From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.3 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B444EC3A589 for ; Sun, 18 Aug 2019 17:44:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 92BE02183E for ; Sun, 18 Aug 2019 17:44:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726925AbfHRRop (ORCPT ); Sun, 18 Aug 2019 13:44:45 -0400 Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:49458 "EHLO outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726247AbfHRRop (ORCPT ); Sun, 18 Aug 2019 13:44:45 -0400 Received: from callcc.thunk.org ([12.235.16.3]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x7IHhsaJ022921 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 18 Aug 2019 13:43:56 -0400 Received: by callcc.thunk.org (Postfix, from userid 15806) id 494464218EF; Sun, 18 Aug 2019 13:43:54 -0400 (EDT) Date: Sun, 18 Aug 2019 13:43:54 -0400 From: "Theodore Y. Ts'o" To: Christoph Hellwig Cc: Richard Weinberger , Greg Kroah-Hartman , Gao Xiang , Jan Kara , Chao Yu , Dave Chinner , David Sterba , Miao Xie , devel , Stephen Rothwell , Darrick , Amir Goldstein , linux-erofs , Al Viro , Jaegeuk Kim , linux-kernel , Li Guifu , Fang Wei , Pavel Machek , linux-fsdevel , Andrew Morton , torvalds Subject: Re: [PATCH] erofs: move erofs out of staging Message-ID: <20190818174354.GA12940@mit.edu> Mail-Followup-To: "Theodore Y. Ts'o" , Christoph Hellwig , Richard Weinberger , Greg Kroah-Hartman , Gao Xiang , Jan Kara , Chao Yu , Dave Chinner , David Sterba , Miao Xie , devel , Stephen Rothwell , Darrick , Amir Goldstein , linux-erofs , Al Viro , Jaegeuk Kim , linux-kernel , Li Guifu , Fang Wei , Pavel Machek , linux-fsdevel , Andrew Morton , torvalds References: <20190817220706.GA11443@hsiangkao-HP-ZHAN-66-Pro-G1> <1163995781.68824.1566084358245.JavaMail.zimbra@nod.at> <20190817233843.GA16991@hsiangkao-HP-ZHAN-66-Pro-G1> <1405781266.69008.1566116210649.JavaMail.zimbra@nod.at> <20190818084521.GA17909@hsiangkao-HP-ZHAN-66-Pro-G1> <1133002215.69049.1566119033047.JavaMail.zimbra@nod.at> <20190818090949.GA30276@kroah.com> <790210571.69061.1566120073465.JavaMail.zimbra@nod.at> <20190818151154.GA32157@mit.edu> <20190818155812.GB13230@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20190818155812.GB13230@infradead.org> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org On Sun, Aug 18, 2019 at 08:58:12AM -0700, Christoph Hellwig wrote: > On Sun, Aug 18, 2019 at 11:11:54AM -0400, Theodore Y. Ts'o wrote: > > Note that of the mainstream file systems, ext4 and xfs don't guarantee > > that it's safe to blindly take maliciously provided file systems, such > > as those provided by a untrusted container, and mount it on a file > > system without problems. As I recall, one of the XFS developers > > described file system fuzzing reports as a denial of service attack on > > the developers. > > I think this greatly misrepresents the general attitute of the XFS > developers. We take sanity checks for the modern v5 on disk format > very series, and put a lot of effort into handling corrupted file > systems as good as possible, although there are of course no guaranteeѕ. > > The quote that you've taken out of context is for the legacy v4 format > that has no checksums and other integrity features. Actually, what Prof. Kim's research group was doing was taking the latest file system formats (for ext4 and xfs) and fixing up the checksum after fuzzing the metadata blocks. The goal was to find potential security vulnerabilities, not to see if file systems would crash if fed invalid input. At least for ext4, at least one of Prof. Kim's fuzzing results was one that that I believe could have been leveraged into a stack overflow attack. I can't speak to his results with respect to XFS, since I didn't look at them. Cheers, - Ted