On Wed, Jul 10, 2024 at 12:06:44PM +0800, libaokun@xxxxxxxxxxxxxxx wrote:Hey Ojaswin,
From: Baokun Li <libaokun1@xxxxxxxxxx>Hi Baokun,
The use of path and ppath is now very confusing, so to make the code more
readable, pass path between functions uniformly, and get rid of ppath.
To get rid of the ppath in ext4_ext_create_new_leaf(), the following is
done here:
* Free the extents path when an error is encountered.
* Its caller needs to update ppath if it uses ppath.
No functional changes.
Signed-off-by: Baokun Li <libaokun1@xxxxxxxxxx>
The changes look good to me, feel free to add:Thank you very much for your review!
Reviewed-by: Ojaswin Mujoo <ojaswin@xxxxxxxxxxxxx>
Nice catch!
That being said, IIUC i think this patchset also fixes a potential UAF
bug. Below is a sample trace with dummy values:
ext4_ext_insert_extent
path = *ppath = 2000
ext4_ext_create_new_leaf(ppath)
path = *ppath = 2000
ext4_find_extent(path = 2000)
if (depth > path[0].p_maxdepth)
kfree(path = 2000);
path = NULL;
path = kcalloc() = 3000
...
return path;
path = 3000
*ppath = 3000;
return;
/* here path is still 2000 *, UAF! */
eh = path[depth].p_hdr
I'm not completely sure if we can hit (depth > path[0].p_maxdepth) in the
above codepath but I think the flow is still a bit fragile. Maybe this
should be fixed in a separate patch first. What do you think?
Regards,
ojaswin