Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp564264rwd; Mon, 12 Jun 2023 18:54:58 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6UilL3aO/QrrxxBNtjrBuQzFFNk64rH4LoGPXQmahoRqkHo1DikbP/B0hd/TdG05HipISq X-Received: by 2002:a17:907:1c1f:b0:982:21a1:c4e0 with SMTP id nc31-20020a1709071c1f00b0098221a1c4e0mr3588975ejc.56.1686621297966; Mon, 12 Jun 2023 18:54:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686621297; cv=none; d=google.com; s=arc-20160816; b=HOlhRTQHp1i2z2rMO2gWkslyyLwtx9NurLpRGgz9qbnoPgPodwyunHofnwdqf3KrQU T23Xzfh18THzmhtiBUdQGUg7t94fN2mKnANEri56CWlFlszIjoUHYq1KwT7S5ZZf7gV/ Qm3YyLyc0sWGefqlN1vbS7p4RyJSlmu3CzEUjUEDu/vbIMKWaFp62rrTOPjhOBN5SJtI ibwK4wQprUKbLhwzNPFtoZ21re3IEGTf0qCY0mBCFd3BeojR+53dGlYZEn9UbD7b8AyQ 9aiKgOiXz5v3u8egHnr+vBfKNeUkOT6gHUt5x9KKMiW/1eWagJ+2Anta17zzc5mqNjZh Of7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id; bh=b0JmfqlxJPnKY0oqw+N+jl4ugufdr2je97chnT4b+3Q=; b=v4OlRsOYYNfDI39smNJKvgA8uZD6Qk5kCKs4AsZT/cmDCTeOJk9whweWvZr+RcfEb0 7OrE5l4zLBTJf9Y06Vn1vczFFdlrDwMy4r3K/z/KfeHqniXK8SS3sfnbA36ZxIAqWj0l 8xN2Msccw8nzSfnEVTYtLwDwJ7pbfh8IobY27PCJEv/HWwYu9y5Eh7qUOkiBBOFtD2ey +/oROkgS4HnVQPmveDRGLiAELWe+TBu8IiRZD39XsLjL5dq7nJz4/G/RaqynWfA251GX 0ra7zudwPG05BO4KxDZPcwX/8TPvCYiBEXjbg2mV3WE4c+L5LmGkEUiLHDxSTmzL+JG5 bV9w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f6-20020a1709062c4600b0094f13e1a269si5171364ejh.970.2023.06.12.18.54.34; Mon, 12 Jun 2023 18:54:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237583AbjFMBn3 (ORCPT + 99 others); Mon, 12 Jun 2023 21:43:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58782 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232149AbjFMBn2 (ORCPT ); Mon, 12 Jun 2023 21:43:28 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 09A5D1718 for ; Mon, 12 Jun 2023 18:43:26 -0700 (PDT) Received: from kwepemm600012.china.huawei.com (unknown [172.30.72.57]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4QgBC31kygzTlJV; Tue, 13 Jun 2023 09:42:55 +0800 (CST) Received: from [10.174.178.220] (10.174.178.220) by kwepemm600012.china.huawei.com (7.193.23.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 13 Jun 2023 09:43:23 +0800 Message-ID: Date: Tue, 13 Jun 2023 09:43:23 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [PATCH 0/2] Fix out-of-bound access if pagecache of udf device is corrupted To: Jan Kara CC: Jan Kara , , References: <20230613032254.1235752-1-haowenchao2@huawei.com> <20230612144009.s436o52pctxgctr2@quack3> Content-Language: en-US From: "haowenchao (C)" In-Reply-To: <20230612144009.s436o52pctxgctr2@quack3> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.178.220] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To kwepemm600012.china.huawei.com (7.193.23.74) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2023/6/12 22:40, Jan Kara wrote: > On Tue 13-06-23 11:22:52, Wenchao Hao wrote: >> Following steps would cause out-of-bound access and even cause kernel >> panic when using udf: >> >> dd if=/dev/zero of=udf.img bs=1M count=512 >> mkfs.udf udf.img >> mount -o loop -t udf udf.img /mnt >> dd if=/dev/random of=/dev/loop0 bs=512 count=1 seek=128 >> umount /mnt >> >> [if /mnt is mounted on /dev/loop0] >> >> It is because we did not check if udf_sb_info->s_lvid_bh is valid in >> udf_sb_lvidiu(). >> >> Although it's illegal to write backend device since filesystem has been >> mounted, but we should avoid kernel panic if it happened. > > No, it is perfectly valid to crash the kernel if someone writes the buffer > cache of the device while the device is mounted (which your example above > does). There is no practical protection against this because someone could > overwrite the buffer just after the moment you verify its validity. The > only protection would be to lock the buffer for each access and fully > verify validity of the data after each locking but the performance and > maintenance overhead of this is too high to justify. So I'm sorry but I > will not take any patches that try to "fix" situations when someone writes > buffer cache while the filesystem is mounted. > > I guess your work is motivated by some syzbot reproducer which was doing > this. Let me work on a kernel option which syzbot can use to not report > these issues. > > > Honza Yes, the issue is discovered by syzbot. Looking forward you patches.