From: "Darrick J. Wong" <djwong@kernel.org>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Jan Kara <jack@suse.cz>, Christian Brauner <brauner@kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org, Theodore Tso <tytso@mit.edu>,
Christoph Hellwig <hch@lst.de>,
Matthew Wilcox <willy@infradead.org>
Subject: Re: [PATCH] docs: add guidelines for submitting new filesystems
Date: Mon, 20 Apr 2026 11:34:26 -0700 [thread overview]
Message-ID: <20260420183426.GP7727@frogsfrogsfrogs> (raw)
In-Reply-To: <CAOQ4uxj1guVDXNrSmWUVS+6_meYPGBe8kBSDjfe8PkopTd79fA@mail.gmail.com>
On Mon, Apr 20, 2026 at 08:14:58PM +0200, Amir Goldstein wrote:
> On Mon, Apr 20, 2026 at 4:37 PM Jan Kara <jack@suse.cz> wrote:
> >
> > On Fri 17-04-26 16:25:03, Amir Goldstein wrote:
> > > + - Handle security issues promptly. Filesystems parse complex on-disk
> > > + structures from potentially untrusted media and must treat security
> > > + reports with urgency.
> >
> > I've commented on this in reply to Matthew. I agree syzbot results must be
> > reviewed and identified security issues treated in a timely manner. However
> > dealing with maliciously corrupted on-disk data isn't (IMO) a serious
> > attack vector. Even current well maintained filesystems (e.g. ext4 and
> > others) have some issues in this area so it seems unfair to ask this from a
> > new filesystem.
> >
>
> This is what I posted in v2:
>
> - Handle security issues promptly. Filesystems parse complex on-disk
> structures from potentially untrusted media and must treat security
> reports with urgency. Expect the filesystem to be subjected to fuzzing
> of both syscalls and filesystem images. The filesystem must handle
> corrupted input gracefully without hanging or crashing the kernel.
>
> Are you saying that ext4 and others do not react to crash reports from
> image fuzzing which result in crash/hang?
I think it's more that nearly every filesystem has severe resource
constraints w.r.t. developer time, so reports from automated fuzzers are
assigned idle priority.
> Can you suggest a more relaxed clause or should I remove it altogether?
I think that what you've got there is a good expectation. Each
filesystem implementation should have a mechanism to handle corruptions
with grace, and (presumably) new fuzz reports will result in patches
that use that graceful mechanism, whatever it is.
Anyone who wants specific response times to fuzzer reports can enter a
contract with a company or hire any of the many recently laid off
kernel people (or AISLOPFAFO) to provide SLA-like support.
--D
next prev parent reply other threads:[~2026-04-20 18:34 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-17 14:25 [PATCH] docs: add guidelines for submitting new filesystems Amir Goldstein
2026-04-17 15:36 ` Matthew Wilcox
2026-04-17 16:44 ` Amir Goldstein
2026-04-17 17:20 ` Jaegeuk Kim
2026-04-18 17:24 ` Amir Goldstein
2026-04-18 22:18 ` Jaegeuk Kim
2026-04-19 11:06 ` Amir Goldstein
2026-04-18 21:32 ` Matthew Wilcox
2026-04-19 11:03 ` Amir Goldstein
2026-04-20 8:15 ` Jan Kara
2026-04-20 8:32 ` Jan Kara
2026-04-20 18:14 ` Amir Goldstein
2026-04-20 18:34 ` Darrick J. Wong [this message]
2026-04-21 10:16 ` Jan Kara
2026-04-21 11:17 ` Amir Goldstein
2026-04-21 12:08 ` Jan Kara
2026-04-21 18:10 ` Darrick J. Wong
2026-04-21 19:42 ` Amir Goldstein
2026-04-21 20:15 ` Darrick J. Wong
2026-04-21 20:22 ` Amir Goldstein
2026-04-22 14:09 ` Theodore Tso
2026-04-22 14:35 ` Amir Goldstein
2026-04-22 15:50 ` Darrick J. Wong
2026-04-21 11:27 ` Christian Brauner
2026-04-21 11:45 ` Amir Goldstein
2026-04-22 8:50 ` Askar Safin
2026-04-22 9:02 ` Amir Goldstein
2026-04-22 12:35 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260420183426.GP7727@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=hch@lst.de \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox