Re: [PATCH] ubifs: Fix potentially out-of-bounds memory access in ubifs_dump_node

From: Richard Weinberger
Date: Mon Jan 13 2020 - 02:54:13 EST

Next message: Ram Pai: "Re: [RESEND PATCH v2 3/3] powerpc/powernv: Parse device tree, population of SPR support"
Previous message: Geert Uytterhoeven: "Re: [PATCH 0/3] dio: Miscellaneous cleanups"
In reply to: Richard Weinberger: "Re: [PATCH] ubifs: Fix potentially out-of-bounds memory access in ubifs_dump_node"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- UrsprÃngliche Mail -----
> Problems with storage devices are indeed a problem, But because the wrong
> "ch->len" causes the kernel to crash, this cost is too heavy. We should
> avoid kernel crashes due to such errors.
>
>
> Although a crc error was found in "ubifs_check_node", it is difficult to
> simply judge whether "ch->len" is reasonable, so I think we only need to know
> the _location_ of the error data node, and it is not necessary to present its
> contents together.

What we can try is optionally passing the buffer length to ubifs_dump_node().
If crc is bad but ch->len is within bounds we can still safely dump.

Thanks,
//richard

Next message: Ram Pai: "Re: [RESEND PATCH v2 3/3] powerpc/powernv: Parse device tree, population of SPR support"
Previous message: Geert Uytterhoeven: "Re: [PATCH 0/3] dio: Miscellaneous cleanups"
In reply to: Richard Weinberger: "Re: [PATCH] ubifs: Fix potentially out-of-bounds memory access in ubifs_dump_node"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]