linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andrew Morton <akpm@osdl.org>
To: dan@merillat.org
Cc: linux-kernel@vger.kernel.org, harik@chaos.ao.net,
	Oleg Drokin <green@namesys.com>
Subject: Re: Reiserfs kernel-crashing bug in 2.4.20 (and UML)
Date: Sat, 23 Aug 2003 20:42:01 -0700	[thread overview]
Message-ID: <20030823204201.06c706c1.akpm@osdl.org> (raw)
In-Reply-To: <4878.24.165.250.16.1061688482.squirrel@mail.merillat.org>

dan@merillat.org wrote:
>
>  Let's get this out of the way first: I KNOW IT'S A HARDWARE BUG.  My
>  system wrote corrupted data to the drive.  I've already recovered the
>  partition but I have a dd'd copy around to figure this out.
> 
>  With that out of the way:
> 
>  I can reliably insta-reboot my kernel or cause user-mode-linux to crash
>  out when doing a directory lookup in one corrupted directory.
> 
>  The catch is, (and there's always a catch) neither oopses.  real kernel on
>  real hardware just flashes the screen and reboots, user-mode-linux just
>  drops back to the host's shell prompt.
> 
>  Here's what I've found using UML on it:
> 
>  The directory is one block, but we're reading data 100+k into it.  Perhaps
>  a sanity check that we're actually within the buffer we want to be?

You're absolutely right.  Filesystem drivers should try hard to not crash
the box when fed random crap.

> +		if (d_reclen < 0)
> +			return -EIO;

It needs to be checked for some upper bound as well.



  reply	other threads:[~2003-08-24  3:39 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-08-24  1:28 dan
2003-08-24  3:42 ` Andrew Morton [this message]
2003-08-25  8:09 ` Oleg Drokin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030823204201.06c706c1.akpm@osdl.org \
    --to=akpm@osdl.org \
    --cc=dan@merillat.org \
    --cc=green@namesys.com \
    --cc=harik@chaos.ao.net \
    --cc=linux-kernel@vger.kernel.org \
    --subject='Re: Reiserfs kernel-crashing bug in 2.4.20 (and UML)' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).