* Re: [PATCH] Btrfs:__add_inode_ref: out of bounds memory read when looking for extended ref. [not found] <1424966437-29795-1-git-send-email-quentin.casasnovas@oracle.com> @ 2015-03-03 14:38 ` David Sterba 2015-03-03 15:23 ` Chris Mason 0 siblings, 1 reply; 4+ messages in thread From: David Sterba @ 2015-03-03 14:38 UTC (permalink / raw) To: Quentin Casasnovas; +Cc: Mark Fasheh, lkml, linux-btrfs Adding linux-btrfs to CC On Thu, Feb 26, 2015 at 05:00:37PM +0100, Quentin Casasnovas wrote: > Improper arithmetics when calculting the address of the extended ref could > lead to an out of bounds memory read and kernel panic. > > Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com> Good catch. CC: <stable@vger.kernel.org> Reviewed-by: David Sterba <dsterba@suse.cz> ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Btrfs:__add_inode_ref: out of bounds memory read when looking for extended ref. 2015-03-03 14:38 ` [PATCH] Btrfs:__add_inode_ref: out of bounds memory read when looking for extended ref David Sterba @ 2015-03-03 15:23 ` Chris Mason 2015-03-03 15:31 ` Quentin Casasnovas 0 siblings, 1 reply; 4+ messages in thread From: Chris Mason @ 2015-03-03 15:23 UTC (permalink / raw) To: dsterba; +Cc: Quentin Casasnovas, Mark Fasheh, lkml, linux-btrfs On Tue, Mar 3, 2015 at 9:38 AM, David Sterba <dsterba@suse.cz> wrote: > Adding linux-btrfs to CC > > On Thu, Feb 26, 2015 at 05:00:37PM +0100, Quentin Casasnovas wrote: >> Improper arithmetics when calculting the address of the extended >> ref could >> lead to an out of bounds memory read and kernel panic. >> >> Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com> > > Good catch. Thanks Quentin, can you please bounce the patch to linux-btrfs so it'll be in patchwork? -chris ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] Btrfs:__add_inode_ref: out of bounds memory read when looking for extended ref. 2015-03-03 15:23 ` Chris Mason @ 2015-03-03 15:31 ` Quentin Casasnovas 2015-03-03 15:35 ` Chris Mason 0 siblings, 1 reply; 4+ messages in thread From: Quentin Casasnovas @ 2015-03-03 15:31 UTC (permalink / raw) To: linux-btrfs Cc: linux-kernel, Mark Fasheh, Chris Mason, David Sterba, Quentin Casasnovas Improper arithmetics when calculting the address of the extended ref could lead to an out of bounds memory read and kernel panic. Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com> --- fs/btrfs/tree-log.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git fs/btrfs/tree-log.c fs/btrfs/tree-log.c index 9a37f8b..c5b8ba3 100644 --- fs/btrfs/tree-log.c +++ fs/btrfs/tree-log.c @@ -1012,7 +1012,7 @@ again: base = btrfs_item_ptr_offset(leaf, path->slots[0]); while (cur_offset < item_size) { - extref = (struct btrfs_inode_extref *)base + cur_offset; + extref = (struct btrfs_inode_extref *)(base + cur_offset); victim_name_len = btrfs_inode_extref_name_len(leaf, extref); -- 2.0.5 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] Btrfs:__add_inode_ref: out of bounds memory read when looking for extended ref. 2015-03-03 15:31 ` Quentin Casasnovas @ 2015-03-03 15:35 ` Chris Mason 0 siblings, 0 replies; 4+ messages in thread From: Chris Mason @ 2015-03-03 15:35 UTC (permalink / raw) To: Quentin Casasnovas; +Cc: linux-btrfs, linux-kernel, Mark Fasheh, David Sterba On Tue, Mar 3, 2015 at 10:31 AM, Quentin Casasnovas <quentin.casasnovas@oracle.com> wrote: > Improper arithmetics when calculting the address of the extended ref > could > lead to an out of bounds memory read and kernel panic. > > Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com> > --- > fs/btrfs/tree-log.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git fs/btrfs/tree-log.c fs/btrfs/tree-log.c > index 9a37f8b..c5b8ba3 100644 > --- fs/btrfs/tree-log.c > +++ fs/btrfs/tree-log.c > @@ -1012,7 +1012,7 @@ again: > base = btrfs_item_ptr_offset(leaf, path->slots[0]); > > while (cur_offset < item_size) { > - extref = (struct btrfs_inode_extref *)base + cur_offset; > + extref = (struct btrfs_inode_extref *)(base + cur_offset); > > victim_name_len = btrfs_inode_extref_name_len(leaf, extref); > Thanks, this goes back to 3.7+ (Mark's original extref code). I'll tag for stable and add Dave's reviewed by: Reviewed-by: David Sterba <dsterba@suse.cz> -chris ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-03-03 15:36 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1424966437-29795-1-git-send-email-quentin.casasnovas@oracle.com>
2015-03-03 14:38 ` [PATCH] Btrfs:__add_inode_ref: out of bounds memory read when looking for extended ref David Sterba
2015-03-03 15:23 ` Chris Mason
2015-03-03 15:31 ` Quentin Casasnovas
2015-03-03 15:35 ` Chris Mason
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).