Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp3458204ybg; Mon, 28 Oct 2019 13:10:25 -0700 (PDT) X-Google-Smtp-Source: APXvYqyqFdekaD6rkqOqmg8btVnJqIwQKxNhxWqQel6xWZtxfoM6UV/hzpI+TIpTgEi9xkwC+0Vo X-Received: by 2002:aa7:cc95:: with SMTP id p21mr21523454edt.189.1572293425743; Mon, 28 Oct 2019 13:10:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572293425; cv=none; d=google.com; s=arc-20160816; b=H0VXWQY4gibj9UN3IgT3p5lt48WnHiSbJvDHlm5GWjrAMMD/TPyLpTZhndMD4BhWMA YCtK6OoVADyVmY5w5UwqJHnWmkBRWqnjPhQZfpMDix340vwApxUBz+3DhfpZHz1+XvYh cmId0cR27VG+oWkK+cKlQWCvQOr5BMS1mhyPzzqIAZkpktM+U2xRnDnoEDji+eTAAI/B 8yfnh4rKUng3T8Rx3m9vnGVx65htCsd+yFnIQ5iceJkKPyJKgrEQPbVf49dgEnvdvlM/ Q48AC8n0YWHA9C3raE9Wl3wAoq/BvMrdXUPtMQlpiz4qCTIQQRSp6UCKsHn+ucFw6hpW 6uFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=sk8GN+z++K2mxx0dQR3hLfxMNT40cEnDC1aNGZK6U+0=; b=hFe85Dq7RXjsJHYpXnVAeP9jg09CDXGFyZuVMgTsPVqaOdroGcnfUN5Eq0eJycVTO/ frFlKPFLMuASwgsaOmnx5MMXDaCEf9tPXMEqlSyZefGLQlsrJnFuqX7NEqa7Futd0Fmg iB6dLRfY5SMg0r4ervLmnwu0fZZpy2922k9vHOkIinGyEQ/GJ80NakXAnxvA1zkSXVp5 GwY86VZ9UAPDrzi6mPrKVfSvBOqc+l2ijXWrfgPTSILtZs+aXFq9ox4xZ0jG9hC+ChVY oVVv1dLxAngfWWlzbIJi/pt90qewBFYgeyFzdVb1u711NUlvoe2QBZoeMV1cXUtK6gmF wlqA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j3si9410199edj.448.2019.10.28.13.10.01; Mon, 28 Oct 2019 13:10:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389106AbfJ1MgL (ORCPT + 99 others); Mon, 28 Oct 2019 08:36:11 -0400 Received: from szxga06-in.huawei.com ([45.249.212.32]:50236 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2389043AbfJ1MgL (ORCPT ); Mon, 28 Oct 2019 08:36:11 -0400 Received: from DGGEMS403-HUB.china.huawei.com (unknown [172.30.72.58]) by Forcepoint Email with ESMTP id 21712E3E9323C23C9E06; Mon, 28 Oct 2019 20:36:08 +0800 (CST) Received: from [10.134.22.195] (10.134.22.195) by smtp.huawei.com (10.3.19.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 28 Oct 2019 20:36:01 +0800 Subject: Re: [PATCH v4] erofs: support superblock checksum To: Gao Xiang CC: Chao Yu , , Gao Xiang , References: <20191022180620.19638-1-pratikshinde320@gmail.com> <20191023040557.230886-1-gaoxiang25@huawei.com> <20191023084536.GA16289@architecture4> From: Chao Yu Message-ID: Date: Mon, 28 Oct 2019 20:36:00 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20191023084536.GA16289@architecture4> Content-Type: text/plain; charset="windows-1252" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.134.22.195] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019/10/23 16:45, Gao Xiang wrote: > Hi Chao, > > On Wed, Oct 23, 2019 at 04:15:29PM +0800, Chao Yu wrote: >> Hi, Xiang, Pratik, >> >> On 2019/10/23 12:05, Gao Xiang wrote: > > > >>> } >>> >>> +static int erofs_superblock_csum_verify(struct super_block *sb, void *sbdata) >>> +{ >>> + struct erofs_super_block *dsb; >>> + u32 expected_crc, nblocks, crc; >>> + void *kaddr; >>> + struct page *page; >>> + int i; >>> + >>> + dsb = kmemdup(sbdata + EROFS_SUPER_OFFSET, >>> + EROFS_BLKSIZ - EROFS_SUPER_OFFSET, GFP_KERNEL); >>> + if (!dsb) >>> + return -ENOMEM; >>> + >>> + expected_crc = le32_to_cpu(dsb->checksum); >>> + nblocks = le32_to_cpu(dsb->chksum_blocks); >> >> Now, we try to use nblocks's value before checking its validation, I guess fuzz >> test can easily make the value extreme larger, result in checking latter blocks >> unnecessarily. >> >> IMO, we'd better >> 1. check validation of superblock to make sure all fields in sb are valid >> 2. use .nblocks to count and check payload blocks following sb > > That is quite a good point. :-) > > My first thought is to check the following payloads of sb (e.g, some per-fs > metadata should be checked at mount time together. or for small images, check > the whole image at the mount time) as well since if we introduce a new feature > to some kernel version, forward compatibility needs to be considered. So it's > better to make proper scalability, for this case, we have some choices: > 1) limit `chksum_blocks' upbound at runtime (e.g. refuse >= 65536 blocks, > totally 256M.) > 2) just get rid of the whole `chksum_blocks' mess and checksum the first 4k > at all, don't consider any latter scalability. Xiang, sorry for later reply... I prefer method 2), let's enable chksum feature only on superblock first, chksum_blocks feature can be added later. Thanks, > > Some perferred idea about this? I plan to release erofs-utils v1.0 tomorrow > and hold up this feature for the next erofs-utils release, but I think we can > get it ready for v5.5 since it is not quite complex feature... > > Thanks, > Gao Xiang > > . >