lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <52f055eb-a828-45cd-a06d-ca2006321926@huawei.com>
Date: Thu, 26 Sep 2024 17:28:11 +0800
From: Baokun Li <libaokun1@...wei.com>
To: Aleksandr Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com>
CC: Jan Kara <jack@...e.cz>, <tytso@....edu>, <stable@...r.kernel.org>,
	Andreas Dilger <adilger.kernel@...ger.ca>, Stéphane Graber
	<stgraber@...raber.org>, Christian Brauner <brauner@...nel.org>,
	<linux-kernel@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>,
	<linux-ext4@...r.kernel.org>, Wesley Hershberger
	<wesley.hershberger@...onical.com>, Yang Erkun <yangerkun@...wei.com>
Subject: Re: [PATCH 1/1] ext4: fix crash on BUG_ON in ext4_alloc_group_tables

On 2024/9/26 17:16, Aleksandr Mikhalitsyn wrote:
> On Thu, Sep 26, 2024 at 10:29 AM Baokun Li <libaokun1@...wei.com> wrote:
>> On 2024/9/25 23:57, Jan Kara wrote:
>>> On Wed 25-09-24 16:33:24, Alexander Mikhalitsyn wrote:
>>>> [   33.882936] EXT4-fs (dm-5): mounted filesystem 8aaf41b2-6ac0-4fa8-b92b-77d10e1d16ca r/w with ordered data mode. Quota mode: none.
>>>> [   33.888365] EXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks
>>>> [   33.888740] ------------[ cut here ]------------
>>>> [   33.888742] kernel BUG at fs/ext4/resize.c:324!
>>> Ah, I was staring at this for a while before I understood what's going on
>>> (it would be great to explain this in the changelog BTW).  As far as I
>>> understand commit 665d3e0af4d3 ("ext4: reduce unnecessary memory allocation
>>> in alloc_flex_gd()") can actually make flex_gd->resize_bg larger than
>>> flexbg_size (for example when ogroup = flexbg_size, ngroup = 2*flexbg_size
>>> - 1) which then confuses things. I think that was not really intended and
>>> instead of fixing up ext4_alloc_group_tables() we should really change
>>> the logic in alloc_flex_gd() to make sure flex_gd->resize_bg never exceeds
>>> flexbg size. Baokun?
>>>
>>>                                                                Honza
>> Hi Honza,
>>
>> Your analysis is absolutely correct. It's a bug!
>> Thank you for locating this issue!
>> An extra 1 should not be added when calculating resize_bg in
>> alloc_flex_gd().
>>
>>
>> Hi Aleksandr,
> Hi Baokun,
>
>> Could you help test if the following changes work?
> I can confirm that this patch helps.
>
> Tested-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com>
>
> Kind regards,
> Alex

Thank you for the test!


Cheers,
Baokun
>>
>> Thanks,
>> Baokun
>>
>> ---
>>
>> diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
>> index e04eb08b9060..1f01a7632149 100644
>> --- a/fs/ext4/resize.c
>> +++ b/fs/ext4/resize.c
>> @@ -253,10 +253,12 @@ static struct ext4_new_flex_group_data
>> *alloc_flex_gd(unsigned int flexbg_size,
>>           /* Avoid allocating large 'groups' array if not needed */
>>           last_group = o_group | (flex_gd->resize_bg - 1);
>>           if (n_group <= last_group)
>> -               flex_gd->resize_bg = 1 << fls(n_group - o_group + 1);
>> +               flex_gd->resize_bg = 1 << fls(n_group - o_group);
>>           else if (n_group - last_group < flex_gd->resize_bg)
>> -               flex_gd->resize_bg = 1 << max(fls(last_group - o_group + 1),
>> +               flex_gd->resize_bg = 1 << max(fls(last_group - o_group),
>>                                                 fls(n_group - last_group));
>>
>>           flex_gd->groups = kmalloc_array(flex_gd->resize_bg,
>>                                           sizeof(struct ext4_new_group_data),
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ