| To: | Kristian <kbx@xxxxxxxxx> |
|---|---|
| Subject: | Re: Integer truncation in fs/xfs/libxfs/xfs_da_btree.c |
| From: | Dave Chinner <david@xxxxxxxxxxxxx> |
| Date: | Mon, 21 Dec 2015 06:29:32 +1100 |
| Cc: | xfs@xxxxxxxxxxx |
| Delivered-to: | xfs@xxxxxxxxxxx |
| In-reply-to: | <5676A0C6.9000407@xxxxxxxxx> |
| References: | <5676A0C6.9000407@xxxxxxxxx> |
| User-agent: | Mutt/1.5.21 (2010-09-15) |
On Sun, Dec 20, 2015 at 01:36:22PM +0100, Kristian wrote: > Hello, > > there is an integer truncation in > > fs/xfs/libxfs/xfs_da_btree.c +2081 > > /* account for newly allocated blocks in reserved blocks total */ > args->total -= dp->i_d.di_nblocks - nblks; > > with the types: uint32 -= uint64 - uint64 > > On a hardened kernel with grsecurity enabled, this leads to a fault. > > https://forums.grsecurity.net/viewtopic.php?f=3&t=4346&sid=3200600c0faaab4bf8779a95c549a737 > > Is this intentional and safe? Yes and yes. We can be, at most, asking for 128 blocks to be allocated in this function, so that "uint64 - uint64" will typically have a value of 1 or 2. the worst case is about 130 in the most extreme, never-used-but-still-possible filesystem configuration. Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH v2 4/4] xfsprogs: xfsdb: remove unnessary checks in process_leaf_node_dir_v2_free, Christoph Hellwig |
|---|---|
| Next by Date: | Re: [PATCH 03/76] libxfs: refactor the btree size calculator code, Dave Chinner |
| Previous by Thread: | Integer truncation in fs/xfs/libxfs/xfs_da_btree.c, Kristian |
| Next by Thread: | xfs within one hour after power-on reset , nginx performance is poor and do not have this phenomenon on ext4, Linpeimin |
| Indexes: | [Date] [Thread] [Top] [All Lists] |