Re: [PATCH v3 RESEND] hfs: validate catalog CNIDs before instantiating inodes

From: David Maximiliano Hermitte

Date: Tue Jul 07 2026 - 17:39:05 EST


Hi Slava,

Thank you for the review.

Yes, I agree that the initial length validation can be simplified to:

rec_len = fd->entrylength;
if (rec_len <= 0 || rec_len > sizeof(rec))
return -EIO;

I also agree that, for the fixed-size file and directory catalog records,
the checks should require the exact record size:

rec_len != sizeof(struct hfs_cat_file)

and:

rec_len != sizeof(struct hfs_cat_dir)

Regarding hfs_write_inode(), I intentionally left it unchanged because
the patch was trying to reject invalid CNIDs at the catalog lookup and
inode-instantiation boundaries, before a corrupted inode could reach
writeback.

However, I agree that an additional validation there may be useful as
defense in depth. Would you prefer hfs_is_valid_cnid() to be checked in
hfs_write_inode() as well, and should that check precede the existing
BUG path while otherwise leaving its behavior unchanged?

I will prepare the next revision after your guidance on that point.

Thanks,
David