From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Christoph Hellwig <hch@infradead.org>
Cc: Richard Weinberger <richard@nod.at>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Gao Xiang <hsiangkao@aol.com>, Jan Kara <jack@suse.cz>,
Chao Yu <yuchao0@huawei.com>, Dave Chinner <david@fromorbit.com>,
David Sterba <dsterba@suse.cz>, Miao Xie <miaoxie@huawei.com>,
devel <devel@driverdev.osuosl.org>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Darrick <darrick.wong@oracle.com>,
Amir Goldstein <amir73il@gmail.com>,
linux-erofs <linux-erofs@lists.ozlabs.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Jaegeuk Kim <jaegeuk@kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Li Guifu <bluce.liguifu@huawei.com>,
Fang Wei <fangwei1@huawei.com>, Pavel Machek <pavel@denx.de>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH] erofs: move erofs out of staging
Date: Sun, 18 Aug 2019 13:43:54 -0400 [thread overview]
Message-ID: <20190818174354.GA12940@mit.edu> (raw)
In-Reply-To: <20190818155812.GB13230@infradead.org>
On Sun, Aug 18, 2019 at 08:58:12AM -0700, Christoph Hellwig wrote:
> On Sun, Aug 18, 2019 at 11:11:54AM -0400, Theodore Y. Ts'o wrote:
> > Note that of the mainstream file systems, ext4 and xfs don't guarantee
> > that it's safe to blindly take maliciously provided file systems, such
> > as those provided by a untrusted container, and mount it on a file
> > system without problems. As I recall, one of the XFS developers
> > described file system fuzzing reports as a denial of service attack on
> > the developers.
>
> I think this greatly misrepresents the general attitute of the XFS
> developers. We take sanity checks for the modern v5 on disk format
> very series, and put a lot of effort into handling corrupted file
> systems as good as possible, although there are of course no guaranteeѕ.
>
> The quote that you've taken out of context is for the legacy v4 format
> that has no checksums and other integrity features.
Actually, what Prof. Kim's research group was doing was taking the
latest file system formats (for ext4 and xfs) and fixing up the
checksum after fuzzing the metadata blocks. The goal was to find
potential security vulnerabilities, not to see if file systems would
crash if fed invalid input. At least for ext4, at least one of
Prof. Kim's fuzzing results was one that that I believe could have
been leveraged into a stack overflow attack. I can't speak to his
results with respect to XFS, since I didn't look at them.
Cheers,
- Ted
next prev parent reply other threads:[~2019-08-18 17:44 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-17 8:23 [PATCH] erofs: move erofs out of staging Gao Xiang
2019-08-17 21:19 ` Richard Weinberger
2019-08-17 22:07 ` Gao Xiang
2019-08-17 23:25 ` Richard Weinberger
2019-08-17 23:38 ` Gao Xiang
2019-08-18 0:04 ` Gao Xiang
2019-08-18 0:52 ` Gao Xiang
2019-08-18 8:16 ` Richard Weinberger
2019-08-18 8:45 ` Gao Xiang
2019-08-18 9:03 ` Richard Weinberger
2019-08-18 9:09 ` Greg Kroah-Hartman
2019-08-18 9:21 ` Richard Weinberger
2019-08-18 10:12 ` Chao Yu
2019-08-18 15:11 ` Theodore Y. Ts'o
2019-08-18 15:58 ` Christoph Hellwig
2019-08-18 16:16 ` Eric Biggers
2019-08-18 16:22 ` Christoph Hellwig
2019-08-18 16:33 ` Gao Xiang
2019-08-18 17:29 ` Eric Biggers
2019-08-18 17:47 ` Christoph Hellwig
2019-08-18 18:16 ` Gao Xiang
2019-08-18 20:14 ` Gao Xiang
2019-08-19 7:35 ` Richard Weinberger
2019-08-19 8:02 ` Gao Xiang
2019-08-19 10:34 ` [PATCH 0/6] staging: erofs: first stage of corrupted compressed images Gao Xiang
2019-08-19 10:34 ` [PATCH 1/6] staging: erofs: some compressed cluster should be submitted for corrupted images Gao Xiang
2019-08-19 14:36 ` Chao Yu
2019-08-19 14:39 ` Chao Yu
2019-08-19 10:34 ` [PATCH 2/6] staging: erofs: cannot set EROFS_V_Z_INITED_BIT if fill_inode_lazy fails Gao Xiang
2019-08-19 14:43 ` Chao Yu
2019-08-19 10:34 ` [PATCH 3/6] staging: erofs: add two missing erofs_workgroup_put for corrupted images Gao Xiang
2019-08-19 14:40 ` Chao Yu
2019-08-19 10:34 ` [PATCH 4/6] staging: erofs: avoid loop in submit chains Gao Xiang
2019-08-19 14:50 ` Chao Yu
2019-08-19 10:34 ` [PATCH 5/6] staging: erofs: detect potential multiref due to corrupted images Gao Xiang
2019-08-19 14:57 ` Chao Yu
2019-08-21 2:19 ` Greg Kroah-Hartman
2019-08-21 14:01 ` [PATCH v2 " Gao Xiang
2019-08-21 14:24 ` Chao Yu
2019-08-19 10:34 ` [PATCH 6/6] staging: erofs: avoid endless loop of invalid lookback distance 0 Gao Xiang
2019-08-19 14:58 ` Chao Yu
2019-08-19 16:09 ` [PATCH] erofs: move erofs out of staging Darrick J. Wong
2019-08-19 20:30 ` Gao Xiang
2019-08-20 0:55 ` Qu Wenruo
2019-08-20 1:55 ` Gao Xiang
2019-08-20 2:24 ` Chao Yu
2019-08-20 2:38 ` Qu Wenruo
2019-08-20 7:15 ` Chao Yu
2019-08-20 8:46 ` Qu Wenruo
2019-08-21 2:12 ` Chao Yu
2019-08-20 15:56 ` Theodore Y. Ts'o
2019-08-20 16:35 ` Gao Xiang
2019-08-21 0:51 ` Theodore Y. Ts'o
2019-08-21 1:34 ` Chao Yu
2019-08-21 1:48 ` Darrick J. Wong
2019-08-21 1:57 ` Chao Yu
2019-08-20 3:33 ` Miao Xie
2019-08-20 3:46 ` Gao Xiang
2019-08-20 6:04 ` Qu Wenruo
2019-08-20 6:22 ` Gao Xiang
2019-08-19 7:37 ` Richard Weinberger
2019-08-18 17:43 ` Theodore Y. Ts'o [this message]
2019-08-18 16:03 ` Gao Xiang
2019-08-18 17:06 ` Richard Weinberger
2019-08-18 17:46 ` Theodore Y. Ts'o
2019-08-18 18:00 ` Richard Weinberger
2019-08-18 18:31 ` Gao Xiang
2019-08-18 9:28 ` Gao Xiang
2019-08-19 5:28 ` [PATCH] erofs: Use common kernel logging style Joe Perches
2019-08-19 5:52 ` Gao Xiang
2019-08-19 5:47 ` Joe Perches
2019-08-19 6:08 ` Gao Xiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190818174354.GA12940@mit.edu \
--to=tytso@mit.edu \
--cc=akpm@linux-foundation.org \
--cc=amir73il@gmail.com \
--cc=bluce.liguifu@huawei.com \
--cc=darrick.wong@oracle.com \
--cc=david@fromorbit.com \
--cc=devel@driverdev.osuosl.org \
--cc=dsterba@suse.cz \
--cc=fangwei1@huawei.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=hsiangkao@aol.com \
--cc=jack@suse.cz \
--cc=jaegeuk@kernel.org \
--cc=linux-erofs@lists.ozlabs.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miaoxie@huawei.com \
--cc=pavel@denx.de \
--cc=richard@nod.at \
--cc=sfr@canb.auug.org.au \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=yuchao0@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).