Re: [PATCH 087/190] Revert "udf: fix an uninitialized read bug and remove dead code"

From: Jan Kara
Date: Wed Apr 21 2021 - 09:55:39 EST


On Wed 21-04-21 14:59:22, Greg Kroah-Hartman wrote:
> This reverts commit 39416c5872db69859e867fa250b9cbb3f1e0d185.
>
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes. The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
>
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix. Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
>
> Cc: Wenwen Wang <wang6495@xxxxxxx>
> Cc: Jan Kara <jack@xxxxxxx>
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

Hi Greg!

I'm pretty confident this particular report & fix was valid (in fact it was
me who suggested the particular change). So I don't see point in reverting
it...

Honza

> ---
> fs/udf/namei.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/fs/udf/namei.c b/fs/udf/namei.c
> index f146b3089f3d..77906b679187 100644
> --- a/fs/udf/namei.c
> +++ b/fs/udf/namei.c
> @@ -304,6 +304,21 @@ static struct dentry *udf_lookup(struct inode *dir, struct dentry *dentry,
> if (dentry->d_name.len > UDF_NAME_LEN)
> return ERR_PTR(-ENAMETOOLONG);
>
> +#ifdef UDF_RECOVERY
> + /* temporary shorthand for specifying files by inode number */
> + if (!strncmp(dentry->d_name.name, ".B=", 3)) {
> + struct kernel_lb_addr lb = {
> + .logicalBlockNum = 0,
> + .partitionReferenceNum =
> + simple_strtoul(dentry->d_name.name + 3,
> + NULL, 0),
> + };
> + inode = udf_iget(dir->i_sb, lb);
> + if (IS_ERR(inode))
> + return inode;
> + } else
> +#endif /* UDF_RECOVERY */
> +
> fi = udf_find_entry(dir, &dentry->d_name, &fibh, &cfi);
> if (IS_ERR(fi))
> return ERR_CAST(fi);
> --
> 2.31.1
>
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR