LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Gao Xiang <gaoxiang25@huawei.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	<swhiteho@redhat.com>, <john.johansen@canonical.com>,
	<alan.christopher.jenkins@gmail.com>, <ebiederm@redhat.com>,
	<linux-fsdevel@vger.kernel.org>,
	"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>
Subject: Re: [git pull] mount API series
Date: Sat, 3 Nov 2018 14:14:11 +0800	[thread overview]
Message-ID: <84b73e19-0a85-2408-7974-79300820270d@huawei.com> (raw)
In-Reply-To: <20181102194235.GA32577@ZenIV.linux.org.uk>

Hi Al,

On 2018/11/3 3:42, Al Viro wrote:
> On Fri, Nov 02, 2018 at 04:07:01AM +0000, Al Viro wrote:
>> On Thu, Nov 01, 2018 at 11:59:23PM +0000, David Howells wrote:
>>
>>>  (*) mount-api-core.  These are the internal-only patches that add the
>>>      fs_context, the legacy wrapper and the security hooks and make certain
>>>      filesystems make use of it.
>>
>> FWIW, while rereading that series I'd spotted something very odd in erofs.
>> It's orthogonal to everything else, but just to make sure it doesn't get
>> lost:
>> 	* sbi->dev_name thing in erofs is used only for debugging printks,
>> basically.  Just use sb->s_id[] and be done with that.
>> 	* dump struct erofs_mount_private - you don't need dev_name in
>> your erofs_fill_super().  Just use mount_bdev() in usual fashion.
>> 	* what the hell are you doing with ->s_root???  Why would you
>> possibly want it hashed and what kind of dcache lookup could find it?
>> That d_rehash() looks deeply confused; what are you trying to do there?
> 
> ... and while we are at it, what happens to
>                 unsigned int nameoff = le16_to_cpu(de[mid].nameoff);
>                 unsigned int matched = min(startprfx, endprfx);
> 
>                 struct qstr dname = QSTR_INIT(data + nameoff,
>                         unlikely(mid >= ndirents - 1) ?
>                                 maxsize - nameoff :
>                                 le16_to_cpu(de[mid + 1].nameoff) - nameoff);
> 
>                 /* string comparison without already matched prefix */
>                 int ret = dirnamecmp(name, &dname, &matched);
> if le16_to_cpu(de[...].nameoff) is not monotonically increasing?  I.e.
> what's to prevent e.g. (unsigned)-1 ending up in dname.len?
> 
> Corrupted fs image shouldn't oops the kernel...

Yes, thanks for pointing out. :)
I will add more boundary check later before moving into fs/ directory...
erofs now is under dm-verity for our HUAWEI mobile phone, so it doesn't be corruptted.

I will add more checks and meta checksum later after EROFS productization successfully... :)

Thanks,
Gao Xiang
> 

  reply	other threads:[~2018-11-03  6:15 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-10-31  5:33 Al Viro
2018-10-31 15:38 ` Eric W. Biederman
2018-10-31 16:18   ` Eric W. Biederman
2018-10-31 16:36   ` Al Viro
2018-11-01 16:51     ` Al Viro
2018-11-10 14:19   ` Steven Whitehouse
2018-11-12  2:07     ` Eric W. Biederman
2018-11-12 20:54       ` Al Viro
2018-12-17 23:10         ` Al Viro
2018-12-21 16:25           ` Eric W. Biederman
2018-10-31 16:18 ` Linus Torvalds
2018-11-01 10:53   ` Steven Whitehouse
2018-11-01 15:57     ` Linus Torvalds
2018-11-01 17:18     ` David Howells
2018-11-01 18:33       ` Linus Torvalds
2018-11-01 22:05         ` Al Viro
2018-11-01 22:07           ` Linus Torvalds
2018-11-01 23:59       ` David Howells
2018-11-02  4:07         ` Al Viro
2018-11-02 19:42           ` Al Viro
2018-11-03  6:14             ` Gao Xiang [this message]
2018-11-03  6:30           ` Gao Xiang
2018-10-31 18:39 ` David Howells
2018-10-31 20:49   ` Miklos Szeredi
2018-10-31 18:45 ` [PATCH] vfs: Fix incorrect user_ns assignment in proc and mqueue David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=84b73e19-0a85-2408-7974-79300820270d@huawei.com \
    --to=gaoxiang25@huawei.com \
    --cc=alan.christopher.jenkins@gmail.com \
    --cc=ebiederm@redhat.com \
    --cc=john.johansen@canonical.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=swhiteho@redhat.com \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@ZenIV.linux.org.uk \
    --subject='Re: [git pull] mount API series' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).