lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260116092833.GB21396@lst.de>
Date: Fri, 16 Jan 2026 10:28:33 +0100
From: Christoph Hellwig <hch@....de>
To: Namjae Jeon <linkinjeon@...nel.org>
Cc: viro@...iv.linux.org.uk, brauner@...nel.org, hch@....de, tytso@....edu,
	willy@...radead.org, jack@...e.cz, djwong@...nel.org,
	josef@...icpanda.com, sandeen@...deen.net, rgoldwyn@...e.com,
	xiang@...nel.org, dsterba@...e.com, pali@...nel.org,
	ebiggers@...nel.org, neil@...wn.name, amir73il@...il.com,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	iamjoonsoo.kim@....com, cheol.lee@....com, jay.sim@....com,
	gunho.lee@....com
Subject: Re: [PATCH v5 11/14] ntfs: update misc operations

On Sun, Jan 11, 2026 at 11:03:41PM +0900, Namjae Jeon wrote:
> +	if ((data1_len != data2_len) || (data1_len <= 0) || (data1_len & 3)) {

Nit: all the inner braces are superfluous.

Also why allow passing negative values at all and not pass unsigned
length values?

> +		ntfs_error(vol->sb, "data1_len or data2_len not valid\n");
> +		return -1;
> +	}
> +
> +	p1 = (const __le32 *)data1;
> +	p2 = (const __le32 *)data2;
> +	len = data1_len;

I don't think any of these casts is needed.  Also the variables could
easily be initialized at declaration time.

> +	do {
> +		d1 = le32_to_cpup(p1);
> +		p1++;
> +		d2 = le32_to_cpup(p2);
> +		p2++;
> +	} while ((d1 == d2) && ((len -= 4) > 0));

More superfluous races.

> +	if (d1 < d2)
> +		rc = -1;
>
> +	else {
> +		if (d1 == d2)
> +			rc = 0;
> +		else
> +			rc = 1;
> +	}
> +	ntfs_debug("Done, returning %i.", rc);
> +	return rc;

Just return directly using cmp_int() and skip the very verbose debugging?

	return cmp_int(d1, d2);

> +/**
> + * ntfs_collate_file_name - Which of two filenames should be listed first
> + */
> +static int ntfs_collate_file_name(struct ntfs_volume *vol,
> +		const void *data1, const int __always_unused data1_len,
> +		const void *data2, const int __always_unused data2_len)

Do we need these annotations for indirectly called callbacks now?

> +	if (cr != COLLATION_BINARY && cr != COLLATION_NTOFS_ULONG &&
> +	    cr != COLLATION_FILE_NAME && cr != COLLATION_NTOFS_ULONGS)
> +		return -EINVAL;

Turn this into a switch to make it more obvious?

> +
>  	i = le32_to_cpu(cr);
> -	BUG_ON(i < 0);
> +	if (i < 0)
> +		return -1;
>  	if (i <= 0x02)
>  		return ntfs_do_collate0x0[i](vol, data1, data1_len,
>  				data2, data2_len);
> -	BUG_ON(i < 0x10);
> +	if (i < 0x10)
> +		return -1;
>  	i -= 0x10;
>  	if (likely(i <= 3))
>  		return ntfs_do_collate0x1[i](vol, data1, data1_len,
>  				data2, data2_len);
> -	BUG();

.. and then maybe use the switch to untangle this as well, which
smells like just a bit too much deep magic..

> -void __ntfs_error(const char *function, const struct super_block *sb,
> +void __ntfs_error(const char *function, struct super_block *sb,

Why does this drop the const?

> +#ifndef DEBUG
> +	if (sb)
> +		pr_err_ratelimited("(device %s): %s(): %pV\n",
> +		       sb->s_id, flen ? function : "", &vaf);
> +	else
> +		pr_err_ratelimited("%s(): %pV\n", flen ? function : "", &vaf);
> +#else
>  	if (sb)
>  		pr_err("(device %s): %s(): %pV\n",
>  		       sb->s_id, flen ? function : "", &vaf);
>  	else
>  		pr_err("%s(): %pV\n", flen ? function : "", &vaf);
> +#endif

Usually if you have cpp conditions with an else, I'd use ifdef instead
of the negated version.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ