Re: [PATCH v2] erofs: fix incorrect symlink detection in fast symlink

From: Colin Walters
Date: Mon Sep 09 2024 - 10:47:12 EST




On Mon, Sep 9, 2024, at 10:14 AM, Gao Xiang wrote:
>
> Not quite sure about hard limitation in EROFS
> runtime, we could define
>
> #define EROFS_SYMLINK_MAXLEN 4096

Not sure that a new define is needed versus just reusing PATH_MAX, but that's obviously just a style thing that's much more your call than mine.

> But since symlink i_size > 4096 only due to crafted
> images (and not generated by mkfs) and not crash, so
> either way (to check or not check in kernel) is okay
> to me.

Yes, but my understanding was that EROFS (in contrast to other kernel read-write filesystems which are more complicated) was aiming to be robust against potentially malicious images.

Crafted/malicious images aside, there's also the IMO obvious angle here that we should avoid crashes or worse out-of-bound read/write if there happens to be *accidental* on-disk/memory corruption and having high bit(s) flip in a symlink inode size seems like an easy one to handle. Skimming the XFS code for example it looks like it's pretty robust in this area.