From: Arnd Bergmann <arnd@arndb.de>
To: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Cc: "Jared Hulbert" <jaredeh@gmail.com>,
Linux-kernel@vger.kernel.org, linux-embedded@vger.kernel.org,
linux-mtd <linux-mtd@lists.infradead.org>,
"Jörn Engel" <joern@logfs.org>,
tim.bird@am.sony.com, cotte@de.ibm.com, nickpiggin@yahoo.com.au
Subject: Re: [PATCH 00/10] AXFS: Advanced XIP filesystem
Date: Fri, 22 Aug 2008 17:19:06 +0200 [thread overview]
Message-ID: <200808221719.07660.arnd@arndb.de> (raw)
In-Reply-To: <Pine.LNX.4.64.0808221650500.17105@vixen.sonytel.be>
On Friday 22 August 2008, Geert Uytterhoeven wrote:
> I gave AxFS a try on PS3 (ppc64, always use big-endian 64-bit for testing new
> code ;-).
> When mounting the image, I got the crash below:
>
> | attempt to access beyond end of device
> | loop0: rw=0, want=4920, limit=4912
> | Unable to handle kernel paging request for data at address 0x00000028
Offset 0x28 is buffer_head->b_data, so it seems like sb_bread returns NULL,
which it does for out of range block numbers. I guess axfs_copy_block
should check for that condition, as it can happen on malicious file system
images.
I agree that this is likely to get caused by an endianess bug.
A good help for finding endianess bugs is to use __be64 like data types
everywhere and test with sparse -D__CHECK_ENDIAN__.
Arnd
WARNING: multiple messages have this Message-ID (diff)
From: Arnd Bergmann <arnd@arndb.de>
To: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Cc: cotte@de.ibm.com, linux-embedded@vger.kernel.org,
nickpiggin@yahoo.com.au, "Jörn Engel" <joern@logfs.org>,
Linux-kernel@vger.kernel.org,
linux-mtd <linux-mtd@lists.infradead.org>,
tim.bird@am.sony.com
Subject: Re: [PATCH 00/10] AXFS: Advanced XIP filesystem
Date: Fri, 22 Aug 2008 17:19:06 +0200 [thread overview]
Message-ID: <200808221719.07660.arnd@arndb.de> (raw)
In-Reply-To: <Pine.LNX.4.64.0808221650500.17105@vixen.sonytel.be>
On Friday 22 August 2008, Geert Uytterhoeven wrote:
> I gave AxFS a try on PS3 (ppc64, always use big-endian 64-bit for testing new
> code ;-).
> When mounting the image, I got the crash below:
>
> | attempt to access beyond end of device
> | loop0: rw=0, want=4920, limit=4912
> | Unable to handle kernel paging request for data at address 0x00000028
Offset 0x28 is buffer_head->b_data, so it seems like sb_bread returns NULL,
which it does for out of range block numbers. I guess axfs_copy_block
should check for that condition, as it can happen on malicious file system
images.
I agree that this is likely to get caused by an endianess bug.
A good help for finding endianess bugs is to use __be64 like data types
everywhere and test with sparse -D__CHECK_ENDIAN__.
Arnd
next prev parent reply other threads:[~2008-08-22 15:19 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-21 5:44 [PATCH 00/10] AXFS: Advanced XIP filesystem Jared Hulbert
2008-08-21 5:44 ` Jared Hulbert
2008-08-21 6:32 ` Frans Meulenbroeks
2008-08-21 6:32 ` Frans Meulenbroeks
2008-08-21 19:32 ` Jared Hulbert
2008-08-21 19:32 ` Jared Hulbert
2008-08-22 2:04 ` Nick Piggin
2008-08-22 2:04 ` Nick Piggin
2008-08-21 8:39 ` Dave Chinner
2008-08-21 8:39 ` Dave Chinner
2008-08-21 14:19 ` Jared Hulbert
2008-08-21 14:19 ` Jared Hulbert
2008-08-21 14:31 ` Leon Woestenberg
2008-08-21 14:31 ` Leon Woestenberg
2008-08-21 14:42 ` Jared Hulbert
2008-08-21 14:42 ` Jared Hulbert
2008-08-21 14:49 ` Geert Uytterhoeven
2008-08-21 14:49 ` Geert Uytterhoeven
2008-08-21 10:25 ` Carsten Otte
2008-08-21 10:25 ` Carsten Otte
2008-08-21 10:43 ` Nick Piggin
2008-08-21 10:43 ` Nick Piggin
2008-08-21 12:53 ` Arnd Bergmann
2008-08-21 12:53 ` Arnd Bergmann
2008-08-21 14:12 ` Jared Hulbert
2008-08-21 14:12 ` Jared Hulbert
2008-08-21 14:14 ` Arnd Bergmann
2008-08-21 14:14 ` Arnd Bergmann
2008-08-21 14:13 ` Jared Hulbert
2008-08-21 14:13 ` Jared Hulbert
2008-08-22 2:32 ` Nick Piggin
2008-08-22 2:32 ` Nick Piggin
2008-08-21 14:30 ` Jared Hulbert
2008-08-21 14:30 ` Jared Hulbert
2008-08-21 11:07 ` Jamie Lokier
2008-08-21 11:07 ` Jamie Lokier
2008-08-21 14:11 ` Jared Hulbert
2008-08-21 14:11 ` Jared Hulbert
2008-08-22 0:12 ` Greg Ungerer
2008-08-22 0:12 ` Greg Ungerer
2008-08-22 2:48 ` Jared Hulbert
2008-08-22 2:48 ` Jared Hulbert
2008-08-25 6:35 ` Greg Ungerer
2008-08-25 6:35 ` Greg Ungerer
2008-08-25 11:43 ` Jamie Lokier
2008-08-25 11:43 ` Jamie Lokier
2008-08-25 14:02 ` Greg Ungerer
2008-08-25 14:02 ` Greg Ungerer
2008-08-22 18:13 ` Jamie Lokier
2008-08-22 18:13 ` Jamie Lokier
2008-08-22 18:16 ` Jared Hulbert
2008-08-22 18:16 ` Jared Hulbert
2008-08-22 18:37 ` Jamie Lokier
2008-08-22 18:37 ` Jamie Lokier
2008-08-22 18:43 ` Jamie Lokier
2008-08-22 18:43 ` Jamie Lokier
2008-09-12 21:52 ` Jared Hulbert
2008-09-12 21:52 ` Jared Hulbert
2008-09-15 16:34 ` Jamie Lokier
2008-09-15 16:34 ` Jamie Lokier
2008-09-15 19:43 ` Jared Hulbert
2008-09-15 19:43 ` Jared Hulbert
2008-09-19 19:20 ` Trent Piepho
2008-09-19 19:20 ` Trent Piepho
2008-09-16 6:57 ` Ricard Wanderlof
2008-09-16 6:57 ` Ricard Wanderlof
2008-09-16 6:57 ` Ricard Wanderlof
2008-09-16 15:30 ` Jared Hulbert
2008-09-16 15:30 ` Jared Hulbert
2008-09-12 20:17 ` Jared Hulbert
2008-09-12 20:17 ` Jared Hulbert
2008-09-15 16:40 ` Jamie Lokier
2008-09-15 16:40 ` Jamie Lokier
2008-08-21 23:46 ` Greg Ungerer
2008-08-21 23:46 ` Greg Ungerer
2008-08-22 18:10 ` Jamie Lokier
2008-08-22 18:10 ` Jamie Lokier
2008-08-22 14:54 ` Geert Uytterhoeven
2008-08-22 14:54 ` Geert Uytterhoeven
2008-08-22 15:19 ` Arnd Bergmann [this message]
2008-08-22 15:19 ` Arnd Bergmann
2008-08-22 16:51 ` Jared Hulbert
2008-08-22 16:51 ` Jared Hulbert
2008-08-25 9:37 ` Geert Uytterhoeven
2008-08-25 9:37 ` Geert Uytterhoeven
2008-08-25 9:37 ` Geert Uytterhoeven
2008-08-25 10:52 ` Carsten Otte
2008-08-25 10:52 ` Carsten Otte
2008-08-25 12:16 ` David Woodhouse
2008-08-25 12:16 ` David Woodhouse
2008-08-28 15:40 ` Geert Uytterhoeven
2008-08-28 15:40 ` Geert Uytterhoeven
2008-09-02 15:37 ` Geert Uytterhoeven
2008-09-02 15:37 ` Geert Uytterhoeven
2008-09-02 16:44 ` Jared Hulbert
2008-09-02 16:44 ` Jared Hulbert
2008-09-02 17:15 ` Jörn Engel
2008-09-02 17:15 ` Jörn Engel
2008-09-02 17:15 ` Jörn Engel
2008-09-02 17:47 ` Jared Hulbert
2008-09-02 17:47 ` Jared Hulbert
2008-09-02 18:33 ` Geert Uytterhoeven
2008-09-02 18:33 ` Geert Uytterhoeven
2008-08-22 22:09 ` Will Marone
2008-08-22 22:09 ` Will Marone
2008-08-25 7:23 ` Geert Uytterhoeven
2008-08-25 7:23 ` Geert Uytterhoeven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200808221719.07660.arnd@arndb.de \
--to=arnd@arndb.de \
--cc=Geert.Uytterhoeven@sonycom.com \
--cc=Linux-kernel@vger.kernel.org \
--cc=cotte@de.ibm.com \
--cc=jaredeh@gmail.com \
--cc=joern@logfs.org \
--cc=linux-embedded@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=nickpiggin@yahoo.com.au \
--cc=tim.bird@am.sony.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.