Linux filesystem development
 help / color / mirror / Atom feed
From: David Maximiliano Hermitte <davemadmaxxx@gmail.com>
To: Viacheslav Dubeyko <slava@dubeyko.com>
Cc: Jori Koolstra <jkoolstra@xs4all.nl>,
	George Anthony Vernon <contact@gvernon.com>,
	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
	John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
	Yangtao Li <frank.li@vivo.com>,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+97e301b4b82ae803d21b@syzkaller.appspotmail.com
Subject: Re: [PATCH v3 RESEND] hfs: validate catalog CNIDs before instantiating inodes
Date: Tue,  7 Jul 2026 21:38:34 +0000	[thread overview]
Message-ID: <20260707213834.431563-1-davemadmaxxx@gmail.com> (raw)

Hi Slava,

Thank you for the review.

Yes, I agree that the initial length validation can be simplified to:

        rec_len = fd->entrylength;
        if (rec_len <= 0 || rec_len > sizeof(rec))
                return -EIO;

I also agree that, for the fixed-size file and directory catalog records,
the checks should require the exact record size:

        rec_len != sizeof(struct hfs_cat_file)

and:

        rec_len != sizeof(struct hfs_cat_dir)

Regarding hfs_write_inode(), I intentionally left it unchanged because
the patch was trying to reject invalid CNIDs at the catalog lookup and
inode-instantiation boundaries, before a corrupted inode could reach
writeback.

However, I agree that an additional validation there may be useful as
defense in depth. Would you prefer hfs_is_valid_cnid() to be checked in
hfs_write_inode() as well, and should that check precede the existing
BUG path while otherwise leaving its behavior unchanged?

I will prepare the next revision after your guidance on that point.

Thanks,
David

             reply	other threads:[~2026-07-07 21:38 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-07 21:38 David Maximiliano Hermitte [this message]
2026-07-07 22:01 ` [PATCH v3 RESEND] hfs: validate catalog CNIDs before instantiating inodes Tetsuo Handa
  -- strict thread matches above, loose matches on Subject: below --
2026-07-02 18:38 [PATCH] " David Maximiliano Hermitte
2026-07-06  9:59 ` [PATCH v3 RESEND] " David Maximiliano Hermitte
2026-07-07 20:02   ` Viacheslav Dubeyko
     [not found]     ` <CADy8qZgo3rKwUiPr60tzPhaisMy7R71vjTtPi7+jEXgcarihRw@mail.gmail.com>
2026-07-07 21:44       ` Viacheslav Dubeyko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260707213834.431563-1-davemadmaxxx@gmail.com \
    --to=davemadmaxxx@gmail.com \
    --cc=contact@gvernon.com \
    --cc=frank.li@vivo.com \
    --cc=glaubitz@physik.fu-berlin.de \
    --cc=jkoolstra@xs4all.nl \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=penguin-kernel@I-love.SAKURA.ne.jp \
    --cc=slava@dubeyko.com \
    --cc=syzbot+97e301b4b82ae803d21b@syzkaller.appspotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox