* A list of HFS+ kernel module bugs found in 4.18
@ 2018-06-27 4:12 Wen Xu
[not found] ` <4BDF1324-8B60-4172-9743-35FC4F6877DC@gatech.edu>
0 siblings, 1 reply; 4+ messages in thread
From: Wen Xu @ 2018-06-27 4:12 UTC (permalink / raw)
To: linux-fsdevel
Hi all,
Here are a list of bugs found in HFS+ filesystem by fuzzing. You can get the image and POC that cause kernel panic
in the following links:
200299 Kernel panic because mount() hfsplus image does not always return correct value
https://bugzilla.kernel.org/show_bug.cgi?id=200299
200297 Kernel panic in hfsplus_lookup() when open a file in a corrupted hfs+ filesystem
https://bugzilla.kernel.org/show_bug.cgi?id=200297
200295 BUG() in hfsplus_create_attributes_file() when calling setxattr()
https://bugzilla.kernel.org/show_bug.cgi?id=200295
200293 Out-of-bound access in hfsplus_bnode_read()
https://bugzilla.kernel.org/show_bug.cgi?id=200293
200291 Kernel panic when invoking setxattr() on a hfs+ image
https://bugzilla.kernel.org/show_bug.cgi?id=200291
200289 Kernel panic when calling setxattr() on a corrupted hfs+ image
https://bugzilla.kernel.org/show_bug.cgi?id=200289
200287 Out-of-bound access in hfsplus_bnode_copy() when calling setxattr() on a corrupted hfs+ image
https://bugzilla.kernel.org/show_bug.cgi?id=200287
200285 Out-of-bound access in hfsplus_bmap_alloc() when calling setxattr() on a corrupted hfs+ image
https://bugzilla.kernel.org/show_bug.cgi?id=200285
I would like to provide any further help to analyze the crashes and fix the bugs. I am also willing to test the patches.
Thanks,
Wen
^ permalink raw reply [flat|nested] 4+ messages in thread[parent not found: <4BDF1324-8B60-4172-9743-35FC4F6877DC@gatech.edu>]
* Re: A list of HFS+ kernel module bugs found in 4.18 [not found] ` <4BDF1324-8B60-4172-9743-35FC4F6877DC@gatech.edu> @ 2018-07-10 22:33 ` Ernesto A. Fernández 2018-07-22 15:24 ` Xu, Wen 0 siblings, 1 reply; 4+ messages in thread From: Ernesto A. Fernández @ 2018-07-10 22:33 UTC (permalink / raw) To: Xu, Wen; +Cc: linux-fsdevel Hi, thanks for the reports: On Tue, Jul 10, 2018 at 08:12:35PM +0000, Xu, Wen wrote: > Hi Ernesto, > > I reported the following bugs weeks before but did not get and respond. I saw you commit patches for HFS+, so could you > please take a look on these issue? > > Here are a list of bugs found in HFS+ filesystem by fuzzing. You can get the image and POC that cause kernel panic > in the following links: > > 200299 Kernel panic because mount() hfsplus image does not always return correct value > https://bugzilla.kernel.org/show_bug.cgi?id=200299 This was also found by syzbot a couple of months ago. It's already fixed in the -mm tree if you want to test it. > 200297 Kernel panic in hfsplus_lookup() when open a file in a corrupted hfs+ filesystem > https://bugzilla.kernel.org/show_bug.cgi?id=200297 > > 200293 Out-of-bound access in hfsplus_bnode_read() > https://bugzilla.kernel.org/show_bug.cgi?id=200293 I'll try to fix these two and get back to you. It may take a couple of days. > 200295 BUG() in hfsplus_create_attributes_file() when calling setxattr() > https://bugzilla.kernel.org/show_bug.cgi?id=200295 > > 200291 Kernel panic when invoking setxattr() on a hfs+ image > https://bugzilla.kernel.org/show_bug.cgi?id=200291 > > 200289 Kernel panic when calling setxattr() on a corrupted hfs+ image > https://bugzilla.kernel.org/show_bug.cgi?id=200289 > > 200287 Out-of-bound access in hfsplus_bnode_copy() when calling setxattr() on a corrupted hfs+ image > https://bugzilla.kernel.org/show_bug.cgi?id=200287 > > 200285 Out-of-bound access in hfsplus_bmap_alloc() when calling setxattr() on a corrupted hfs+ image > https://bugzilla.kernel.org/show_bug.cgi?id=200285 The xattr implementation is a mess. I found many bugs myself just by attempting to use it. I will take a look, but I can't promise to be able to help. If it was up to me I would much rather get rid of xattr support entirely, although I suppose somebody might be using it. Ernest > I would like to provide any further help to analyze the crashes and fix the bugs. I am also willing to test the patches. > > Thanks, > Wen ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: A list of HFS+ kernel module bugs found in 4.18 2018-07-10 22:33 ` Ernesto A. Fernández @ 2018-07-22 15:24 ` Xu, Wen 2018-07-22 16:21 ` Ernesto A. Fernández 0 siblings, 1 reply; 4+ messages in thread From: Xu, Wen @ 2018-07-22 15:24 UTC (permalink / raw) To: Ernesto A. Fernández; +Cc: linux-fsdevel@vger.kernel.org Hi Ernesto, I checked the patch for 200297 Kernel panic in hfsplus_lookup() when open a file in a corrupted hfs+ filesystem https://bugzilla.kernel.org/show_bug.cgi?id=200297 Is 200293 Out-of-bound access in hfsplus_bnode_read() https://bugzilla.kernel.org/show_bug.cgi?id=200293 Also handled with any patch? Thanks, Wen > On Jul 10, 2018, at 6:33 PM, Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com> wrote: > > Hi, thanks for the reports: > > On Tue, Jul 10, 2018 at 08:12:35PM +0000, Xu, Wen wrote: >> Hi Ernesto, >> >> I reported the following bugs weeks before but did not get and respond. I saw you commit patches for HFS+, so could you >> please take a look on these issue? >> >> Here are a list of bugs found in HFS+ filesystem by fuzzing. You can get the image and POC that cause kernel panic >> in the following links: >> >> 200299 Kernel panic because mount() hfsplus image does not always return correct value >> https://bugzilla.kernel.org/show_bug.cgi?id=200299 > > This was also found by syzbot a couple of months ago. It's already fixed > in the -mm tree if you want to test it. > >> 200297 Kernel panic in hfsplus_lookup() when open a file in a corrupted hfs+ filesystem >> https://bugzilla.kernel.org/show_bug.cgi?id=200297 >> >> 200293 Out-of-bound access in hfsplus_bnode_read() >> https://bugzilla.kernel.org/show_bug.cgi?id=200293 > > I'll try to fix these two and get back to you. It may take a couple of days. > >> 200295 BUG() in hfsplus_create_attributes_file() when calling setxattr() >> https://bugzilla.kernel.org/show_bug.cgi?id=200295 >> >> 200291 Kernel panic when invoking setxattr() on a hfs+ image >> https://bugzilla.kernel.org/show_bug.cgi?id=200291 >> >> 200289 Kernel panic when calling setxattr() on a corrupted hfs+ image >> https://bugzilla.kernel.org/show_bug.cgi?id=200289 >> >> 200287 Out-of-bound access in hfsplus_bnode_copy() when calling setxattr() on a corrupted hfs+ image >> https://bugzilla.kernel.org/show_bug.cgi?id=200287 >> >> 200285 Out-of-bound access in hfsplus_bmap_alloc() when calling setxattr() on a corrupted hfs+ image >> https://bugzilla.kernel.org/show_bug.cgi?id=200285 > > The xattr implementation is a mess. I found many bugs myself just by > attempting to use it. I will take a look, but I can't promise to be able > to help. If it was up to me I would much rather get rid of xattr support > entirely, although I suppose somebody might be using it. > > Ernest > >> I would like to provide any further help to analyze the crashes and fix the bugs. I am also willing to test the patches. >> >> Thanks, >> Wen ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: A list of HFS+ kernel module bugs found in 4.18 2018-07-22 15:24 ` Xu, Wen @ 2018-07-22 16:21 ` Ernesto A. Fernández 0 siblings, 0 replies; 4+ messages in thread From: Ernesto A. Fernández @ 2018-07-22 16:21 UTC (permalink / raw) To: Xu, Wen; +Cc: linux-fsdevel@vger.kernel.org On Sun, Jul 22, 2018 at 03:24:00PM +0000, Xu, Wen wrote: > Hi Ernesto, > > I checked the patch for > 200297 Kernel panic in hfsplus_lookup() when open a file in a corrupted hfs+ filesystem > https://bugzilla.kernel.org/show_bug.cgi?id=200297 > > Is > > 200293 Out-of-bound access in hfsplus_bnode_read() > https://bugzilla.kernel.org/show_bug.cgi?id=200293 > > Also handled with any patch? Not yet, I'm afraid. As it turns out, that is also a bug in the xattr implementation. Fixing those will most likely require a big rewrite. Thanks, Ernest > > Thanks, > Wen > > > On Jul 10, 2018, at 6:33 PM, Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com> wrote: > > > > Hi, thanks for the reports: > > > > On Tue, Jul 10, 2018 at 08:12:35PM +0000, Xu, Wen wrote: > >> Hi Ernesto, > >> > >> I reported the following bugs weeks before but did not get and respond. I saw you commit patches for HFS+, so could you > >> please take a look on these issue? > >> > >> Here are a list of bugs found in HFS+ filesystem by fuzzing. You can get the image and POC that cause kernel panic > >> in the following links: > >> > >> 200299 Kernel panic because mount() hfsplus image does not always return correct value > >> https://bugzilla.kernel.org/show_bug.cgi?id=200299 > > > > This was also found by syzbot a couple of months ago. It's already fixed > > in the -mm tree if you want to test it. > > > >> 200297 Kernel panic in hfsplus_lookup() when open a file in a corrupted hfs+ filesystem > >> https://bugzilla.kernel.org/show_bug.cgi?id=200297 > >> > >> 200293 Out-of-bound access in hfsplus_bnode_read() > >> https://bugzilla.kernel.org/show_bug.cgi?id=200293 > > > > I'll try to fix these two and get back to you. It may take a couple of days. > > > >> 200295 BUG() in hfsplus_create_attributes_file() when calling setxattr() > >> https://bugzilla.kernel.org/show_bug.cgi?id=200295 > >> > >> 200291 Kernel panic when invoking setxattr() on a hfs+ image > >> https://bugzilla.kernel.org/show_bug.cgi?id=200291 > >> > >> 200289 Kernel panic when calling setxattr() on a corrupted hfs+ image > >> https://bugzilla.kernel.org/show_bug.cgi?id=200289 > >> > >> 200287 Out-of-bound access in hfsplus_bnode_copy() when calling setxattr() on a corrupted hfs+ image > >> https://bugzilla.kernel.org/show_bug.cgi?id=200287 > >> > >> 200285 Out-of-bound access in hfsplus_bmap_alloc() when calling setxattr() on a corrupted hfs+ image > >> https://bugzilla.kernel.org/show_bug.cgi?id=200285 > > > > The xattr implementation is a mess. I found many bugs myself just by > > attempting to use it. I will take a look, but I can't promise to be able > > to help. If it was up to me I would much rather get rid of xattr support > > entirely, although I suppose somebody might be using it. > > > > Ernest > > > >> I would like to provide any further help to analyze the crashes and fix the bugs. I am also willing to test the patches. > >> > >> Thanks, > >> Wen > ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-07-22 17:18 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-06-27 4:12 A list of HFS+ kernel module bugs found in 4.18 Wen Xu
[not found] ` <4BDF1324-8B60-4172-9743-35FC4F6877DC@gatech.edu>
2018-07-10 22:33 ` Ernesto A. Fernández
2018-07-22 15:24 ` Xu, Wen
2018-07-22 16:21 ` Ernesto A. Fernández
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).