Re: [PATCH v6 1/4] ntfs: reject non-resident records for resident-only attributes

[Hyunchul Lee]

2026년 6월 9일 (화) 오전 12:49, DaeMyung Kang <charsyam@xxxxxxxxx>님이 작성:
>
> The shared lookup-time attribute validator rejects non-resident
> $FILE_NAME and $VOLUME_NAME records because their formats require
> resident values and callers handle returned records as resident
> attributes. Other resident-only attribute types still pass through the
> generic non-resident mapping-pairs checks.
>
> That leaves real resident/non-resident union confusion paths. Inode load
> looks up $STANDARD_INFORMATION and then reads data.resident.value_offset
> without checking a->non_resident. ntfs_inode_sync_standard_information()
> does the same when updating the standard information value.
> ntfs_write_volume_flags() also looks up $VOLUME_INFORMATION and reads
> data.resident.value_offset directly. $INDEX_ROOT callers in dir.c and
> index.c depend on the same lookup contract before consuming the resident
> index root value.
>
> Reject non-resident records for all resident-only attribute types in the
> shared validator. Keep the existing $FILE_NAME and $VOLUME_NAME behavior,
> but factor it through a helper and extend it to
> $STANDARD_INFORMATION, $OBJECT_ID, $VOLUME_INFORMATION, $INDEX_ROOT, and
> $EA_INFORMATION. For $OBJECT_ID and $EA_INFORMATION this is contract
> hardening for resident-only formats; this patch only rejects the
> non-resident form and does not add new resident value validation for
> those types.
>
> Signed-off-by: DaeMyung Kang <charsyam@xxxxxxxxx>

Looks good to me.

Reviewed-by: Hyunchul Lee <hyc.lee@xxxxxxxxx>

> ---
>  fs/ntfs/attrib.c | 18 +++++++++++++++++-
>  1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
> index 5e1ad1cd0118..1254fbe7666e 100644
> --- a/fs/ntfs/attrib.c
> +++ b/fs/ntfs/attrib.c
> @@ -596,6 +596,22 @@ static u32 ntfs_resident_attr_min_value_length(const __le32 type)
>         }
>  }
>
> +static bool ntfs_attr_type_is_resident_only(const __le32 type)
> +{
> +       switch (type) {
> +       case AT_STANDARD_INFORMATION:
> +       case AT_FILE_NAME:
> +       case AT_OBJECT_ID:
> +       case AT_VOLUME_NAME:
> +       case AT_VOLUME_INFORMATION:
> +       case AT_INDEX_ROOT:
> +       case AT_EA_INFORMATION:
> +               return true;
> +       default:
> +               return false;
> +       }
> +}
> +
>  static bool ntfs_file_name_attr_value_is_valid(const u8 *value, const u32 value_length)
>  {
>         const struct file_name_attr *fn;
> @@ -666,7 +682,7 @@ static bool ntfs_attr_value_is_valid(struct ntfs_volume *vol,
>         u32 min_len;
>
>         if (a->non_resident) {
> -               if (a->type == AT_FILE_NAME || a->type == AT_VOLUME_NAME)
> +               if (ntfs_attr_type_is_resident_only(a->type))
>                         goto corrupt;
>                 if (!ntfs_non_resident_attr_value_is_valid(a))
>                         goto corrupt;
> --
> 2.43.0
>


-- 
Thanks,
Hyunchul