Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1467636imm; Sun, 15 Jul 2018 08:27:38 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeQq1UTonCAv1f80WPR2bn/oHC8pg1g70psJWn7EtzOfqFIQbx33nZr9mZQHZKiyq7EcsB7 X-Received: by 2002:a62:4a41:: with SMTP id x62-v6mr14789620pfa.45.1531668458313; Sun, 15 Jul 2018 08:27:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531668458; cv=none; d=google.com; s=arc-20160816; b=vlMaBpiMX8nFkw9077cXqN8p1qaanRXyisEBIbcd7W9j0xx5IhSxKKT9slYeq+/w4N oGNY1hWizigLFsaS23T/by+mn3BKQLyl/kLls6G7sUXYaGMcJ6HavQtNaMlmbZL3G6PL sC9AYUv7uFlKgreE0VfWSD24FdsDkpNsSlHQSwkA+p7Jj9iH0B0DCld77MP1t/sugB2V CIRxKFjHQPyh9PDWjeFIzitztVkHm+0n/J2iPO80r8iRWG8eLFcxiy4NbhxCgEeWrd4k v6A2y49fUe5Nn+8m0toN27vnL+Xrd5JRRLJejDTyxB1Mt4/pLN6qXcBxxhE4ETY4FRZx /4zA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from :arc-authentication-results; bh=9NPwy8xWiBneFX7D/e8PpXW5E0wpaWEC/Xix58GXJMk=; b=jUKaM3u/O1W8oD25ayt7Et3vZ55cBuJpVeNa1L7a5qQndhBTSgTdCNfG+afpg4RKTJ z7Uu+kmjsEpcrYQidCw6A7GcKiZwSJ50O4VnICk0+uN8YO4OZoN1jbe2MYHEZ3WdlrHK mQ1WncrEldfUp+CgdDdWDY55F8NUyoDrWSHP1n2+NU9pJ4+wlgrnQyXDe4Epj4PpHWa6 44YOm483VUQS2mZDCp2qpO4MoITF4h/6XhhxDHYVOkNGQHOhamBNHnqzL6/i8s+oMoY8 7snwwPsaSQovtMZR9RtTYGthNiozn4jMNqFvcyoKXqOPcsUr4dzVjeQYprMVn+pyT7NS qAMQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t2-v6si27197523pge.64.2018.07.15.08.27.09; Sun, 15 Jul 2018 08:27:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726638AbeGOPtb (ORCPT + 99 others); Sun, 15 Jul 2018 11:49:31 -0400 Received: from mail.parknet.co.jp ([210.171.160.6]:59116 "EHLO mail.parknet.co.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726244AbeGOPta (ORCPT ); Sun, 15 Jul 2018 11:49:30 -0400 Received: from ibmpc.myhome.or.jp (server.parknet.ne.jp [210.171.168.39]) by mail.parknet.co.jp (Postfix) with ESMTPSA id B35F59A180; Mon, 16 Jul 2018 00:26:04 +0900 (JST) Received: from devron.myhome.or.jp (foobar@devron.myhome.or.jp [192.168.0.3]) by ibmpc.myhome.or.jp (8.15.2/8.15.2/Debian-11) with ESMTPS id w6FFQ3bV008324 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 16 Jul 2018 00:26:04 +0900 Received: from devron.myhome.or.jp (foobar@localhost [127.0.0.1]) by devron.myhome.or.jp (8.15.2/8.15.2/Debian-11) with ESMTPS id w6FFQ3T8006602 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 16 Jul 2018 00:26:03 +0900 Received: (from hirofumi@localhost) by devron.myhome.or.jp (8.15.2/8.15.2/Submit) id w6FFQ3p5006601; Mon, 16 Jul 2018 00:26:03 +0900 From: OGAWA Hirofumi To: Anatoly Trosinenko Cc: viro@zeniv.linux.org.uk, akpm@linux-foundation.org, linux-kernel@vger.kernel.org Subject: Re: FAT: Operating on broken FAT FS causes the write syscall to return negative number not equal to -1 References: <878t6c7f8p.fsf@mail.parknet.co.jp> <20180715143043.GM30522@ZenIV.linux.org.uk> Date: Mon, 16 Jul 2018 00:26:03 +0900 In-Reply-To: (Anatoly Trosinenko's message of "Sun, 15 Jul 2018 18:08:23 +0300") Message-ID: <87h8l0y0z8.fsf@mail.parknet.co.jp> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Anatoly Trosinenko writes: >> This patch returns better error (-EIO) for me. > > This works for me likewise. Thanks for testing. >> (But note, the corrupted FS image doesn't guarantee POSIX behavior.) > > Oops, I was just doing some testing and thought that correct behavior > for crafted FS is to return arbitrary valid error code (like -EIO) or > some arbitrary data, say, not larger than FS (not disclosing the > kernel memory, of course). Please excuse me if I was wrong. If fixing > this would slow down some hot code path, then I am not insisting on > returning valid errno. :) > > Meanwhile, how should be considered such discrepancies with man pages > for invalid FS images: should it be considered low priority bug, > not-a-bug or feature request (diagnostics)? To handle the corrupted image _perfectly_, finally we will have to have online fsck or similar. For example, if the data block was shared between the regular file and directory, user can mmap the directory data via (corrupted) regular file. Then locking of directory handler doesn't work, and handler has to have directory data as volatile data (and validate data for each memory load). And to verify this invalid shared data blocks, we will have to read all inodes (i.e. almost fsck). So, I may change the code if data verification is easy and lightweight like in this case. But like said above, it will not be guaranteed. Thanks. -- OGAWA Hirofumi