From: Ben Hutchings <ben.hutchings@codethink.co.uk>
To: Jiri Slaby <jslaby@suse.cz>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Sasha Levin <Alexander.Levin@microsoft.com>
Cc: stable <stable@vger.kernel.org>, linux-f2fs-devel@lists.sourceforge.net
Subject: Re: Security fixes for 4.4 - f2fs
Date: Tue, 05 Feb 2019 13:59:22 +0000 [thread overview]
Message-ID: <1549375162.2925.5.camel@codethink.co.uk> (raw)
In-Reply-To: <f84bbaf0-d5d1-4e3f-bde7-e73e95748e2f@suse.cz>
On Tue, 2019-01-29 at 13:41 +0100, Jiri Slaby wrote:
> On 17. 01. 19, 20:28, Ben Hutchings wrote:
> > I've backported fixes for several security issues involving filesystem
> > validation in f2fs. All of these are already fixed in the later stable
> > branches.
> >
> > I tested with the reproducers where available. I also checked for
> > regressions with xfstests and didn't find any (but many tests fail with
> > or without these changes).
>
> Hi,
>
> I am thinking why in this patch:
> > From ec2d979dc3888b6de795344157bb6fe73bbe8e44 Mon Sep 17 00:00:00 2001
> > From: Chao Yu <yuchao0@huawei.com>
> > Date: Wed, 22 Mar 2017 14:45:05 +0800
> > Subject: [PATCH 18/36] f2fs: fix race condition in between free nid
> > allocator/initializer
> >
> > commit 30a61ddf8117c26ac5b295e1233eaa9629a94ca3 upstream.
> >
>
> you do:
>
> > + err = 0;
> > list_add_tail(&i->list, &nm_i->free_nid_list);
> > nm_i->fcnt++;
> > +err_out:
> > spin_unlock(&nm_i->free_nid_list_lock);
> > radix_tree_preload_end();
> > - return 1;
> > +err:
> > + if (err)
> > + kmem_cache_free(free_nid_slab, i);
> > + return !err;
>
> "!err"? Should it be "err < 0 ? err : 1" instead?
This function previously returned -1 (low memory), 0 (error), or 1
(success). This fix should not and does not change that.
(In the upstream code, this function returns true or false, and again
the upstream fix did not change that.)
Ben.
--
Ben Hutchings, Software Developer Codethink Ltd
https://www.codethink.co.uk/ Dale House, 35 Dale Street
Manchester, M1 2HF, United Kingdom
prev parent reply other threads:[~2019-02-05 13:59 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-17 19:28 Security fixes for 4.4 - f2fs Ben Hutchings
2019-01-18 8:19 ` Greg Kroah-Hartman
2019-01-22 14:51 ` Ben Hutchings
2019-01-29 12:41 ` Jiri Slaby
2019-02-05 13:59 ` Ben Hutchings [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1549375162.2925.5.camel@codethink.co.uk \
--to=ben.hutchings@codethink.co.uk \
--cc=Alexander.Levin@microsoft.com \
--cc=gregkh@linuxfoundation.org \
--cc=jslaby@suse.cz \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.