lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6203edb1-3d23-478c-9522-53dd9400caec@huaweicloud.com>
Date: Fri, 27 Sep 2024 19:51:23 +0800
From: Baokun Li <libaokun@...weicloud.com>
To: Jan Kara <jack@...e.cz>
Cc: linux-ext4@...r.kernel.org, tytso@....edu, adilger.kernel@...ger.ca,
 linux-kernel@...r.kernel.org, yi.zhang@...wei.com, yangerkun@...wei.com,
 Baokun Li <libaokun1@...wei.com>,
 Wesley Hershberger <wesley.hershberger@...onical.com>,
 Stéphane Graber <stgraber@...raber.org>,
 Alexander Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com>,
 Eric Sandeen <sandeen@...hat.com>, stable@...r.kernel.org,
 Yang Erkun <yangerkun@...wei.com>
Subject: Re: [PATCH] ext4: fix off by one issue in alloc_flex_gd()

On 2024/9/27 18:56, Jan Kara wrote:
> On Fri 27-09-24 14:36:20, libaokun@...weicloud.com wrote:
>> From: Baokun Li <libaokun1@...wei.com>
>>
>> Wesley reported an issue:
>>
>> ==================================================================
>> EXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks
>> ------------[ cut here ]------------
>> kernel BUG at fs/ext4/resize.c:324!
>> CPU: 9 UID: 0 PID: 3576 Comm: resize2fs Not tainted 6.11.0+ #27
>> RIP: 0010:ext4_resize_fs+0x1212/0x12d0
>> Call Trace:
>>   __ext4_ioctl+0x4e0/0x1800
>>   ext4_ioctl+0x12/0x20
>>   __x64_sys_ioctl+0x99/0xd0
>>   x64_sys_call+0x1206/0x20d0
>>   do_syscall_64+0x72/0x110
>>   entry_SYSCALL_64_after_hwframe+0x76/0x7e
>> ==================================================================
>>
>> While reviewing the patch, Honza found that when adjusting resize_bg in
>> alloc_flex_gd(), it was possible for flex_gd->resize_bg to be bigger than
>> flexbg_size.
>>
>> The reproduction of the problem requires the following:
>>
>>   o_group = flexbg_size * 2 * n;
>>   o_size = (o_group + 1) * group_size;
>>   n_group: [o_group + flexbg_size, o_group + flexbg_size * 2)
>>   o_size = (n_group + 1) * group_size;
>>
>> Take n=0,flexbg_size=16 as an example:
>>
>>                last:15
>> |o---------------|--------------n-|
>> o_group:0    resize to      n_group:30
>>
>> The corresponding reproducer is:
>>
>> img=test.img
>> truncate -s 600M $img
>> mkfs.ext4 -F $img -b 1024 -G 16 8M
>> dev=`losetup -f --show $img`
>> mkdir -p /tmp/test
>> mount $dev /tmp/test
>> resize2fs $dev 248M
>>
>> Delete the problematic plus 1 to fix the issue, and add a WARN_ON_ONCE()
>> to prevent the issue from happening again.
> I don't think you are adding WARN_ON_ONCE() :). Otherwise feel free to add:
>
> Reviewed-by: Jan Kara <jack@...e.cz>
>
> 								Honza

Oh no, I forgot to add the added modifications! 😅

Thank you for your review!

I will send out v2. soon.


Thanks,
Baokun
>> Reported-by: Wesley Hershberger <wesley.hershberger@...onical.com>
>> Closes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2081231
>> Reported-by: Stéphane Graber <stgraber@...raber.org>
>> Closes: https://lore.kernel.org/all/20240925143325.518508-1-aleksandr.mikhalitsyn@canonical.com/
>> Tested-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com>
>> Tested-by: Eric Sandeen <sandeen@...hat.com>
>> Fixes: 665d3e0af4d3 ("ext4: reduce unnecessary memory allocation in alloc_flex_gd()")
>> Cc: stable@...r.kernel.org
>> Signed-off-by: Baokun Li <libaokun1@...wei.com>
>> ---
>>   fs/ext4/resize.c | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
>> index e04eb08b9060..397970121d43 100644
>> --- a/fs/ext4/resize.c
>> +++ b/fs/ext4/resize.c
>> @@ -253,9 +253,9 @@ static struct ext4_new_flex_group_data *alloc_flex_gd(unsigned int flexbg_size,
>>   	/* Avoid allocating large 'groups' array if not needed */
>>   	last_group = o_group | (flex_gd->resize_bg - 1);
>>   	if (n_group <= last_group)
>> -		flex_gd->resize_bg = 1 << fls(n_group - o_group + 1);
>> +		flex_gd->resize_bg = 1 << fls(n_group - o_group);
>>   	else if (n_group - last_group < flex_gd->resize_bg)
>> -		flex_gd->resize_bg = 1 << max(fls(last_group - o_group + 1),
>> +		flex_gd->resize_bg = 1 << max(fls(last_group - o_group),
>>   					      fls(n_group - last_group));
>>   
>>   	flex_gd->groups = kmalloc_array(flex_gd->resize_bg,
>> -- 
>> 2.46.0
>>
-- 
With Best Regards,
Baokun Li

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ