lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Ziweb7egkq2Ltn0d@dread.disaster.area>
Date: Sat, 27 Apr 2024 07:36:47 +1000
From: Dave Chinner <david@...morbit.com>
To: Christoph Hellwig <hch@...radead.org>
Cc: Brian Foster <bfoster@...hat.com>, Sam Sun <samsun1006219@...il.com>,
	linux-kernel@...r.kernel.org, linux-xfs@...r.kernel.org,
	djwong@...nel.org, chandan.babu@...cle.com,
	syzkaller-bugs@...glegroups.com, xrivendell7@...il.com
Subject: Re: [Linux kernel bug] KASAN: slab-out-of-bounds Read in xlog_cksum

On Thu, Apr 25, 2024 at 11:13:05PM -0700, Christoph Hellwig wrote:
> On Thu, Apr 25, 2024 at 09:57:54AM -0400, Brian Foster wrote:
> > On Thu, Apr 25, 2024 at 06:12:23AM -0700, Christoph Hellwig wrote:
> > > This triggers the workaround for really old xfsprogs putting in a
> > > bogus h_size:
> > > 
> > > [   12.101992] XFS (loop0): invalid iclog size (0 bytes), using lsunit (65536 bytes)
> > > 
> > > but then calculates the log recovery buffer size based on the actual
> > > on-disk h_size value.  The patch below open codes xlog_logrec_hblks and
> > > fixes this particular reproducer.  But I wonder if we should limit the
> > > workaround.  Brian, you don't happpen to remember how old xfsprogs had
> > > to be to require your workaround (commit a70f9fe52daa8)?
> > > 
> > 
> > No, but a little digging turns up xfsprogs commit 20fbd4593ff2 ("libxfs:
> > format the log with valid log record headers"), which I think is what
> > you're looking for..? That went in around v4.5 or so, so I suppose
> > anything earlier than that is affected.
> 
> Thanks.  I was kinda hoping we could exclude v5 file systems from that
> workaround, but it is needed way too recent for that.

Any v5 filesystem with reflink and/or rmapbt enabled can be
excluded, as they didn't get added until 4.8 or after. All new
filesystems from here on should at least have reflink enabled, so
just returning EFSCORRUPTED and aborting recovery would be fine for
those filesystems....

OTOH, I think anyone using a 6.x kernel should be using a 6.x
xfsprogs, too, so maybe we should just remove the workaround from
upstream kernels altogether?

> Maybe we can specificly check for the wrongly hardcoded
> XLOG_HEADER_CYCLE_SIZE instead of allowing any value?

We probably should do that, too.

-Dave.
-- 
Dave Chinner
david@...morbit.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ