From: Matthew Wilcox <willy@infradead.org>
To: Andreas Dilger <adilger@dilger.ca>
Cc: linux-ext4 <linux-ext4@vger.kernel.org>,
Tiezhu Yang <yangtiezhu@loongson.cn>,
"Theodore Y. Ts'o" <tytso@mit.edu>, Chao Yu <yuchao0@huawei.com>,
linux-fscrypt@vger.kernel.org,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH v4] fs: introduce is_dot_or_dotdot helper for cleanup
Date: Tue, 28 Jan 2020 23:36:30 -0800 [thread overview]
Message-ID: <20200129073630.GF6615@bombadil.infradead.org> (raw)
In-Reply-To: <1901841E-AE43-4AE2-B8F0-8F745B00664F@dilger.ca>
On Tue, Jan 28, 2020 at 06:23:18PM -0700, Andreas Dilger wrote:
> On Jan 28, 2020, at 3:11 PM, Matthew Wilcox <willy@infradead.org> wrote:
> > I've tried to get Ted's opinion on this a few times with radio silence.
> > Or email is broken. Anyone else care to offer an opinion?
>
> Maybe I'm missing something, but I think the discussion of the len == 0
> case is now moot, since PATCH v6 (which is the latest version that I can
> find) is checking for "len >= 1" before accessing name[0]:
Regardless of _this_ patch, the question is "Should ext4 be checking
for filenames of zero length and reporting -EUCLEAN if it finds any?"
I believe the answer is yes, since it's clearly a corrupted filesystem,
but I may be missing something.
Thanks for your reply.
> >> fscrypt_get_symlink():
> >> if (cstr.len == 0)
> >> return ERR_PTR(-EUCLEAN);
> >> ext4_readdir():
> >> Does not currently check de->name_len. I believe this check should
> >> be added to __ext4_check_dir_entry() because a zero-length directory
> >> entry can affect both encrypted and non-encrypted directory entries.
> >> dx_show_leaf():
> >> Same as ext4_readdir(). Should probably call ext4_check_dir_entry()?
> >> htree_dirblock_to_tree():
> >> Would be covered by a fix to ext4_check_dir_entry().
> >> f2fs_fill_dentries():
> >> if (de->name_len == 0) {
> >> ...
> >> ubifs_readdir():
> >> Does not currently check de->name_len. Also affects non-encrypted
> >> directory entries.
> >>
> >> So of the six callers, two of them already check the dirent length for
> >> being zero, and four of them ought to anyway, but don't. I think they
> >> should be fixed, but clearly we don't historically check for this kind
> >> of data corruption (strangely), so I don't think that's a reason to hold
> >> up this patch until the individual filesystems are fixed.
next prev parent reply other threads:[~2020-01-29 7:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200128221112.GA30200@bombadil.infradead.org>
2020-01-29 1:23 ` [PATCH v4] fs: introduce is_dot_or_dotdot helper for cleanup Andreas Dilger
2020-01-29 7:36 ` Matthew Wilcox [this message]
2019-12-10 12:10 Tiezhu Yang
2019-12-10 12:13 ` Matthew Wilcox
2019-12-10 19:19 ` Eric Biggers
2019-12-10 23:10 ` Al Viro
2019-12-11 0:56 ` Tiezhu Yang
2019-12-12 18:13 ` Matthew Wilcox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200129073630.GF6615@bombadil.infradead.org \
--to=willy@infradead.org \
--cc=adilger@dilger.ca \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=yangtiezhu@loongson.cn \
--cc=yuchao0@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).