lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <5d45d2ba2504ca365ac36c65cbcc6db413bf7e98.camel@dubeyko.com>
Date: Sun, 28 Sep 2025 15:53:45 -0700
From: Viacheslav Dubeyko <slava@...eyko.com>
To: torvalds@...ux-foundation.org
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, 
	glaubitz@...sik.fu-berlin.de, frank.li@...o.com, Chenzhi Yang
	 <yang.chenzhi@...o.com>, Kang Chen <k.chen@...il.nju.edu.cn>
Subject: [GIT PULL] hfs/hfsplus changes for 6.18-rc1

Hello Linus,

This pull request contains several fixes of syzbot reported
issues, HFS/HFS+ fixes of xfstests failures, and rework of
HFS/HFS+ debug output subsystem.

Kang Chen has fixed a slab-out-of-bounds issue in hfsplus_uni2asc()
when hfsplus_uni2asc() is called from hfsplus_listxattr().
Yang Chenzhi has fixed a crash in hfsplus_bmap_alloc() if record
offset or length is larger than node_size.
Yangtao Li made correction of returning error code from
hfsplus_fill_super() if Catalog File contains corrupted record
for the case of hidden directory's type.

The KMSAN uninit-value issue has been fixed in hfs_find_set_zero_bits()
by exchanging the kmalloc() on kzalloc() call. The KMSAN uninit-value
issue in hfsplus_delete_cat() has been fixed by proper initialization
of struct hfsplus_inode_info in the hfsplus_iget() logic. The KMSAN
uninit-value issue in __hfsplus_ext_cache_extent() has been fixed by
exchanging the kmalloc() on kzalloc() in hfs_find_init().

The slab-out-of-bounds issue could happen in hfsplus_strcasecmp()
if the length field of struct hfsplus_unistr is bigger than
HFSPLUS_MAX_STRLEN. The issue has been fixed by checking
the length of comparing strings. And if the strings' length
is bigger than HFSPLUS_MAX_STRLEN, then the length is corrected
to this value.

The generic/736 xfstest fails for HFS case because HFS volume
becomes corrupted after the test run. The main reason of
the issue is the absence of logic that corrects
mdb->drNxtCNID/HFS_SB(sb)->next_id (next unused CNID) after
deleting a record in Catalog File. It was introduced
a hfs_correct_next_unused_CNID() method that implements
the necessary logic.

The following changes since commit
8f5ae30d69d7543eee0d70083daf4de8fe15d585:

  Linux 6.17-rc1 (2025-08-10 19:41:16 +0300)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/vdubeyko/hfs.git
tags/hfs-v6.18-tag1

for you to fetch changes up to
f32a26fab3672e60f622bd7461bf978fc72f29ec:

  hfs/hfsplus: rework debug output subsystem (2025-09-24 16:30:34 -
0700)

----------------------------------------------------------------
hfs updates for v6.18

- hfs/hfsplus: rework debug output subsystem
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
- hfs: clear offset and space out of valid records in b-tree node
- hfs: add logic of correcting a next unused CNID
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
- hfs: make proper initalization of struct hfs_find_data
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
- hfs: validate record offset in hfsplus_bmap_alloc
- hfsplus: return EIO when type of hidden directory mismatch in
hfsplus_fill_super()
- MAINTAINERS: update location of hfs&hfsplus trees

----------------------------------------------------------------
Kang Chen (1):
      hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()

Viacheslav Dubeyko (8):
      hfsplus: fix KMSAN uninit-value issue in
__hfsplus_ext_cache_extent()
      hfs: make proper initalization of struct hfs_find_data
      hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
      hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
      hfs: add logic of correcting a next unused CNID
      hfs: clear offset and space out of valid records in b-tree node
      hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
      hfs/hfsplus: rework debug output subsystem

Yang Chenzhi (1):
      hfs: validate record offset in hfsplus_bmap_alloc

Yangtao Li (2):
      MAINTAINERS: update location of hfs&hfsplus trees
      hfsplus: return EIO when type of hidden directory mismatch in
hfsplus_fill_super()

 MAINTAINERS                |   4 ++
 fs/hfs/bfind.c             |  12 +++--
 fs/hfs/bitmap.c            |   4 +-
 fs/hfs/bnode.c             |  28 +++++-----
 fs/hfs/brec.c              |  35 +++++++++---
 fs/hfs/btree.c             |   2 +-
 fs/hfs/catalog.c           | 129
+++++++++++++++++++++++++++++++++++++++++++--
 fs/hfs/extent.c            |  19 +++----
 fs/hfs/hfs_fs.h            |  39 ++------------
 fs/hfs/inode.c             |  25 ++++++---
 fs/hfs/mdb.c               |  20 ++++---
 fs/hfs/super.c             |   4 ++
 fs/hfsplus/attributes.c    |   8 +--
 fs/hfsplus/bfind.c         |  12 +++--
 fs/hfsplus/bitmap.c        |  10 ++--
 fs/hfsplus/bnode.c         |  69 +++++-------------------
 fs/hfsplus/brec.c          |  10 ++--
 fs/hfsplus/btree.c         |  10 +++-
 fs/hfsplus/catalog.c       |   6 +--
 fs/hfsplus/dir.c           |   2 +-
 fs/hfsplus/extents.c       |  27 +++++-----
 fs/hfsplus/hfsplus_fs.h    |  85 ++++++++++++++++-------------
 fs/hfsplus/super.c         |  41 ++++++++++----
 fs/hfsplus/unicode.c       |  48 +++++++++++++++--
 fs/hfsplus/xattr.c         |  10 ++--
 include/linux/hfs_common.h |  20 +++++++
 26 files changed, 442 insertions(+), 237 deletions(-)
 create mode 100644 include/linux/hfs_common.h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ