From: "Ernesto A. Fernández" <ernesto.mnd.fernandez@gmail.com>
To: "Xu, Wen" <wen.xu@gatech.edu>
Cc: linux-fsdevel@vger.kernel.org
Subject: Re: A list of HFS+ kernel module bugs found in 4.18
Date: Tue, 10 Jul 2018 19:33:57 -0300 [thread overview]
Message-ID: <20180710223355.5tcnxpz52str2mrq@eaf> (raw)
In-Reply-To: <4BDF1324-8B60-4172-9743-35FC4F6877DC@gatech.edu>
Hi, thanks for the reports:
On Tue, Jul 10, 2018 at 08:12:35PM +0000, Xu, Wen wrote:
> Hi Ernesto,
>
> I reported the following bugs weeks before but did not get and respond. I saw you commit patches for HFS+, so could you
> please take a look on these issue?
>
> Here are a list of bugs found in HFS+ filesystem by fuzzing. You can get the image and POC that cause kernel panic
> in the following links:
>
> 200299 Kernel panic because mount() hfsplus image does not always return correct value
> https://bugzilla.kernel.org/show_bug.cgi?id=200299
This was also found by syzbot a couple of months ago. It's already fixed
in the -mm tree if you want to test it.
> 200297 Kernel panic in hfsplus_lookup() when open a file in a corrupted hfs+ filesystem
> https://bugzilla.kernel.org/show_bug.cgi?id=200297
>
> 200293 Out-of-bound access in hfsplus_bnode_read()
> https://bugzilla.kernel.org/show_bug.cgi?id=200293
I'll try to fix these two and get back to you. It may take a couple of days.
> 200295 BUG() in hfsplus_create_attributes_file() when calling setxattr()
> https://bugzilla.kernel.org/show_bug.cgi?id=200295
>
> 200291 Kernel panic when invoking setxattr() on a hfs+ image
> https://bugzilla.kernel.org/show_bug.cgi?id=200291
>
> 200289 Kernel panic when calling setxattr() on a corrupted hfs+ image
> https://bugzilla.kernel.org/show_bug.cgi?id=200289
>
> 200287 Out-of-bound access in hfsplus_bnode_copy() when calling setxattr() on a corrupted hfs+ image
> https://bugzilla.kernel.org/show_bug.cgi?id=200287
>
> 200285 Out-of-bound access in hfsplus_bmap_alloc() when calling setxattr() on a corrupted hfs+ image
> https://bugzilla.kernel.org/show_bug.cgi?id=200285
The xattr implementation is a mess. I found many bugs myself just by
attempting to use it. I will take a look, but I can't promise to be able
to help. If it was up to me I would much rather get rid of xattr support
entirely, although I suppose somebody might be using it.
Ernest
> I would like to provide any further help to analyze the crashes and fix the bugs. I am also willing to test the patches.
>
> Thanks,
> Wen
next prev parent reply other threads:[~2018-07-10 22:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-27 4:12 A list of HFS+ kernel module bugs found in 4.18 Wen Xu
[not found] ` <4BDF1324-8B60-4172-9743-35FC4F6877DC@gatech.edu>
2018-07-10 22:33 ` Ernesto A. Fernández [this message]
2018-07-22 15:24 ` Xu, Wen
2018-07-22 16:21 ` Ernesto A. Fernández
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180710223355.5tcnxpz52str2mrq@eaf \
--to=ernesto.mnd.fernandez@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=wen.xu@gatech.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).