Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d3a03f80 authored by Joern Engel's avatar Joern Engel
Browse files

[LogFS] Plug 8 byte information leak 



Within each journal segment, 8 bytes at offset 24 would remain
uninitialized.

Signed-off-by: default avatarJoern Engel <joern@logfs.org>
parent 032d8f72

fs/logfs/journal.c

+14 −10
Original line number Diff line number Diff line
@@ -388,7 +388,10 @@ static void journal_get_erase_count(struct logfs_area *area) 
static int journal_erase_segment(struct logfs_area *area)

{

	struct super_block *sb = area->a_sb;

	union {

		struct logfs_segment_header sh;

		unsigned char c[ALIGN(sizeof(struct logfs_segment_header), 16)];

	} u;

	u64 ofs;

	int err;
@@ -396,20 +399,21 @@ static int journal_erase_segment(struct logfs_area *area) 
	if (err)

		return err;



	sh.pad = 0;

	sh.type = SEG_JOURNAL;

	sh.level = 0;

	sh.segno = cpu_to_be32(area->a_segno);

	sh.ec = cpu_to_be32(area->a_erase_count);

	sh.gec = cpu_to_be64(logfs_super(sb)->s_gec);

	sh.crc = logfs_crc32(&sh, sizeof(sh), 4);

	memset(&u, 0, sizeof(u));

	u.sh.pad = 0;

	u.sh.type = SEG_JOURNAL;

	u.sh.level = 0;

	u.sh.segno = cpu_to_be32(area->a_segno);

	u.sh.ec = cpu_to_be32(area->a_erase_count);

	u.sh.gec = cpu_to_be64(logfs_super(sb)->s_gec);

	u.sh.crc = logfs_crc32(&u.sh, sizeof(u.sh), 4);



	/* This causes a bug in segment.c.  Not yet. */

	//logfs_set_segment_erased(sb, area->a_segno, area->a_erase_count, 0);



	ofs = dev_ofs(sb, area->a_segno, 0);

	area->a_used_bytes = ALIGN(sizeof(sh), 16);

	logfs_buf_write(area, ofs, &sh, sizeof(sh));

	area->a_used_bytes = sizeof(u);

	logfs_buf_write(area, ofs, &u, sizeof(u));

	return 0;

}