| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f74591de-72ce-48aa-94eb-b38e4f74cc5f@huawei.com> Date: Fri, 18 Oct 2024 11:44:07 +0800 From: Baokun Li <libaokun1@...wei.com> To: Theodore Ts'o <tytso@....edu> CC: Jan Kara <jack@...e.cz>, Qianqiang Liu <qianqiang.liu@....com>, <adilger.kernel@...ger.ca>, syzbot <syzbot+f792df426ff0f5ceb8d1@...kaller.appspotmail.com>, <linux-ext4@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <syzkaller-bugs@...glegroups.com>, Yang Erkun <yangerkun@...wei.com>, Baokun Li <libaokun1@...wei.com> Subject: Re: [PATCH] ext4: fix out-of-bounds issue in ext4_xattr_set_entry On 2024/10/17 22:47, Theodore Ts'o wrote: > On Thu, Oct 17, 2024 at 08:42:59PM +0800, Baokun Li wrote: >> Indeed, our rough plan is to first implement isolation of abnormal file >> system resources, so that the system can continue to run normally even >> when there is an error; then implement online scanning, so that the >> maintainer can see the health report at any time; and finally implement >> the most difficult online repair. > We have some of this already; if a block group has obvious > inconsistencies --- for example, if there is an attempt to mark a > block or inode as free, but it's already marked as free as the > allocation bitmap, we can mark the block group as inconsistent, and > then avoid allocating from the block group. That's easy because it's > the kind of inconsistency which can be detected locally. Yes, there is now block group level isolation. Our goal is to further reduce the scope of isolation to minimise the impact of isolation. The rough idea is to isolate resources where errors are reported, and throw errors when isolation is not possible. This may be a bit crude, but after implementing inline scanning we can achieve precise fine-grained isolation. > The problem comes with those inconsistencies which require a global > examination of the file system data structures. For example, is the > refcount of an inode correct? Or is a block claimed by more than one > inode? The e2scrub approach requires creating a read-only snapshot > (which is why we need LVM) and then running e2fsck in userspace, > because it does a global examination of all file system data > structures. Indeed, consistency is a tricky issue, and we'll focus on that piece of logic. >> We do need to establish the mapping of physical blocks to inodes and >> inodes to parent dir. By tree managed by jbd2 do you mean updating >> the tree when committing to journal? Or are updates to the tree >> logged to journal? > When we allocate a block, we need to journal the changes to the > allocation bitmap. If we are going to also update the reverse mapping > data structure, that needs to be journalled also, so that after a > crash, the data structures are consistent. > > - Ted > Of course, we have to make sure that the metadata modification and the tree update are in the same transaction, otherwise there is no guarantee that the metadata is consistent. Thank you for your input! Regards, Baokun
Powered by blists - more mailing lists