| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Jan 2020 10:45:16 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: Jaegeuk Kim <jaegeuk@...nel.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Al Viro <viro@...iv.linux.org.uk>,
OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>,
Pali Rohár <pali.rohar@...il.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
"Theodore Y. Ts'o" <tytso@....edu>,
Namjae Jeon <linkinjeon@...il.com>,
Gabriel Krisman Bertazi <krisman@...labora.com>
Subject: Re: oopsably broken case-insensitive support in ext4 and f2fs (Re:
vfat: Broken case-insensitive support for UTF-8)
On Fri, Jan 24, 2020 at 10:03:23AM -0800, Jaegeuk Kim wrote:
> On 01/24, Linus Torvalds wrote:
> > On Thu, Jan 23, 2020 at 8:29 PM Eric Biggers <ebiggers@...nel.org> wrote:
> > >
> > > Thanks Al. I sent out fixes for this:
> >
> > How did that f2fs_d_compare() function ever work? It was doing the
> > memcmp on completely the wrong thing.
>
> Urg.. my bad. I didn't do enough stress test on casefolding case which
> is only activated given "mkfs -C utf8:strict". And Android hasn't enabled
> it yet.
>
It also didn't cause *really* obvious breakage because in practice it only
caused ->d_compare() to incorrectly return false, and that just caused new
dentries to be created rather than the existing ones reused. So most things
continued to work.
It can be noticed by way of deleting files not actually freeing up space... Or
the way I noticed it is that my reproducer for the ->d_hash() crash worked on
ext4 but not f2fs.
- Eric
Powered by blists - more mailing lists