| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1296674576.21742538902983.JavaMail.epsvc@epcpadp1new>
Date: Fri, 21 Mar 2025 15:19:45 +0900
From: "Sungjong Seo" <sj1557.seo@...sung.com>
To: <Yuezhang.Mo@...y.com>, <linkinjeon@...nel.org>
Cc: <sjdev.seo@...il.com>, <linux-fsdevel@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, <cpgs@...sung.com>,
<stable@...r.kernel.org>, "'Yeongjin Gil'" <youngjin.gil@...sung.com>
Subject: RE: [PATCH] exfat: fix random stack corruption after get_block
Hi Yuezhang,
> Subject: Re: [PATCH] exfat: fix random stack corruption after get_block
>
> + /*
> + * No buffer_head is allocated.
> + * (1) bmap: It's enough to fill bh_result without
I/O.
> + * (2) read: The unwritten part should be filled
with 0
> + * If a folio does not have any buffers,
> + * let's returns -EAGAIN to fallback to
> + * per-bh IO like
block_read_full_folio().
> + */
> + if (!folio_buffers(bh_result->b_folio)) {
> + err = -EAGAIN;
> + goto done;
> + }
>
> bh_result is set as mapped by map_bh(), should we need to clear it if
> return an error?
I looked a little deeper into do_mpage_readpage() and
block_read_full_folio(), and from a security perspective, it seems that
unmap is necessary in all error situations. Otherwise, unwritten areas
may be exposed.
>
> +
> + BUG_ON(size > sb->s_blocksize);
>
> This check is equivalent to the following condition and is not necessary.
>
> } else if (iblock == valid_blks &&
> (ei->valid_size & (sb->s_blocksize - 1))) {
Yes, I think so, I'll remove it with v2.
Thanks
Powered by blists - more mailing lists