| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c4d98da8-1931-4165-9212-c502c71d4bbd@uls.co.za>
Date: Fri, 28 Jul 2023 07:05:06 +0200
From: Jaco Kroon <jaco@....co.za>
To: Bernd Schubert <bernd.schubert@...tmail.fm>,
Miklos Szeredi <miklos@...redi.hu>
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
Randy Dunlap <rdunlap@...radead.org>,
Antonio SJ Musumeci <trapexit@...wn.link>
Subject: Re: [PATCH] fuse: enable larger read buffers for readdir [v2].
Hi,
>>> plus = fuse_use_readdirplus(inode, ctx);
>>> ap->args.out_pages = true;
>>> - ap->num_pages = 1;
>>> + ap->num_pages = READDIR_PAGES;
>>
>> No. This is the array lenght, which is 1. This is the hack I guess,
>> which makes the above trick work.
>
> Hmm, ap->num_pages / ap->pages[] is used in fuse_copy_pages, but so is
> ap->descs[] - shouldn't the patch caused an out-of-bound access?
> Out of interest, would you mind to explain how the hack worked?
Apparently it shouldn't ... my understanding of how pages* worked was
all wrong.
I'm guessing since all the data fits in the first page (ap->pages[0] in
other words, of length/size desc.length) that the other pages are never
accessed. Looking at fuse_copy_pages this does indeed seem to be the
case. So I ended up just being really, really lucky here.
Kind regards,
Jaco
Powered by blists - more mailing lists