From: David Maximiliano Hermitte <davemadmaxxx@gmail.com>
To: Viacheslav Dubeyko <slava@dubeyko.com>
Cc: Jori Koolstra <jkoolstra@xs4all.nl>,
George Anthony Vernon <contact@gvernon.com>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
Yangtao Li <frank.li@vivo.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
syzbot+97e301b4b82ae803d21b@syzkaller.appspotmail.com
Subject: Re: [PATCH v3 RESEND] hfs: validate catalog CNIDs before instantiating inodes
Date: Tue, 7 Jul 2026 21:38:34 +0000 [thread overview]
Message-ID: <20260707213834.431563-1-davemadmaxxx@gmail.com> (raw)
Hi Slava,
Thank you for the review.
Yes, I agree that the initial length validation can be simplified to:
rec_len = fd->entrylength;
if (rec_len <= 0 || rec_len > sizeof(rec))
return -EIO;
I also agree that, for the fixed-size file and directory catalog records,
the checks should require the exact record size:
rec_len != sizeof(struct hfs_cat_file)
and:
rec_len != sizeof(struct hfs_cat_dir)
Regarding hfs_write_inode(), I intentionally left it unchanged because
the patch was trying to reject invalid CNIDs at the catalog lookup and
inode-instantiation boundaries, before a corrupted inode could reach
writeback.
However, I agree that an additional validation there may be useful as
defense in depth. Would you prefer hfs_is_valid_cnid() to be checked in
hfs_write_inode() as well, and should that check precede the existing
BUG path while otherwise leaving its behavior unchanged?
I will prepare the next revision after your guidance on that point.
Thanks,
David
next reply other threads:[~2026-07-07 21:38 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-07 21:38 David Maximiliano Hermitte [this message]
2026-07-07 22:01 ` [PATCH v3 RESEND] hfs: validate catalog CNIDs before instantiating inodes Tetsuo Handa
-- strict thread matches above, loose matches on Subject: below --
2026-07-02 18:38 [PATCH] " David Maximiliano Hermitte
2026-07-06 9:59 ` [PATCH v3 RESEND] " David Maximiliano Hermitte
2026-07-07 20:02 ` Viacheslav Dubeyko
[not found] ` <CADy8qZgo3rKwUiPr60tzPhaisMy7R71vjTtPi7+jEXgcarihRw@mail.gmail.com>
2026-07-07 21:44 ` Viacheslav Dubeyko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260707213834.431563-1-davemadmaxxx@gmail.com \
--to=davemadmaxxx@gmail.com \
--cc=contact@gvernon.com \
--cc=frank.li@vivo.com \
--cc=glaubitz@physik.fu-berlin.de \
--cc=jkoolstra@xs4all.nl \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=slava@dubeyko.com \
--cc=syzbot+97e301b4b82ae803d21b@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox