lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <a55d468a-7358-5079-a903-e2240a6e30ee@vivo.com>
Date:   Mon, 10 Jul 2023 17:37:28 +0800
From:   Chunhai Guo <guochunhai@...o.com>
To:     Gao Xiang <hsiangkao@...ux.alibaba.com>,
        "xiang@...nel.org" <xiang@...nel.org>,
        "chao@...nel.org" <chao@...nel.org>
Cc:     "huyue2@...lpad.com" <huyue2@...lpad.com>,
        "jefflexu@...ux.alibaba.com" <jefflexu@...ux.alibaba.com>,
        "linux-erofs@...ts.ozlabs.org" <linux-erofs@...ts.ozlabs.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] erofs: fix two loop issues when read page beyond EOF



On 2023/7/10 13:02, Gao Xiang wrote:
> 
> 
> On 2023/7/10 12:35, Chunhai Guo wrote:
>>
>>
>> On 2023/7/10 11:37, Gao Xiang wrote:
>>>
>>>
>>> On 2023/7/10 11:32, Chunhai Guo wrote:
>>>> Hi Xiang,
>>>>
>>>> On 2023/7/8 17:00, Gao Xiang wrote:
>>>>> Hi Chunhai,
>>>>>
>>>>> On 2023/7/8 14:24, Chunhai Guo wrote:
>>>>>> When z_erofs_read_folio() reads a page with an offset far beyond EOF, two
>>>>>> issues may occur:
>>>>>> - z_erofs_pcluster_readmore() may take a long time to loop when the offset
>>>>>>       is big enough, which is unnecessary.
>>>>>>         - For example, it will loop 4691368 times and take about 27 seconds
>>>>>>           with following case.
>>>>>>             - offset = 19217289215
>>>>>>             - inode_size = 1442672
>>>>>> - z_erofs_do_read_page() may loop infinitely due to the inappropriate
>>>>>>       truncation in the below statement. Since the offset is 64 bits and
>>>>>> min_t() truncates the result to 32 bits. The solution is to replace
>>>>>> unsigned int with another 64-bit type, such as erofs_off_t.
>>>>>>         cur = end - min_t(unsigned int, offset + end - map->m_la, end);
>>>>>>         - For example:
>>>>>>             - offset = 0x400160000
>>>>>>             - end = 0x370
>>>>>>             - map->m_la = 0x160370
>>>>>>             - offset + end - map->m_la = 0x400000000
>>>>>>             - offset + end - map->m_la = 0x00000000 (truncated as unsigned int)
>>>>>
>>>>> Thanks for the catch!
>>>>>
>>>>> Could you split these two into two patches?
>>>>>
>>>>> how about using:
>>>>> cur = end - min_t(erofs_off_t, offend + end - map->m_la, end)
>>>>> for this?
>>>>>
>>>>> since cur and end are all [0, PAGE_SIZE - 1] for now, and
>>>>> folio_size() later.
>>>>
>>>> OK. I will split the patch.
>>>>
>>>> Sorry that I can not understand what is 'offend' refer to and what do you mean. Could you please describe it more clearly?
>>>
>>> Sorry, there is a typo here, I meant 'offset'.
>>>
>>> `cur` and `end` both are not exceed 4096 if your page_size
>>> is 4096.
>>>
>>> Does
>>> cur = end - min_t(erofs_off_t, offset + end - map->m_la, end)
>>>
>>> fix your issue?
>>
>> Yes. I think this will fix this issue. Do you mean the below change is unncessary?
>>   >>>> -    unsigned int cur, end, spiltted;
>>   >>>> +    erofs_off_t cur, end;
>>   >>>> +    unsigned int spiltted;
> 
> Yes, please help send a fix for this!
> 
> Thanks,
> Gao Xiang
> 

Got it. I have sent the patch. Please have a check.

Thanks,
Guo Chunhai

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ