| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9ac7574508df0f96d220cc9c2f51d3192ffff568.camel@ibm.com>
Date: Tue, 22 Jul 2025 18:08:09 +0000
From: Viacheslav Dubeyko <Slava.Dubeyko@....com>
To: "willy@...radead.org" <willy@...radead.org>,
"penguin-kernel@...ove.sakura.ne.jp" <penguin-kernel@...ove.sakura.ne.jp>
CC: "glaubitz@...sik.fu-berlin.de" <glaubitz@...sik.fu-berlin.de>,
"frank.li@...o.com" <frank.li@...o.com>,
"slava@...eyko.com"
<slava@...eyko.com>,
"linux-fsdevel@...r.kernel.org"
<linux-fsdevel@...r.kernel.org>,
"linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>,
"akpm@...ux-foundation.org"
<akpm@...ux-foundation.org>
Subject: RE: [PATCH v3] hfs: remove BUG() from
hfs_release_folio()/hfs_test_inode()/hfs_write_inode()
On Tue, 2025-07-22 at 15:22 +0100, Matthew Wilcox wrote:
> On Tue, Jul 22, 2025 at 11:04:30PM +0900, Tetsuo Handa wrote:
> > On 2025/07/22 22:30, Matthew Wilcox wrote:
> > > On Tue, Jul 22, 2025 at 07:42:35PM +0900, Tetsuo Handa wrote:
> > > > I can update patch description if you have one, but I don't plan to try something like below.
> > >
> > > Why not? Papering over the underlying problem is what I rejected in v1,
> > > and here we are months later with you trying a v4.
> >
> > Because I don't know how HFS/HFS+ filesystems work.
The patch definitely should be rework. The phrase "I don't know how it works"
cannot be accepted as excuse. :)
> > I just want to close these nearly 1000 days old bugs.
> >
We are not in a hurry. We must fix the reason of the bug but
not try to hide the real reason of the issue.
> > You can write your patches.
>
> I don't understand this attitude at all. Are you in QA and being paid
> by "number of bugs closed per week"?
OK. Let's return to hfs_read_inode() again [1]. We have such logic here:
switch (rec->type) {
case HFS_CDR_FIL:
<skipped>
inode->i_ino = be32_to_cpu(rec->file.FlNum);
<skipped>
break;
case HFS_CDR_DIR:
inode->i_ino = be32_to_cpu(rec->dir.DirID);
<skipped>
break;
default:
make_bad_inode(inode);
}
So, if rec->type is OK (HFS_CDR_FIL, HFS_CDR_DIR) then we process
a particular type of record, otherwise, we create the bad inode. So, we simply
need to extend this logic. If rec->file.FlNum or rec->dir.DirID is equal or
bigger than HFS_FIRSTUSER_CNID, then we can create normal inode. Otherwise,
we need to create the bad inode. We simply need to add the checking logic
here. Tetsuo, does it make sense to you? :) Because, if we have corrupted value
of rec->file.FlNum or rec->dir.DirID, then it doesn't make sense to create
the normal inode with invalid i_ino. Simply, take a look here [2]:
/* Some special File ID numbers */
#define HFS_POR_CNID 1 /* Parent Of the Root */
#define HFS_ROOT_CNID 2 /* ROOT directory */
#define HFS_EXT_CNID 3 /* EXTents B-tree */
#define HFS_CAT_CNID 4 /* CATalog B-tree */
#define HFS_BAD_CNID 5 /* BAD blocks file */
#define HFS_ALLOC_CNID 6 /* ALLOCation file (HFS+) */
#define HFS_START_CNID 7 /* STARTup file (HFS+) */
#define HFS_ATTR_CNID 8 /* ATTRibutes file (HFS+) */
#define HFS_EXCH_CNID 15 /* ExchangeFiles temp id */
#define HFS_FIRSTUSER_CNID 16
Zero inode ID is completely invalid. And values from 1 - 15 are reserved
for HFS metadata structures.
Thanks,
Slava.
[1] https://elixir.bootlin.com/linux/v6.16-rc6/source/fs/hfs/inode.c#L350
[2] https://elixir.bootlin.com/linux/v6.16-rc6/source/fs/hfs/hfs.h#L40
Powered by blists - more mailing lists