lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAKFNMomBZBVZZ_ohHDuZpJJWJHz_5FE+6EDxVoiFDvRCfFb_HQ@mail.gmail.com>
Date: Thu, 3 Apr 2025 03:36:12 +0900
From: Ryusuke Konishi <konishi.ryusuke@...il.com>
To: Wentao Liang <vulab@...as.ac.cn>
Cc: linux-nilfs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] nilfs2: Add pointer check for nilfs_direct_propagate()

I will comment inline.

On Wed, Apr 2, 2025 at 5:59 PM Wentao Liang wrote:
>
> In nilfs_direct_propagate(), the printer get from nilfs_direct_get_ptr()
> need to be checked to ensure it is not an invalid pointer. A proper
> implementation can be found in nilfs_direct_delete(). Add a value check
> and return -ENOENT when it is an invalid pointer.

nilfs_direct_propagate() (and its caller nilfs_bmap_propagate()) are
internal operations called only by the log writer, which writes back
new or modified blocks, so we must ensure that -ENOENT is not
erroneously propagated to system calls.

In nilfs_direct_propagate(), if the pointer value obtained by
nilfs_direct_get_ptr() is NILFS_BMAP_INVALID_PTR, it means that the
metadata (in this case, i_bmap in the nilfs_inode_info struct) that
should point to the data block at the buffer head of the argument is
corrupted and the data block is orphaned, meaning that the file system
has lost consistency.

To handle this case, return -EINVAL instead of -ENOENT.

If you do so, the caller nilfs_bmap_propagate() will treat it as
metadata corruption via nilfs_bmap_convert_error() and the error code
will be converted appropriately.

And please don't cite nilfs_direct_delete() as an example.  It
intentionally returns -ENOENT as an error indicating that the block
you tried to delete did not exist, regardless of whether the
filesystem is corrupted or not.  On the other hand,
nilfs_direct_propagate() assumes that the block associated with the
buffer head of the argument can be looked up.  So, these are based on
different assumptions.

Please revise the changelog description and the returned error code
with the above in mind.

>
> Fixes: 10ff885ba6f5 ("nilfs2: get rid of nilfs_direct uses")

The commit that should be pointed to as the cause is:

Fixes: 36a580eb489f (“nilfs2: direct block mapping”)

> Cc: stable@...r.kernel.org # v2.6+

Please remove this tag. If it becomes a real issue and becomes a
higher priority, I will add it.  (At least with the Fixes tag, it will
be picked up automatically and eventually backported to the stable
trees will be attempted.)
For now I will send it for the next cycle as an extra sanity check,
after making sure it doesn't introduce any new issues.

Again, when you send patches with git send-email, please be careful
not to include stable@...r.kernel.org in the recipient list.
To avoid being noisy, at this stage, it is sufficient to only send the
patch to me (the maintainer), the linux-nilfs ML and LKML.

Thanks,
Ryusuke Konishi

> Signed-off-by: Wentao Liang <vulab@...as.ac.cn>
> ---
>  fs/nilfs2/direct.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/fs/nilfs2/direct.c b/fs/nilfs2/direct.c
> index 893ab36824cc..ff1c9fe72bec 100644
> --- a/fs/nilfs2/direct.c
> +++ b/fs/nilfs2/direct.c
> @@ -273,6 +273,9 @@ static int nilfs_direct_propagate(struct nilfs_bmap *bmap,
>         dat = nilfs_bmap_get_dat(bmap);
>         key = nilfs_bmap_data_get_key(bmap, bh);
>         ptr = nilfs_direct_get_ptr(bmap, key);
> +       if (ptr == NILFS_BMAP_INVALID_PTR)
> +               return -ENOENT;
> +
>         if (!buffer_nilfs_volatile(bh)) {
>                 oldreq.pr_entry_nr = ptr;
>                 newreq.pr_entry_nr = ptr;
> --
> 2.42.0.windows.2
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ