Re: [syzbot] KASAN: use-after-free Read in copy_page_from_iter_atomic (2)

From: Qu Wenruo
Date: Wed Jun 15 2022 - 17:27:45 EST

Next message: pr-tracker-bot: "Re: [GIT PULL] hardening fixes for v5.19-rc3"
Previous message: Julius Werner: "Re: [RFC] Correct memory layout reporting for "jedec,lpddr2" and related bindings"
In reply to: Christoph Hellwig: "Re: [syzbot] KASAN: use-after-free Read in copy_page_from_iter_atomic (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2022/6/15 21:21, Christoph Hellwig wrote:

On Tue, Jun 14, 2022 at 04:50:22PM +0800, Qu Wenruo wrote:

The same way as data?

map-logical to find the location of a mirror, write 4 bytes of zero into
the location, then call it a day.

Although for metadata, you may want to choose a metadata that would
definitely get read.
Thus tree root is a good candidate.

And how do I find out the logic address of the tree root?

For tree root, "btrfs ins dump-super <dev> | grep '^root\s'.

For other tree blocks, "btrfs ins dump-tree <dev>" then with other other
keywords to grab.

Thanks,
Qu

Next message: pr-tracker-bot: "Re: [GIT PULL] hardening fixes for v5.19-rc3"
Previous message: Julius Werner: "Re: [RFC] Correct memory layout reporting for "jedec,lpddr2" and related bindings"
In reply to: Christoph Hellwig: "Re: [syzbot] KASAN: use-after-free Read in copy_page_from_iter_atomic (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]