lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6388D268.7030601@huawei.com>
Date:   Fri, 2 Dec 2022 00:12:24 +0800
From:   "yebin (H)" <yebin10@...wei.com>
To:     Theodore Ts'o <tytso@....edu>, Ye Bin <yebin@...weicloud.com>
CC:     <adilger.kernel@...ger.ca>, <linux-ext4@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, <jack@...e.cz>,
        <syzbot+4d99a966fd74bdeeec36@...kaller.appspotmail.com>
Subject: Re: [PATCH v2] ext4: fix WARNING in ext4_expand_extra_isize_ea



On 2022/12/2 0:00, Theodore Ts'o wrote:
> On Thu, Dec 01, 2022 at 10:59:23PM +0800, Ye Bin wrote:
>> Reason is allocate 16M memory by kmalloc, but MAX_ORDER is 11, kmalloc
>> can allocate maxium size memory is 4M.
>> XATTR_SIZE_MAX is currently 64k, but EXT4_XATTR_SIZE_MAX is '(1 << 24)',
>> so 'ext4_xattr_check_entries()' regards this length as legal. Then trigger
>> warning in 'ext4_xattr_move_to_block()'.
>> To solve above issue, according to Jan Kara's suggestion use kvmalloc()
>> to allocate memory in ext4_xattr_move_to_block().
> See my comment to the v1 version of the patch.  I suspect the real
> problem is that the e_value_size is completely bogus, and we should
> have checked it much earlier in the stack call trace, via a call to
> xattr_check_inode().
Yes, Not only the e_value_size is wrong, but also the inode is wrong:
EXT4-fs: Ignoring removed nobh option
EXT4-fs error (device loop0): ext4_xattr_inode_iget:389: comm rep: inode 
#1: comm rep: iget: illegal inode #
EXT4-fs error (device loop0): ext4_xattr_inode_iget:392: comm rep: error 
while reading EA inode 1 err=-117
EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2788: Unable 
to expand inode 15. Delete some EAs or run e2fsck.

Maybe we can do follow check  in ext4_xattr_check_entries() when 
"entry->e_value_inum != 0".
···
err = ext4_xattr_inode_iget(inode, le32_to_cpu(entry->e_value_inum),
                             le32_to_cpu(entry->e_hash), &ea_inode);
if (err) {
         ea_inode = NULL;
         goto out;
}

if (i_size_read(ea_inode) != size) {
         ext4_warning_inode(ea_inode,
                            "ea_inode file size=%llu entry size=%zu",
                            i_size_read(ea_inode), size);
         err = -EFSCORRUPTED;
         goto out;
}
···
>
> Cheers,
>
> 					- Ted
>
> .
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ