Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp263078imd; Fri, 2 Nov 2018 23:18:21 -0700 (PDT) X-Google-Smtp-Source: AJdET5eL3lPrDMkQxTCjl2YI8ZPGbAcrFP0iWVee6gCTQg2oWxUA4667idtJTMCGakqEVhF1IEl4 X-Received: by 2002:a63:314c:: with SMTP id x73mr13513640pgx.323.1541225901070; Fri, 02 Nov 2018 23:18:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541225901; cv=none; d=google.com; s=arc-20160816; b=TMw7kZb7t0zOukJepoTtiooXCewFGCe+CjgYd3iQWq5Of0sHCDPoG0p69qcjz6yuMe AXDbw5UI/u27wBussRuyKpMT6bj+QQCHUM70+h7fy5gwd5+2y8rxh0soN7pmd2pA0TVZ +A6i+5ONQvwugNsD9qOR2NUFn/+BPVmxnXxkB6NqLH6oseEH5gk83NAoXYzhc2L5ww5h oGnU1opQhVhpjWiMxCS2zAboUNFSEnoJvuRGKYxv7Ym0IXlVId0L8x6AnYkBxF/M6L2l RjbLSHJdfTpYa0cxPnbre77I32aFjxqo0A1DkpteoHKwwgFVMCNT+cbLrDomIMpduNpZ joAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:references:cc:to :subject; bh=tf/amyAWIfWCE2LyQM9H1Mta9gnzgv2A3eZ4jCpibVk=; b=rCwIeSbN/EicMswYhAbx77QGdEh4f2VG8QS08QFzuOLs3sifZ2cpR0Y5wwlpvx0kjR RHJqPiHgO6K+yQv+ocxX1gSXTNu6413q1uZi7kH5TwnCZ1JA6y0rhgyBPJzZtXZlJO6X F21j8jCgrmKa0nv1earTBp3pGZS7bg32KWnyX3L7St66VvH2q8Sj6TaiRU6FWzjEOuCg 1mZACl9Fi1rxmOGDBhmhpIejzC4e2glDlFx2Ge0HOPaZeEKTjckaRE2J9VHrenOoXdmh pSq2PNRZzzMVPNKTJgJJyj2HFhyNxjNTNvS6JLJFTwqBQ5mmPOdfq9sRbb4B5/tedW7Z 670g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b4-v6si19067320pla.189.2018.11.02.23.17.53; Fri, 02 Nov 2018 23:18:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726794AbeKCPZT (ORCPT + 99 others); Sat, 3 Nov 2018 11:25:19 -0400 Received: from szxga07-in.huawei.com ([45.249.212.35]:45320 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726165AbeKCPZT (ORCPT ); Sat, 3 Nov 2018 11:25:19 -0400 Received: from DGGEMS413-HUB.china.huawei.com (unknown [172.30.72.59]) by Forcepoint Email with ESMTP id 2D7C9D0E7AF78; Sat, 3 Nov 2018 14:15:02 +0800 (CST) Received: from [10.151.23.176] (10.151.23.176) by smtp.huawei.com (10.3.19.213) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sat, 3 Nov 2018 14:15:01 +0800 Subject: Re: [git pull] mount API series To: Al Viro CC: Linus Torvalds , , , , , , "Linux Kernel Mailing List" References: <20181031053355.GQ32577@ZenIV.linux.org.uk> <28156.1541092687@warthog.procyon.org.uk> <3549.1541116763@warthog.procyon.org.uk> <20181102040701.GX32577@ZenIV.linux.org.uk> <20181102194235.GA32577@ZenIV.linux.org.uk> From: Gao Xiang Message-ID: <84b73e19-0a85-2408-7974-79300820270d@huawei.com> Date: Sat, 3 Nov 2018 14:14:11 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <20181102194235.GA32577@ZenIV.linux.org.uk> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.151.23.176] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Al, On 2018/11/3 3:42, Al Viro wrote: > On Fri, Nov 02, 2018 at 04:07:01AM +0000, Al Viro wrote: >> On Thu, Nov 01, 2018 at 11:59:23PM +0000, David Howells wrote: >> >>> (*) mount-api-core. These are the internal-only patches that add the >>> fs_context, the legacy wrapper and the security hooks and make certain >>> filesystems make use of it. >> >> FWIW, while rereading that series I'd spotted something very odd in erofs. >> It's orthogonal to everything else, but just to make sure it doesn't get >> lost: >> * sbi->dev_name thing in erofs is used only for debugging printks, >> basically. Just use sb->s_id[] and be done with that. >> * dump struct erofs_mount_private - you don't need dev_name in >> your erofs_fill_super(). Just use mount_bdev() in usual fashion. >> * what the hell are you doing with ->s_root??? Why would you >> possibly want it hashed and what kind of dcache lookup could find it? >> That d_rehash() looks deeply confused; what are you trying to do there? > > ... and while we are at it, what happens to > unsigned int nameoff = le16_to_cpu(de[mid].nameoff); > unsigned int matched = min(startprfx, endprfx); > > struct qstr dname = QSTR_INIT(data + nameoff, > unlikely(mid >= ndirents - 1) ? > maxsize - nameoff : > le16_to_cpu(de[mid + 1].nameoff) - nameoff); > > /* string comparison without already matched prefix */ > int ret = dirnamecmp(name, &dname, &matched); > if le16_to_cpu(de[...].nameoff) is not monotonically increasing? I.e. > what's to prevent e.g. (unsigned)-1 ending up in dname.len? > > Corrupted fs image shouldn't oops the kernel... Yes, thanks for pointing out. :) I will add more boundary check later before moving into fs/ directory... erofs now is under dm-verity for our HUAWEI mobile phone, so it doesn't be corruptted. I will add more checks and meta checksum later after EROFS productization successfully... :) Thanks, Gao Xiang >