lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 09 Sep 2022 02:21:36 +0000
From:   bugzilla-daemon@...nel.org
To:     linux-ext4@...r.kernel.org
Subject: [Bug 216466] New: ext4: dir corruption when ext4_dx_add_entry()
 fails

https://bugzilla.kernel.org/show_bug.cgi?id=216466

            Bug ID: 216466
           Summary: ext4: dir corruption when ext4_dx_add_entry() fails
           Product: File System
           Version: 2.5
    Kernel Version: 6.0.0-rc4
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: ext4
          Assignee: fs_ext4@...nel-bugs.osdl.org
          Reporter: chengzhihao1@...wei.com
        Regression: No

Following process may lead to fs corruption:
    1. ext4_create(dir/foo)
     ext4_add_nondir
      ext4_add_entry
       ext4_dx_add_entry
         a. add_dirent_to_buf
          ext4_mark_inode_dirty
          ext4_handle_dirty_metadata   // dir inode bh is recorded into journal
         b. ext4_append    // dx_get_count(entries) == dx_get_limit(entries)
           ext4_bread(EXT4_GET_BLOCKS_CREATE)
            ext4_getblk
             ext4_map_blocks
              ext4_ext_map_blocks
                ext4_mb_new_blocks
                 dquot_alloc_block
                  dquot_alloc_space_nodirty
                   inode_add_bytes    // update dir's i_blocks
                ext4_ext_insert_extent
                 ext4_ext_dirty  // record extent bh into journal
                  ext4_handle_dirty_metadata(bh)   // record new block into
journal
           inode->i_size += inode->i_sb->s_blocksize   // new size(in mem)
         c. ext4_handle_dirty_dx_node(bh2)  // record dir's new block(dx_node)
into journal
         d. ext4_handle_dirty_dx_node((frame - 1)->bh)
         e. ext4_handle_dirty_dx_node(frame->bh)
         f. do_split    // ret err!
         g. add_dirent_to_buf
             ext4_mark_inode_dirty(dir)  // udpate raw_inode on disk(skipped)
    2. fsck -a /dev/sdb
     drop last block(dx_node) which beyonds dir's i_size.
      /dev/sdb: recovering journal
      /dev/sdb contains a file system with errors, check forced.
      /dev/sdb: Inode 12, end of extent exceeds allowed value
            (logical block 128, physical block 3938, len 1)
    3. fsck -fn /dev/sdb
    dx_node->entry[i].blk > dir->i_size
      Pass 2: Checking directory structure
      Problem in HTREE directory inode 12 (/dir): bad block number 128.
      Clear HTree index? no
      Problem in HTREE directory inode 12: block #3 has invalid depth (2)
      Problem in HTREE directory inode 12: block #3 has bad max hash
      Problem in HTREE directory inode 12: block #3 not referenced

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ