Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2031699imm; Tue, 10 Jul 2018 11:58:26 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfwjE+KmHfNnNmIAnHqWzYzzw2D5SUP37Ng/zg3froOWIbstDIyRs4uM5hOxOxhvWqmm46k X-Received: by 2002:a65:5c4b:: with SMTP id v11-v6mr24015392pgr.445.1531249106389; Tue, 10 Jul 2018 11:58:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531249106; cv=none; d=google.com; s=arc-20160816; b=XIV4V3IELTBwQcvT30RvZizRZaDOll65q35ncNA9sklubZ8zIVHe4NtMDVhfVDBcwZ e13Y/GRHiqKWrOMyn76t22SE6wfQVAmQZbaK6HDe+vIP8acKRZICEbWlK1yfpN1quTvq qEJv2tamWMYZ5WiQmfPCKEszhMMduF9qfL2XOfmgeSQDRmF5U1AUQGkRZvFE+pnYHYHg XqwRIQzpBNbx8WGT8sKRLUD2myNJoSroD1Fmc5CSyX8swqeJkwd+yKOMDw0y1jQTwXJq EO1ADbQpOLvt5+2N/EHMlcraq00aZqYO0HjYjgRd7FoujFAEj6O2y3Lxw6EyTea8rmn1 ApUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature:arc-authentication-results; bh=LYm0GEBhYZ4T1CqCXK8I908YDeIYsq02MIuzMGia8dM=; b=IViOwhGmm4yjPioaDDfnpqt/74H5SBioFrMoOsmVKv+HsphUjpbJCak+YLTA0BFvyi +2qLbjzz+SCgRMld6UYTNy/J102PQ5G+23d/heR0G/pBTu/Ba0mY5LInLxtkp6loald2 iyr4ZJhSEL0y98Ji7k3TrIyKLfF1h87mHE+ME/5qAEexFApjcJTNFP0phkQAmPotDumQ P8pbhD0EWdOAiF/mOEiQhQCif9o4jo4WbPfIoEjju5zTSGEwgVIn2E3m7RRkuIYKkvMU vrASMpHe1KI6iPNYXphJxaM0VG4WAYz2oVmY9cX5ssSTDbdXQARaupAZO/Nl1P1ZjjWe p8Lw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=TeRPPYg2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f12-v6si8978032pgg.653.2018.07.10.11.58.11; Tue, 10 Jul 2018 11:58:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=TeRPPYg2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732585AbeGJS57 (ORCPT + 99 others); Tue, 10 Jul 2018 14:57:59 -0400 Received: from mail-oi0-f51.google.com ([209.85.218.51]:43206 "EHLO mail-oi0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732299AbeGJS57 (ORCPT ); Tue, 10 Jul 2018 14:57:59 -0400 Received: by mail-oi0-f51.google.com with SMTP id b15-v6so44617525oib.10; Tue, 10 Jul 2018 11:57:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=LYm0GEBhYZ4T1CqCXK8I908YDeIYsq02MIuzMGia8dM=; b=TeRPPYg2rXeieYO1BNYlVUTidWOnlR9RnEq2pMj2WaVdDmvNQraDNV1GJxMBATZPjK pNHhqFBUlndujySq5illB24bztBLw6/t767OBdfrH4VQoa8eoif6oB4OwQYuux9VHPUW timvtEkBOPOTc8K7oD+AQOiTuOylBkBA4P+t0HrL8CKdl8u2iKsuP+UGa2arMTloNaC7 bLxik3nEKH6cKHSvinO4hrliwojAjkJcL0LGikaAkFAq3eLNZucKaUlPqAiUYzTH09Zo ww+TJ3wLuZPN0l6IVzTpW+Wy/rBoz7c2ciE149M6YJZA9vWZye3qrxy/qHJoqSMj6RtB bZQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=LYm0GEBhYZ4T1CqCXK8I908YDeIYsq02MIuzMGia8dM=; b=SPYUvsZsY3VfGkY2/2XSnYg5iW5+moGB05bBvoORLDTXm2uYtYRAvpyacT2XaXasin 4wwAte/FhuERsuoN9rSu0PY7I2EvWV4nnzGdjYq9xtDokjp3MQVXz6uqN2GYGHYBYY+v 5RGLvOOjRFac7eWn38HieTpd76u3HfEo3xnfqo/cjDskrGnzrNEL/dpO8U/8me1kvce3 crhCTS/kSJwxa7zKop/ZNhd7P+RhgFZyJfp/E7OCaLGoDxNBFObV+B6LGERHmB5s8GE4 gmgYD1X0yCqCcLSCs+acJXlcH8/vl/9vKfp7t8jnPZZ+9XrhyodnM7AcK2kR/dXmfOTp 4uuw== X-Gm-Message-State: APt69E01rNlsyBhptv6n70gQ5n6TaSCULLFiliJhnioO0DoBa3rmtCyr 4aOpACoS7n7gHCMPMeTJGfG945R0TpH8PXh4EHA= X-Received: by 2002:aca:3546:: with SMTP id c67-v6mr30616063oia.249.1531249058124; Tue, 10 Jul 2018 11:57:38 -0700 (PDT) MIME-Version: 1.0 References: <20180603184955.zrowxp4y3ij66y5n@eaf> <20180608152557.GB11958@amd> <20180709203455.fbmx45ehrsj6yjzr@eaf> <20180710183839.abazeghy7he4v2ai@eaf> In-Reply-To: <20180710183839.abazeghy7he4v2ai@eaf> From: Anatoly Trosinenko Date: Tue, 10 Jul 2018 21:57:27 +0300 Message-ID: Subject: Re: Mounting corrupted HFS+ causes kernel NULL pointer dereference To: "Ernesto A. Fernandez" Cc: pavel@ucw.cz, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Tetsuo Handa Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > This should be fixed, but > it's not as big an issue as the deadlock. Filesystems usually don't need > to worry about protecting a crafted image from acting weird and causing > damage to itself. I just thought that deadlocking a single thread is not much worse than further damaging already damaged FS and is not very dangerous (since it's not a NULL dereference or something like this). If it is or only malicious image can probably be damaged this way then I have no objections or further requests, so please excuse me for unclear wordings. Thanks, Anatoly =D0=B2=D1=82, 10 =D0=B8=D1=8E=D0=BB. 2018 =D0=B3. =D0=B2 21:38, Ernesto A. = Fern=C3=A1ndez : > > On Tue, Jul 10, 2018 at 08:28:37PM +0300, Anatoly Trosinenko wrote: > > Thank you, > > > > When applied this single patch on v4.18-rc4 and performed "echo > > > /mnt/xyz" on hfsplus_16mb_hang image, I get about 14 pairs of lines > > > > hfsplus: unable to mark blocks free: error -5 > > hfsplus: can't free extent > > > > Then `echo` exits with "No space left on device" error. > > Truncation does not return error codes in hfsplus, hence this weird "No > space left" that comes from somewhere else. This should be fixed, but > it's not as big an issue as the deadlock. Filesystems usually don't need > to worry about protecting a crafted image from acting weird and causing > damage to itself. > > >Then it > > permits to perform `rm /mnt/xyz` and on `echo > /mnt/1` it responds > > with no space left on device (but file *is* created and is cattable). > > I don't know what is safer, but now it doesn't deadlock. :) Maybe it > > is even worth to remount FS r/o, I don't know. (Please excuse me for > > speculations) > > It's not strange that the /mnt/1 file could be created but not written > to, since the first operation doesn't usually require allocating blocks. > > > > > Thanks, > > Anatoly > > OK, I'll take a look at the truncation error codes as soon as I'm done > with the other deadlocks I found. It could take a while. > > Thanks for the testing. > Ernest > > > =D0=BF=D0=BD, 9 =D0=B8=D1=8E=D0=BB. 2018 =D0=B3. =D0=B2 23:35, Ernesto = A. Fern=C3=A1ndez > > : > > > > > > On Tue, Jun 12, 2018 at 09:43:26PM +0300, Anatoly Trosinenko wrote: > > > > And when I mount hfsplus_16mb_hang and perform `echo > /mnt/xyz`, i= t hangs. > > > > > > I just sent you a patch for this final report. Let me know if it work= s > > > for you.