lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250728163526.GD222315@ZenIV>
Date: Mon, 28 Jul 2025 17:35:26 +0100
From: Al Viro <viro@...iv.linux.org.uk>
To: Edward Adam Davis <eadavis@...com>
Cc: syzbot+d3c29ed63db6ddf8406e@...kaller.appspotmail.com,
	hirofumi@...l.parknet.co.jp, linkinjeon@...nel.org,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	sj1557.seo@...sung.com, syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH] fat: Prevent the race of read/write the FAT16 and FAT32
 entry

On Mon, Jul 28, 2025 at 05:04:45PM +0100, Al Viro wrote:
> On Mon, Jul 28, 2025 at 07:37:02PM +0800, Edward Adam Davis wrote:
> > The writer and reader access FAT32 entry without any lock, so the data
> > obtained by the reader is incomplete.
> 
> Could you be more specific?  "Incomplete" in which sense?
> 
> > Add spin lock to solve the race condition that occurs when accessing
> > FAT32 entry.
> 
> Which race condition would that be?
> 
> > FAT16 entry has the same issue and is handled together.
> 
> FWIW, I strongly suspect that
> 	* "issue" with FAT32 is a red herring coming from mindless parroting
> of dumb tool output
> 	* issue with FAT16 just might be real, if architecture-specific.
> If 16bit stores are done as 32bit read-modify-write, we might need some
> serialization.  Assuming we still have such architectures, that is -
> alpha used to be one, but support for pre-BWX models got dropped.
> Sufficiently ancient ARM?

Note that FAT12 situation is really different - we not just have an inevitable
read-modify-write for stores (half-byte access), we are not even guaranteed that
byte and half-byte will be within the same cacheline, so cmpxchg is not an
option; we have to use a spinlock there.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ