[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190818090949.GA30276@kroah.com>
Date: Sun, 18 Aug 2019 11:09:49 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Richard Weinberger <richard@....at>
Cc: Gao Xiang <hsiangkao@....com>, Jan Kara <jack@...e.cz>,
Chao Yu <yuchao0@...wei.com>,
Dave Chinner <david@...morbit.com>,
David Sterba <dsterba@...e.cz>, Miao Xie <miaoxie@...wei.com>,
devel <devel@...verdev.osuosl.org>,
Stephen Rothwell <sfr@...b.auug.org.au>,
Darrick <darrick.wong@...cle.com>,
Christoph Hellwig <hch@...radead.org>,
Amir Goldstein <amir73il@...il.com>,
linux-erofs <linux-erofs@...ts.ozlabs.org>,
Al Viro <viro@...iv.linux.org.uk>,
Jaegeuk Kim <jaegeuk@...nel.org>, tytso <tytso@....edu>,
linux-kernel <linux-kernel@...r.kernel.org>,
Li Guifu <bluce.liguifu@...wei.com>,
Fang Wei <fangwei1@...wei.com>, Pavel Machek <pavel@...x.de>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH] erofs: move erofs out of staging
On Sun, Aug 18, 2019 at 11:03:53AM +0200, Richard Weinberger wrote:
> ----- Ursprüngliche Mail -----
> > I agree with you, but what can we do now is trying our best to fuzz
> > all the fields.
> >
> > So, what is your opinion about EROFS?
>
> All I'm saying is that you should not blindly trust the disk.
>
> Another thing that raises my attention is in superblock_read():
> memcpy(sbi->volume_name, layout->volume_name,
> sizeof(layout->volume_name));
>
> Where do you check whether ->volume_name has a NUL terminator?
> Currently this field has no user, maybe will add a check upon usage.
> But this kind of things makes me wonder.
You have looked at reiserfs lately, right? :)
Not to say that erofs shouldn't be worked on to fix these kinds of
issues, just that it's not an unheard of thing to trust the disk image.
Especially for the normal usage model of erofs, where the whole disk
image is verfied before it is allowed to be mounted as part of the boot
process.
thanks,
greg k-h
Powered by blists - more mailing lists