[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1c4d5baa-0ee9-46f9-b7d1-cb69387cc0d0@suse.com>
Date: Wed, 21 Aug 2024 14:16:17 +0800
From: "heming.zhao@...e.com" <heming.zhao@...e.com>
To: Matthew Wilcox <willy@...radead.org>, joseph.qi@...ux.alibaba.com,
Edward Adam Davis <eadavis@...com>
Cc: syzbot+5a64828fcc4c2ad9b04f@...kaller.appspotmail.com,
jlbec@...lplan.org, linux-kernel@...r.kernel.org, mark@...heh.com,
ocfs2-devel@...ts.linux.dev, syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH] ocfs2: Add i_size check for dir
On 8/20/24 22:59, Matthew Wilcox wrote:
> On Tue, Aug 20, 2024 at 08:08:38PM +0800, Edward Adam Davis wrote:
>> When the i_size of dir is too large, it will cause limit to overflow and
>> be less than de_buf, ultimately resulting in last_de not being initialized
>> and causing uaf issue.
>>
>> + if (i_size_read(dir) > OCFS2_MAX_BLOCKSIZE)
>> + return -EINVAL;
>
> Surely directories can be more than one block in size?
>
The key point above is that the patch uses a hard code value, but in the real world,
the blocksize can be smaller than OCFS2_MAX_BLOCKSIZE.
-Heming
Powered by blists - more mailing lists