lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <leys5guzkcvlilaccjmsw7cvncm6o2vqo2wwezhuz7r6lcfjnk@va3cnphl4zf3>
Date: Fri, 31 Oct 2025 15:04:04 +0800
From: Heming Zhao <heming.zhao@...e.com>
To: Albin Babu Varghese <albinbabuvarghese20@...il.com>
Cc: Ahmet Eray Karadag <eraykrdg1@...il.com>, mark@...heh.com, 
	jlbec@...lplan.org, joseph.qi@...ux.alibaba.com, ocfs2-devel@...ts.linux.dev, 
	linux-kernel@...r.kernel.org, david.hunter.linux@...il.com, skhan@...uxfoundation.org, 
	syzbot+b93b65ee321c97861072@...kaller.appspotmail.com
Subject: Re: [RFC RFT PATCH] ocfs2: Mark inode bad upon validation failure
 during read

On Thu, Oct 30, 2025 at 11:59:08PM -0400, Albin Babu Varghese wrote:
> Hi Heming, Thanks for the feedback.
> 
> > > I had one question about your proposal to combine this patch with
> > > Albin's [1]. When you mentioned, "We should forbid any write
> > > operations," were you referring to Albin's read-only check in
> > > ocfs2_setattr as the mechanism to "forbid" the operation? Or
> > > were you suggesting we should use the inode size sanity check
> > > itself (e.g., by converting the BUG_ON to an -EIO return)
> > > as that mechanism?
> > > 
> > 
> > The 'forbid' refers to the read-only check in ocfs2_setattr.
> > We can refer to ext4_setattr(), which calls ext4_emergency_state()
> > to forbid write operations.
> 
> I just looked at the ext4 implementation you mentioned. When we were working on
> it, I actually referenced how XFS's setattr was handling this because I
> couldn't find the exact ext4 implementation for this at the time, so I wasn't
> sure. From what I understand now, ext4 is doing something similar too.
> 
> If everything looks good, we can combine these two patches and send them as a
> patch series.
> 
> Best,
> 	Albin

I support adding make_bad_inode() in ocfs2_read_inode_block_full().
ocfs2_read_locked_inode() calls ocfs2_read_inode_block[_full] to read the inode
from disk. However, ocfs2_read_inode_block[_full] have many callers, and in
current code, only ocfs2_read_locked_inode() marks the inode as bad. All others
forget to set the bad_inode.

The 'forbid' write operations when read-only mode is worth another patch, and
I plan to create this patch. This patch adds a similar ext4_emergency_state()
function for ocfs2.
Therefore, your original patch looks good to me. I will provide my Reivewed-by
for it.

Thanks,
Heming

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ