| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aRSng1I6l1f7l7EB@infradead.org> Date: Wed, 12 Nov 2025 07:28:03 -0800 From: Christoph Hellwig <hch@...radead.org> To: Raphael Pinsonneault-Thibeault <rpthibeault@...il.com> Cc: cem@...nel.org, djwong@...nel.org, chandanbabu@...nel.org, bfoster@...hat.com, linux-xfs@...r.kernel.org, linux-kernel@...r.kernel.org, linux-kernel-mentees@...ts.linux.dev, skhan@...uxfoundation.org, syzbot+9f6d080dece587cfdd4c@...kaller.appspotmail.com Subject: Re: [PATCH] xfs: ensure log recovery buffer is resized to avoid OOB On Wed, Nov 12, 2025 at 09:10:34AM -0500, Raphael Pinsonneault-Thibeault wrote: > Fix by removing the check for xlog_rec_header h_version, since the code > is already within the if(xfs_has_logv2) path. The CRC checksum will > reject the bad record anyway, this fix is to ensure we can read the > entire buffer without an OOB. Thanks for the fix and the very detailed commit message explaining the logic. I think this should work, but I suspect the better fix would be to just reject the mount for h_size > XLOG_HEADER_CYCLE_SIZE && !XLOG_VERSION_2 because the larger h_size can't work for v1 logs, and the log stripe unit adjustment is also a v2 feature, so it really should not have been applied even accidentally in mkfs. > Can xfs_has_logv2() and xlog_rec_header h_version ever disagree? They should not, but I'm pretty sure if we give syzbot enough time it'll craft an image doing that :) So we better add sanity checks for that now.
Powered by blists - more mailing lists