lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20251008123418.GK386127@mit.edu>
Date: Wed, 8 Oct 2025 08:34:18 -0400
From: "Theodore Ts'o" <tytso@....edu>
To: Ahmet Eray Karadag <eraykrdg1@...il.com>
Cc: adilger.kernel@...ger.ca, linux-ext4@...r.kernel.org,
        linux-kernel@...r.kernel.org, david.hunter.linux@...il.com,
        skhan@...uxfoundation.org,
        syzbot+f3185be57d7e8dda32b8@...kaller.appspotmail.com,
        Albin Babu Varghese <albinbabuvarghese20@...il.com>
Subject: Re: [PATCH] Fix: ext4: add sanity check for inode inline write range

On Wed, Oct 08, 2025 at 02:42:22AM +0300, Ahmet Eray Karadag wrote:
> Add a simple check in ext4_try_to_write_inline_data() to prevent
> writes that extend past the inode's inline data area. The function
> now returns -EINVAL if pos + len exceeds i_inline_size.

The commit description doesn't match with what the patch does.  The
patch changes ext4_write_inline_data_end() and not
ext4_try_to_write_inline().  Ext4_try_to_write_inline_data() called
from ext4_write_begin(), and it does this:

	if (pos + len > ext4_get_max_inline_size(inode))
		return ext4_convert_inline_data_to_extent(mapping, inode);

So the write extends past the inline data area, in ext4_write_begin(),
it will have already been converted to a non-inline function.

The ext4_write_inline_data_end() function is called from
ext4_write_end(), so you need to figure out why we hadn't configured
the file away from inline data in ext4_write_begin().

> Reported-by: syzbot+f3185be57d7e8dda32b8@...kaller.appspotmail.com
> Link: https://syzkaller.appspot.com/bug?extid=f3185be57d7e8dda32b8

Did you just randomly bash the code until the syzbot reproducer
stopped failing?  Please try to understand the code and the failure
much more deeply before attempting to change the code.

Cheers,

					- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ