lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <s3h4jwiyohye7i7wez3dofcd7xmpvglailpdgqpy4vkgdajxc6@5m37ibsquyhg>
Date: Mon, 8 Dec 2025 15:24:17 +0100
From: Jan Kara <jack@...e.cz>
To: Jori Koolstra <jkoolstra@...all.nl>
Cc: Jan Kara <jack@...e.cz>, Christian Brauner <brauner@...nel.org>, 
	Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>, Taotao Chen <chentaotao@...iglobal.com>, 
	Shuah Khan <skhan@...uxfoundation.org>, linux-kernel@...r.kernel.org, 
	syzbot+5ad0824204c7bf9b67f2@...kaller.appspotmail.com
Subject: Re: [PATCH 2/3] minix: Add required sanity checking to
 minix_check_superblock()

On Mon 08-12-25 14:54:55, Jori Koolstra wrote:
> 
> > Op 08-12-2025 10:51 CET schreef Jan Kara <jack@...e.cz>:
> > 
> >  
> > On Sun 07-12-25 19:36:44, Jori Koolstra wrote:
> > > > > 
> > > > > diff --git a/fs/minix/inode.c b/fs/minix/inode.c
> > > > > index 7897f5123b3d..8eb26ff91adf 100644
> > > > > --- a/fs/minix/inode.c
> > > > > +++ b/fs/minix/inode.c
> > > > > @@ -171,7 +171,14 @@ static bool minix_check_superblock(struct super_block *sb)
> > > > >  {
> > > > >  	struct minix_sb_info *sbi = minix_sb(sb);
> > > > >  
> > > > > -	if (sbi->s_imap_blocks == 0 || sbi->s_zmap_blocks == 0)
> > > > > +	if (sbi->s_log_zone_size != 0) {
> > > > > +		printk("minix-fs error: zone size must equal block size. "
> > > > > +		       "s_log_zone_size > 0 is not supported.\n");
> > > > > +		return false;
> > > > > +	}
> > > > > +
> > > > > +	if (sbi->s_ninodes < 1 || sbi->s_firstdatazone <= 4 ||
> > > > > +	    sbi->s_firstdatazone >= sbi->s_nzones)
> > > > >  		return false;
> > > > 
> > > > OK, but why did you remove the s_imap_blocks and s_zmap_blocks checks?
> > > > 
> > > 
> > > I replied to this a while ago that this already happens later in
> > > minix_fill_superblock:
> > > https://elixir.bootlin.com/linux/v6.18-rc7/source/fs/minix/inode.c#L280
> > > 
> > > Maybe you missed it. Let me know if this answers your question when you
> > > have time.
> > 
> > True, a stricter check happens later in minix_fill_super() but AFAICS
> > minix_set_bit() calls before this stricter check will crash if
> > s_imap_blocks or s_zmap_blocks are zero. So I think the original check is
> > still needed.
> > 
> 
> Ah, how stupid. I missed that. I think it is better to move the logic to the
> minix_check_super_block anyhow. What do you think of this:
> 
> diff --git a/fs/minix/inode.c b/fs/minix/inode.c
> index 51ea9bdc813f..c8c6b2135abe 100644
> --- a/fs/minix/inode.c
> +++ b/fs/minix/inode.c
> @@ -170,10 +170,38 @@ static int minix_reconfigure(struct fs_context *fc)
>  static bool minix_check_superblock(struct super_block *sb)
>  {
>  	struct minix_sb_info *sbi = minix_sb(sb);
> +	unsigned long block;
>  
> -	if (sbi->s_imap_blocks == 0 || sbi->s_zmap_blocks == 0)
> +	if (sbi->s_log_zone_size != 0) {
> +		printk("minix-fs error: zone size must equal block size. "
> +		       "s_log_zone_size > 0 is not supported.\n");
> +		return false;
> +	}
> +
> +	if (sbi->s_ninodes < 1 || sbi->s_firstdatazone <= 4 ||
> +	    sbi->s_firstdatazone >= sbi->s_nzones)
>  		return false;
>  
> +	/* Apparently minix can create filesystems that allocate more blocks for
> +	 * the bitmaps than needed.  We simply ignore that, but verify it didn't
> +	 * create one with not enough blocks and bail out if so.
> +	 */
> +	block = minix_blocks_needed(sbi->s_ninodes, sb->s_blocksize);
> +	if (sbi->s_imap_blocks < block) {
> +		printk("MINIX-fs: file system does not have enough "
> +		       "imap blocks allocated. Refusing to mount.\n");
> +		return false;
> +	}
> +
> +	block = minix_blocks_needed(
> +			(sbi->s_nzones - sbi->s_firstdatazone + 1),
> +			sb->s_blocksize);
> +	if (sbi->s_zmap_blocks < block) {
> +		printk("MINIX-fs: file system does not have enough "
> +		       "zmap blocks allocated. Refusing to mount.\n");
> +		return false;
> +	}
> +
>  	/*
>  	 * s_max_size must not exceed the block mapping limitation.  This check
>  	 * is only needed for V1 filesystems, since V2/V3 support an extra level
> @@ -293,26 +321,6 @@ static int minix_fill_super(struct super_block *s, struct fs_context *fc)
>  	minix_set_bit(0,sbi->s_imap[0]->b_data);
>  	minix_set_bit(0,sbi->s_zmap[0]->b_data);
>  
> -	/* Apparently minix can create filesystems that allocate more blocks for
> -	 * the bitmaps than needed.  We simply ignore that, but verify it didn't
> -	 * create one with not enough blocks and bail out if so.
> -	 */
> -	block = minix_blocks_needed(sbi->s_ninodes, s->s_blocksize);
> -	if (sbi->s_imap_blocks < block) {
> -		printk("MINIX-fs: file system does not have enough "
> -				"imap blocks allocated.  Refusing to mount.\n");
> -		goto out_no_bitmap;
> -	}
> -
> -	block = minix_blocks_needed(
> -			(sbi->s_nzones - sbi->s_firstdatazone + 1),
> -			s->s_blocksize);
> -	if (sbi->s_zmap_blocks < block) {
> -		printk("MINIX-fs: file system does not have enough "
> -				"zmap blocks allocated.  Refusing to mount.\n");
> -		goto out_no_bitmap;
> -	}
> -
>  	/* set up enough so that it can read an inode */
>  	s->s_op = &minix_sops;
>  	s->s_time_min = 0;
> -- 
> 
> Let me know and if it's OK I will submit it again (that is the right procedure,
> correct?)

Yes, these changes look good to me and yes, please create a properly
formatted patch with changelogs and all and submit it again.

								Honza
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ