From: Christoph Hellwig <hch@infradead.org>
To: Raphael Pinsonneault-Thibeault <rpthibeault@gmail.com>
Cc: cem@kernel.org, djwong@kernel.org, chandanbabu@kernel.org,
bfoster@redhat.com, linux-xfs@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-kernel-mentees@lists.linux.dev, skhan@linuxfoundation.org,
syzbot+9f6d080dece587cfdd4c@syzkaller.appspotmail.com
Subject: Re: [PATCH] xfs: ensure log recovery buffer is resized to avoid OOB
Date: Wed, 12 Nov 2025 07:28:03 -0800 [thread overview]
Message-ID: <aRSng1I6l1f7l7EB@infradead.org> (raw)
In-Reply-To: <20251112141032.2000891-3-rpthibeault@gmail.com>
On Wed, Nov 12, 2025 at 09:10:34AM -0500, Raphael Pinsonneault-Thibeault wrote:
> Fix by removing the check for xlog_rec_header h_version, since the code
> is already within the if(xfs_has_logv2) path. The CRC checksum will
> reject the bad record anyway, this fix is to ensure we can read the
> entire buffer without an OOB.
Thanks for the fix and the very detailed commit message explaining
the logic. I think this should work, but I suspect the better fix
would be to just reject the mount for
h_size > XLOG_HEADER_CYCLE_SIZE && !XLOG_VERSION_2
because the larger h_size can't work for v1 logs, and the log stripe
unit adjustment is also a v2 feature, so it really should not have
been applied even accidentally in mkfs.
> Can xfs_has_logv2() and xlog_rec_header h_version ever disagree?
They should not, but I'm pretty sure if we give syzbot enough time
it'll craft an image doing that :) So we better add sanity checks
for that now.
next prev parent reply other threads:[~2025-11-12 15:28 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-12 14:10 [PATCH] xfs: ensure log recovery buffer is resized to avoid OOB Raphael Pinsonneault-Thibeault
2025-11-12 15:28 ` Christoph Hellwig [this message]
2025-11-12 18:18 ` [PATCH] xfs: reject log records with v2 size but v1 header version " Raphael Pinsonneault-Thibeault
2025-11-12 18:45 ` Darrick J. Wong
2025-11-13 6:55 ` Christoph Hellwig
2025-11-12 22:19 ` [PATCH] xfs: ensure log recovery buffer is resized " Dave Chinner
2025-11-13 19:01 ` [PATCH v3] xfs: validate log record version against superblock log version Raphael Pinsonneault-Thibeault
2025-11-18 20:19 ` Dave Chinner
2025-11-19 15:37 ` [PATCH v4] " Raphael Pinsonneault-Thibeault
2025-11-19 20:16 ` Dave Chinner
2025-11-20 6:57 ` Christoph Hellwig
2025-11-24 17:47 ` [PATCH v5] " Raphael Pinsonneault-Thibeault
2025-11-24 18:52 ` Darrick J. Wong
2025-11-25 6:31 ` Christoph Hellwig
2025-11-25 17:06 ` Darrick J. Wong
2025-11-25 6:31 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aRSng1I6l1f7l7EB@infradead.org \
--to=hch@infradead.org \
--cc=bfoster@redhat.com \
--cc=cem@kernel.org \
--cc=chandanbabu@kernel.org \
--cc=djwong@kernel.org \
--cc=linux-kernel-mentees@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=rpthibeault@gmail.com \
--cc=skhan@linuxfoundation.org \
--cc=syzbot+9f6d080dece587cfdd4c@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.