc/9d96c96d-dfc7-7749-07d4-2601c00661c2@gmail.com/

I guess I must be old-school because I appreciate magic numbers and
assertions to catch situations that should obviously never happen.

This https://lkml.org/lkml/2019/4/2/923 bug would have been caught a lot
sooner if ext4 had happened to check a magic number in vma->vm_file. As
it was, we ended up passing a Coda file instead of a file handle for the
the underlying filesystem which then ended up with the wrong inode and
their mmap_sem happened to scribble the spinlock on the Coda inode.

This wasn't really ext4's fault, it wasn't expecting to get a mmapped
region with another file system's file handle, but that is exactly the
point of these magic numbers, to catch the unexpected. Not sure what
better debug tooling would catch that unless you were already expecting
the problem.

Jan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ