* [PATCH] ext4/jbd2: fix race condition when initializing the crc32c "key"
@ 2014-12-05 3:55 Darrick J. Wong
2014-12-08 15:33 ` Theodore Ts'o
0 siblings, 1 reply; 2+ messages in thread
From: Darrick J. Wong @ 2014-12-05 3:55 UTC (permalink / raw)
To: Theodore Ts'o, darrick.wong; +Cc: linux-ext4, Dmitry Monakhov
In the patch "ext4: use the shash api correctly for crc32c", we
attempted to correct for the mis-use of crc32c driver internals by
using the crypto shash API. Unfortunately, the setkey function
modifies state (the key) in the shared s_chksum_driver; then this key
initializes the on-stack checksum descriptor, which means that we have
introduced a race condition that corrupts filesystems.
Therefore, duplicate s_chksum_driver on the stack so that we can set
the key in our own private copy. The guard for the shash context size
is a little hacky, but it'll do. A more "proper" fix would be just to
put a spinlock around setkey/init, but that seems silly to initialize
a local context.
(You could also just revert the two cleanup patches, since every other
caller of crc32c makes layout and size assumptions.)
Test case: run xfstests generic/011 over and over with metadata_csum
enabled until you hit it.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reported-by: Dmitry Monakhov <dmonakhov@openvz.org>
---
fs/ext4/ext4.h | 16 +++++++++++++---
include/linux/jbd2.h | 11 +++++++++--
2 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index da83f20..3e73450 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1777,19 +1777,29 @@ static inline __le16 ext4_rec_len_to_disk(unsigned len, unsigned blocksize)
#define DX_HASH_HALF_MD4_UNSIGNED 4
#define DX_HASH_TEA_UNSIGNED 5
+#define EXT4_MAX_CHECKSUM_SIZE 4
+
static inline u32 ext4_chksum(struct ext4_sb_info *sbi, u32 crc,
const void *address, unsigned int length)
{
struct {
struct shash_desc shash;
- char ctx[4];
+ char ctx[EXT4_MAX_CHECKSUM_SIZE];
} desc;
+ struct {
+ struct crypto_shash tfm;
+ char ctx[EXT4_MAX_CHECKSUM_SIZE];
+ } shash;
__le32 out_crc;
int err;
- BUG_ON(crypto_shash_descsize(sbi->s_chksum_driver)!=sizeof(desc.ctx));
+ BUG_ON(sbi->s_chksum_driver->base.__crt_alg->cra_ctxsize >
+ sizeof(shash.ctx));
+ BUG_ON(crypto_shash_descsize(sbi->s_chksum_driver) >
+ sizeof(desc.ctx));
- desc.shash.tfm = sbi->s_chksum_driver;
+ shash.tfm = *sbi->s_chksum_driver;
+ desc.shash.tfm = &shash.tfm;
desc.shash.flags = 0;
out_crc = cpu_to_le32(crc);
crypto_shash_setkey(desc.shash.tfm, (u8 *)&out_crc, sizeof(out_crc));
diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h
index ae365ca..a1ff27c 100644
--- a/include/linux/jbd2.h
+++ b/include/linux/jbd2.h
@@ -1374,13 +1374,20 @@ static inline u32 jbd2_chksum(journal_t *journal, u32 crc,
struct shash_desc shash;
char ctx[JBD_MAX_CHECKSUM_SIZE];
} desc;
+ struct {
+ struct crypto_shash tfm;
+ char ctx[JBD_MAX_CHECKSUM_SIZE];
+ } shash;
__le32 out_crc;
int err;
+ BUG_ON(journal->j_chksum_driver->base.__crt_alg->cra_ctxsize >
+ sizeof(shash.ctx));
BUG_ON(crypto_shash_descsize(journal->j_chksum_driver) >
- JBD_MAX_CHECKSUM_SIZE);
+ sizeof(desc.ctx));
- desc.shash.tfm = journal->j_chksum_driver;
+ shash.tfm = *journal->j_chksum_driver;
+ desc.shash.tfm = &shash.tfm;
desc.shash.flags = 0;
out_crc = cpu_to_le32(crc);
crypto_shash_setkey(desc.shash.tfm, (u8 *)&out_crc, sizeof(out_crc));
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] ext4/jbd2: fix race condition when initializing the crc32c "key"
2014-12-05 3:55 [PATCH] ext4/jbd2: fix race condition when initializing the crc32c "key" Darrick J. Wong
@ 2014-12-08 15:33 ` Theodore Ts'o
0 siblings, 0 replies; 2+ messages in thread
From: Theodore Ts'o @ 2014-12-08 15:33 UTC (permalink / raw)
To: Darrick J. Wong; +Cc: linux-ext4, Dmitry Monakhov
On Thu, Dec 04, 2014 at 07:55:39PM -0800, Darrick J. Wong wrote:
> In the patch "ext4: use the shash api correctly for crc32c", we
> attempted to correct for the mis-use of crc32c driver internals by
>
> (You could also just revert the two cleanup patches, since every other
> caller of crc32c makes layout and size assumptions.)
OK, I'll just drop the "use the shash api correctly for crc32c" patch.
- Ted
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-12-08 15:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-12-05 3:55 [PATCH] ext4/jbd2: fix race condition when initializing the crc32c "key" Darrick J. Wong
2014-12-08 15:33 ` Theodore Ts'o
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.