lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 21 Jul 2023 02:11:19 +0100
From:   Matthew Wilcox <willy@...radead.org>
To:     Finn Thain <fthain@...ux-m68k.org>
Cc:     Dave Chinner <david@...morbit.com>,
        Jeff Layton <jlayton@...nel.org>,
        John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Viacheslav Dubeyko <slava@...eyko.com>,
        Arnd Bergmann <arnd@...db.de>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        syzbot <syzbot+7bb7cd3595533513a9e7@...kaller.appspotmail.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        christian.brauner@...ntu.com,
        Damien Le Moal <damien.lemoal@...nsource.wdc.com>,
        Linux FS Devel <linux-fsdevel@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        syzkaller-bugs@...glegroups.com,
        ZhangPeng <zhangpeng362@...wei.com>,
        linux-m68k@...ts.linux-m68k.org,
        debian-ports <debian-ports@...ts.debian.org>
Subject: Re: [syzbot] [hfs?] WARNING in hfs_write_inode

On Fri, Jul 21, 2023 at 11:03:28AM +1000, Finn Thain wrote:
> On Fri, 21 Jul 2023, Dave Chinner wrote:
> 
> > > I suspect that this is one of those catch-22 situations: distros are 
> > > going to enable every feature under the sun. That doesn't mean that 
> > > anyone is actually _using_ them these days.
> 
> I think the value of filesystem code is not just a question of how often 
> it gets executed -- it's also about retaining access to the data collected 
> in archives, museums, galleries etc. that is inevitably held in old 
> formats.

That's an argument for adding support to tar, not for maintaining
read/write support.

> > We need to much more proactive about dropping support for unmaintained 
> > filesystems that nobody is ever fixing despite the constant stream of 
> > corruption- and deadlock- related bugs reported against them.
> 
> IMO, a stream of bug reports is not a reason to remove code (it's a reason 
> to revert some commits).
> 
> Anyway, that stream of bugs presumably flows from the unstable kernel API, 
> which is inherently high-maintenance. It seems that a stable API could be 
> more appropriate for any filesystem for which the on-disk format is fixed 
> (by old media, by unmaintained FLOSS implementations or abandoned 
> proprietary implementations).

You've misunderstood.  Google have decided to subject the entire kernel
(including obsolete unmaintained filesystems) to stress tests that it's
never had before.  IOW these bugs have been there since the code was
merged.  There's nothing to back out.  There's no API change to blame.
It's always been buggy and it's never mattered before.

It wouldn't be so bad if Google had also decided to fund people to fix
those bugs, but no, they've decided to dump them on public mailing lists
and berate developers into fixing them.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ