Quantcast

[Bug 218592] [patch] fsck_ffs(8): incorrect bounds check in preen mode when softdep is enabled

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 218592] [patch] fsck_ffs(8): incorrect bounds check in preen mode when softdep is enabled

bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218592

            Bug ID: 218592
           Summary: [patch] fsck_ffs(8): incorrect bounds check in preen
                    mode when softdep is enabled
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Some People
          Priority: ---
         Component: misc
          Assignee: [hidden email]
          Reporter: [hidden email]
          Keywords: patch

Created attachment 181719
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=181719&action=edit
Prevent inosused from wrapping

The loop that scans the used inode map when soft updates is in use assumes that
the inosused variable is signed.  However, ino_t is unsigned, so the loop
invariant is incorrect and the check for inosused wrapping to < 0 can never be
true.

Instead of checking for wrap after the fact it is possible to just prevent it
from happening in the first place, which the attached patch does.  I've just
committed a similar fix to OpenBSD.

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 218592] [patch] fsck_ffs(8): incorrect bounds check in preen mode when softdep is enabled

bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218592

--- Comment #1 from Konstantin Belousov <[hidden email]> ---
The patch looks fine to me.

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 218592] [patch] fsck_ffs(8): incorrect bounds check in preen mode when softdep is enabled

bugzilla-noreply
In reply to this post by bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218592

--- Comment #2 from Kirk McKusick <[hidden email]> ---
The patch looks fine to me.

I'll note that inosused will always be a multiple of CHAR_BIT, so in fact the
loop will always work. However, I am a strong believer in having code that will
work absent these "known" invariants, so am in favor of the change.

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 218592] [patch] fsck_ffs(8): incorrect bounds check in preen mode when softdep is enabled

bugzilla-noreply
In reply to this post by bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218592

--- Comment #3 from Konstantin Belousov <[hidden email]> ---
(In reply to Kirk McKusick from comment #2)
Note that inoused is read from superblock.  If we ever get into the situation
when the counter becomes negative, should we abort preen mode ?

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 218592] [patch] fsck_ffs(8): incorrect bounds check in preen mode when softdep is enabled

bugzilla-noreply
In reply to this post by bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218592

--- Comment #4 from [hidden email] ---
A commit references this bug:

Author: kib
Date: Fri Apr 14 15:22:01 UTC 2017
New revision: 316852
URL: https://svnweb.freebsd.org/changeset/base/316852

Log:
  In fsck_ffs pass1, prevent the inosused variable from wrapping.

  The loop that scans the used inode map when soft updates is in use
  assumes that the inosused variable is signed.  However, ino_t is
  unsigned, so the loop invariant is incorrect and the check for
  inosused wrapping to < 0 can never be true.

  Instead of checking for wrap after the fact just prevent it from
  happening in the first place.

  PR:   218592
  Submitted by: Todd Miller <[hidden email]>
  Reviewed by:  mckusick
  MFC after:    1 week

Changes:
  head/sbin/fsck_ffs/pass1.c

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 218592] [patch] fsck_ffs(8): incorrect bounds check in preen mode when softdep is enabled

bugzilla-noreply
In reply to this post by bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218592

--- Comment #5 from [hidden email] ---
A commit references this bug:

Author: kib
Date: Fri Apr 21 10:13:08 UTC 2017
New revision: 317249
URL: https://svnweb.freebsd.org/changeset/base/317249

Log:
  MFC r316852:
  In fsck_ffs pass1, prevent the inosused variable from wrapping.

  PR:   218592

Changes:
_U  stable/11/
  stable/11/sbin/fsck_ffs/pass1.c

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 218592] [patch] fsck_ffs(8): incorrect bounds check in preen mode when softdep is enabled

bugzilla-noreply
In reply to this post by bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218592

--- Comment #6 from [hidden email] ---
A commit references this bug:

Author: kib
Date: Fri Apr 21 10:16:35 UTC 2017
New revision: 317250
URL: https://svnweb.freebsd.org/changeset/base/317250

Log:
  MFC r316852:
  In fsck_ffs pass1, prevent the inosused variable from wrapping.

  PR:   218592

Changes:
_U  stable/10/
  stable/10/sbin/fsck_ffs/pass1.c

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[hidden email]"
Loading...