lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200124184516.GB41762@gmail.com>
Date:   Fri, 24 Jan 2020 10:45:16 -0800
From:   Eric Biggers <ebiggers@...nel.org>
To:     Jaegeuk Kim <jaegeuk@...nel.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Al Viro <viro@...iv.linux.org.uk>,
        OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>,
        Pali Rohár <pali.rohar@...il.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        "Theodore Y. Ts'o" <tytso@....edu>,
        Namjae Jeon <linkinjeon@...il.com>,
        Gabriel Krisman Bertazi <krisman@...labora.com>
Subject: Re: oopsably broken case-insensitive support in ext4 and f2fs (Re:
 vfat: Broken case-insensitive support for UTF-8)

On Fri, Jan 24, 2020 at 10:03:23AM -0800, Jaegeuk Kim wrote:
> On 01/24, Linus Torvalds wrote:
> > On Thu, Jan 23, 2020 at 8:29 PM Eric Biggers <ebiggers@...nel.org> wrote:
> > >
> > > Thanks Al.  I sent out fixes for this:
> > 
> > How did that f2fs_d_compare() function ever work? It was doing the
> > memcmp on completely the wrong thing.
> 
> Urg.. my bad. I didn't do enough stress test on casefolding case which
> is only activated given "mkfs -C utf8:strict". And Android hasn't enabled
> it yet.
> 

It also didn't cause *really* obvious breakage because in practice it only
caused ->d_compare() to incorrectly return false, and that just caused new
dentries to be created rather than the existing ones reused.  So most things
continued to work.

It can be noticed by way of deleting files not actually freeing up space... Or
the way I noticed it is that my reproducer for the ->d_hash() crash worked on
ext4 but not f2fs.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ