From: George Anthony Vernon <contact@gvernon.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Viacheslav Dubeyko <slava@dubeyko.com>,
Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>,
"glaubitz@physik.fu-berlin.de" <glaubitz@physik.fu-berlin.de>,
"frank.li@vivo.com" <frank.li@vivo.com>,
"skhan@linuxfoundation.org" <skhan@linuxfoundation.org>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"linux-kernel-mentees@lists.linux.dev"
<linux-kernel-mentees@lists.linux.dev>,
"syzbot+97e301b4b82ae803d21b@syzkaller.appspotmail.com"
<syzbot+97e301b4b82ae803d21b@syzkaller.appspotmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] hfs: Validate CNIDs in hfs_read_inode
Date: Wed, 29 Oct 2025 03:20:37 +0000 [thread overview]
Message-ID: <aQGIBSZkIWr4Ym7I@Bertha> (raw)
In-Reply-To: <559c331f-4838-49fb-95aa-2d1498c8a41e@I-love.SAKURA.ne.jp>
Hi Tetsuo,
On Thu, Oct 09, 2025 at 09:57:33PM +0900, Tetsuo Handa wrote:
> I found this patch. Please CC: me when posting V2.
Sorry I forgot to CC you last time :)
> I'm not suggesting this change. Therefore, Cc: might match.
Sure, I have added a CC tag for you in V2 which I'm currently testing.
> further sanity check). Unless
>
> >>>
> >>>> +{
> >>>> + if (likely(cnid >= HFS_FIRSTUSER_CNID))
> >>>> + return true;
> >>>> +
> >>>> + switch (cnid) {
> >>>> + case HFS_POR_CNID:
>
> we disable HFS_POR_CNID case (which I guess it is wrong to do so),
> we shall hit BUG() in hfs_write_inode().
>
> >>>> + case HFS_ROOT_CNID:
> >>>> + return type == HFS_CDR_DIR;
> >>>> + case HFS_EXT_CNID:
> >>>> + case HFS_CAT_CNID:
> >>>> + case HFS_BAD_CNID:
> >>>> + case HFS_EXCH_CNID:
> >>>> + return type == HFS_CDR_FIL;
> >>>> + default:
> >>>> + return false;
> >>>
>
> I think that removing this BUG() now is wrong.
I think HFS_POR_CNID case should be disallowed. There is no real
underlying file with that CNID. If we ever found a record with that CNID
it would mean the filesystem image was broken, and if we ever try to
write a record with that CNID, it means we screwed up.
> Without my patch, the inode number of the record retrieved as a
> result of hfs_cat_find_brec(HFS_ROOT_CNID) can be HFS_POR_CNID or
> greater than HFS_FIRSTUSER_CNID, which I think is a logical error
> in the filesystem image.
>
> Your patch is incomplete. Please also apply my patch.
>
I agree your check is good to catch root inode's i_ino > 15 (is this
reachable?) and I'd like to add it. Would you be happy if I make a
2-part patch series with your patch second, keeping your sign-off on it?
Thanks,
George
next prev parent reply other threads:[~2025-10-29 3:20 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-03 2:45 [PATCH] hfs: Validate CNIDs in hfs_read_inode George Anthony Vernon
2025-10-03 22:40 ` Viacheslav Dubeyko
2025-10-04 1:25 ` George Anthony Vernon
2025-10-07 13:40 ` Viacheslav Dubeyko
2025-10-09 12:57 ` Tetsuo Handa
2025-10-29 3:20 ` George Anthony Vernon [this message]
2025-10-29 10:06 ` Tetsuo Handa
2025-11-04 1:47 ` [PATCH v2 0/2] hfs: Validate CNIDs read from filesystem George Anthony Vernon
2025-11-04 1:47 ` [PATCH v2 1/2] hfs: Validate CNIDs in hfs_read_inode George Anthony Vernon
2025-11-04 22:34 ` Viacheslav Dubeyko
2025-11-11 0:00 ` George Anthony Vernon
2025-11-11 0:48 ` Viacheslav Dubeyko
2025-11-24 22:33 ` George Anthony Vernon
2025-11-25 19:02 ` Viacheslav Dubeyko
2025-11-11 14:39 ` Tetsuo Handa
2025-11-11 22:42 ` Viacheslav Dubeyko
2025-11-24 23:46 ` George Anthony Vernon
2025-11-25 19:15 ` Viacheslav Dubeyko
2025-11-30 10:07 ` Tetsuo Handa
2026-01-06 10:21 ` Tetsuo Handa
2026-02-11 12:54 ` Tetsuo Handa
2026-02-18 13:28 ` [PATCH v6] hfs: update sanity check of the root record Tetsuo Handa
2026-02-18 22:13 ` Viacheslav Dubeyko
2026-02-27 0:39 ` [PATCH v2 1/2] hfs: Validate CNIDs in hfs_read_inode George Anthony Vernon
2025-11-04 1:47 ` [PATCH v2 2/2] hfs: Update sanity check of the root record George Anthony Vernon
2025-11-04 23:01 ` Viacheslav Dubeyko
2025-11-10 23:03 ` George Anthony Vernon
2025-11-10 23:34 ` Viacheslav Dubeyko
2025-11-11 0:23 ` George Anthony Vernon
2025-11-11 0:34 ` Viacheslav Dubeyko
2025-11-24 22:56 ` George Anthony Vernon
2025-11-11 14:26 ` Tetsuo Handa
2025-11-11 22:56 ` Viacheslav Dubeyko
2025-11-14 14:18 ` Tetsuo Handa
2025-11-14 21:00 ` Viacheslav Dubeyko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aQGIBSZkIWr4Ym7I@Bertha \
--to=contact@gvernon.com \
--cc=Slava.Dubeyko@ibm.com \
--cc=frank.li@vivo.com \
--cc=glaubitz@physik.fu-berlin.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel-mentees@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=skhan@linuxfoundation.org \
--cc=slava@dubeyko.com \
--cc=syzbot+97e301b4b82ae803d21b@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.