From: Richard Weinberger <richard@nod.at>
To: liu song11 <liu.song11@zte.com.cn>
Cc: Richard Weinberger <richard.weinberger@gmail.com>,
linux-mtd <linux-mtd@lists.infradead.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
jiang xuexin <jiang.xuexin@zte.com.cn>
Subject: Re: [PATCH] ubifs: Fix potentially out-of-bounds memory access in ubifs_dump_node
Date: Mon, 13 Jan 2020 08:54:08 +0100 (CET) [thread overview]
Message-ID: <1681702500.19692.1578902048331.JavaMail.zimbra@nod.at> (raw)
In-Reply-To: <202001131229371470661@zte.com.cn>
----- Ursprüngliche Mail -----
> Problems with storage devices are indeed a problem, But because the wrong
> "ch->len" causes the kernel to crash, this cost is too heavy. We should
> avoid kernel crashes due to such errors.
>
>
> Although a crc error was found in "ubifs_check_node", it is difficult to
> simply judge whether "ch->len" is reasonable, so I think we only need to know
> the _location_ of the error data node, and it is not necessary to present its
> contents together.
What we can try is optionally passing the buffer length to ubifs_dump_node().
If crc is bad but ch->len is within bounds we can still safely dump.
Thanks,
//richard
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
WARNING: multiple messages have this Message-ID (diff)
From: Richard Weinberger <richard@nod.at>
To: liu song11 <liu.song11@zte.com.cn>
Cc: Richard Weinberger <richard.weinberger@gmail.com>,
linux-mtd <linux-mtd@lists.infradead.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
jiang xuexin <jiang.xuexin@zte.com.cn>
Subject: Re: [PATCH] ubifs: Fix potentially out-of-bounds memory access in ubifs_dump_node
Date: Mon, 13 Jan 2020 08:54:08 +0100 (CET) [thread overview]
Message-ID: <1681702500.19692.1578902048331.JavaMail.zimbra@nod.at> (raw)
In-Reply-To: <202001131229371470661@zte.com.cn>
----- Ursprüngliche Mail -----
> Problems with storage devices are indeed a problem, But because the wrong
> "ch->len" causes the kernel to crash, this cost is too heavy. We should
> avoid kernel crashes due to such errors.
>
>
> Although a crc error was found in "ubifs_check_node", it is difficult to
> simply judge whether "ch->len" is reasonable, so I think we only need to know
> the _location_ of the error data node, and it is not necessary to present its
> contents together.
What we can try is optionally passing the buffer length to ubifs_dump_node().
If crc is bad but ch->len is within bounds we can still safely dump.
Thanks,
//richard
next parent reply other threads:[~2020-01-13 7:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20191216154441.6648-1-fishland@aliyun.com, CAFLxGvyU=zh23vkYiAGRzyd4LGJodLwRRa1S03THAoSaSL=dGA@mail.gmail.com>
[not found] ` <202001131229371470661@zte.com.cn>
2020-01-13 7:54 ` Richard Weinberger [this message]
2020-01-13 7:54 ` [PATCH] ubifs: Fix potentially out-of-bounds memory access in ubifs_dump_node Richard Weinberger
2019-12-16 15:44 Liu Song
2020-01-12 22:49 ` Richard Weinberger
2020-01-12 22:49 ` Richard Weinberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1681702500.19692.1578902048331.JavaMail.zimbra@nod.at \
--to=richard@nod.at \
--cc=jiang.xuexin@zte.com.cn \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=liu.song11@zte.com.cn \
--cc=richard.weinberger@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.