headers
NeilBrown | 28 Jul 2006 02:31
X-Face
Picon
Gravatar

[PATCH 000 of 2] knfsd: Don't allow bad file handles to cause extX to go readonly

Currently, and file handle with a bad inode number in it can cause
ext2 to go to readonly (as it looks like a corrupted filesystem)
and could allow remote access to ext3 special files like the journal.

These patches give ext2/3 their own get_dentry method which checks the
inode number early before other bits of the code can be freaked out by
it.

These are revised versions of earlier patches.  Rather than exporting
export_iget, we open code it and simplify it slightly.  This avoids
and extra module dependancy.

NeilBrown

To follow:
 [PATCH 001 of 2] knfsd: Have ext2 reject file handles with bad inode numbers early.
 [PATCH 002 of 2] knfsd: Make ext3 reject filehandles referring to invalid inode numbers

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
NFS maillist  -  NFS <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
Permalink | Reply |
headers
Christoph Hellwig | 28 Jul 2006 15:33
Favicon

Re: [PATCH 000 of 2] knfsd: Don't allow bad file handles to cause extX to go readonly

On Fri, Jul 28, 2006 at 10:31:20AM +1000, NeilBrown wrote:
> Currently, and file handle with a bad inode number in it can cause
> ext2 to go to readonly (as it looks like a corrupted filesystem)
> and could allow remote access to ext3 special files like the journal.
> 
> These patches give ext2/3 their own get_dentry method which checks the
> inode number early before other bits of the code can be freaked out by
> it.
> 
> These are revised versions of earlier patches.  Rather than exporting
> export_iget, we open code it and simplify it slightly.  This avoids
> and extra module dependancy.

This looks much better, agreed.  Long-term we should switch ext2/ext2
to use iget_locked so we can propagate errors in finding the inode much
better.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
NFS maillist  -  NFS <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
Permalink | Reply |
headers
NeilBrown | 28 Jul 2006 02:31
X-Face
Picon
Gravatar

[PATCH 002 of 2] knfsd: Make ext3 reject filehandles referring to invalid inode numbers


Inodes earlier than the 'first' inode (e.g. journal,
resize) should be rejected early - except the root inode.
Also inode numbers that are too big should be rejected early.

Signed-off-by: Neil Brown <neilb <at> suse.de>

### Diffstat output
 ./fs/ext3/super.c |   43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff .prev/fs/ext3/super.c ./fs/ext3/super.c
--- .prev/fs/ext3/super.c	2006-07-28 10:18:55.000000000 +1000
+++ ./fs/ext3/super.c	2006-07-28 10:25:20.000000000 +1000
 <at>  <at>  -554,6 +554,48  <at>  <at>  static int ext3_show_options(struct seq_
 	return 0;
 }

+
+static struct dentry *ext3_get_dentry(struct super_block *sb, void *vobjp)
+{
+	__u32 *objp = vobjp;
+	unsigned long ino = objp[0];
+	__u32 generation = objp[1];
+	struct inode *inode;
+	struct dentry *result;
+
+	if (ino != EXT3_ROOT_INO && ino < EXT3_FIRST_INO(sb))
+		return ERR_PTR(-ESTALE);
+	if (ino > le32_to_cpu(EXT3_SB(sb)->s_es->s_inodes_count))
(Continue reading)

Permalink | Reply |
headers
NeilBrown | 28 Jul 2006 02:31
X-Face
Picon
Gravatar

[PATCH 001 of 2] knfsd: Have ext2 reject file handles with bad inode numbers early.


This prevents bad inode numbers from triggering errors in
ext2_get_inode.

Signed-off-by: Neil Brown <neilb <at> suse.de>

### Diffstat output
 ./fs/ext2/super.c |   41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff .prev/fs/ext2/super.c ./fs/ext2/super.c
--- .prev/fs/ext2/super.c	2006-07-28 10:12:55.000000000 +1000
+++ ./fs/ext2/super.c	2006-07-28 10:17:58.000000000 +1000
 <at>  <at>  -251,6 +251,46  <at>  <at>  static struct super_operations ext2_sops
 #endif
 };

+static struct dentry *ext2_get_dentry(struct super_block *sb, void *vobjp)
+{
+	__u32 *objp = vobjp;
+	unsigned long ino = objp[0];
+	__u32 generation = objp[1];
+	struct inode *inode;
+	struct dentry *result;
+
+	if (ino != EXT2_ROOT_INO && ino < EXT2_FIRST_INO(sb))
+		return ERR_PTR(-ESTALE);
+	if (ino > le32_to_cpu(EXT2_SB(sb)->s_es->s_inodes_count))
+		return ERR_PTR(-ESTALE);
+
(Continue reading)

Permalink | Reply |

Gmane