lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 14 Feb 2020 18:25:38 -0500
From:   "Valdis Klētnieks" <valdis.kletnieks@...edu>
To:     Pali Rohár <pali.rohar@...il.com>
Cc:     Sasha Levin <sashal@...nel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        devel@...verdev.osuosl.org, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Sasha Levin <alexander.levin@...rosoft.com>,
        Christoph Hellwig <hch@...radead.org>
Subject: Re: [PATCH] staging: exfat: add exfat filesystem code to staging


> Idea is simple. Expects that we have a clean filesystem in correct
> state. We load primary/active/main FAT table (just call it FAT1) and all
> changes to filesystem would be done via second non-active FAT table
> (FAT2). At unmount or sync or flush buffer times, FAT2 would be copied
> back to the FAT1 and filesystem would be back in clean state.

Somehow, scribbling on the non-active table for actual changes sounds like a
bad idea waiting to happen (partly because if you do that and crash, after the
reboot you remount, and it starts up with the now-stale FAT1 because you never
flagged that FAT as stale.

That means that if we started using the secondary FAT, we'd change the
ActiveFAT variable to indicate that.  And if we do that, we need to also set
num_fat to 2 because num_fat 1 and ActiveFAT pointing at the second FAT is
*definitely* bogus.

And that could result in us crashing and leaving the device with a header that
says 'num_fat == 2', ActiveFAT == second, and the dirty bit set - and the user
next uses the  filesystem on a system/device that hard-codes that there's only 1 FAT,
so it blindly goes on its merry way using a FAT that's stale and never realizing it.

And that's actually the same failure mode as in the first paragraph - you start
off using FAT1 because you don't see an indication that it's stale.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists