Re: [PATCH] hpfs: add checks for ea addresses

[Mikulas Patocka]

On Tue, 22 Jul 2025, Antoni Pokusinski wrote:

> > If you get a KASAN warning when using "check=normal" or "check=strict", 
> > report it and I will fix it; with "check=none" it is not supposed to work.
> > 
> > Mikulas
> > 
> 
> I'm just wondering what should be the expected kernel behaviour in the situation where
> "check=none" and the "ea_offs", "acl_size_s", "ea_size_s" fields of fnode are corrupt?
> If we assume that in such case running into some undefined behavior (which is accessing
> an unknown memory area) is alright, then the code does not need any changes.
> But if we'd like to prevent it, then I think we should always check the extended
> attribute address regardless of the "check" parameter, as demonstrated
> in the patch.
> 
> Kind regards,
> Antoni

There is a trade-off between speed and resiliency. If the user wants 
maximum speed and uses the filesystem only on trusted input, he can choose 
"check=none". If the user wants less performance and uses the filesystem 
on untrusted input, he can select "check=normal" (the default). If the 
user is modifying the code and wants maximum safeguards, he should select 
"check=strict" (that will degrade performance significantly, but it will 
stop the filesystem as soon as possible if something goes wrong).

I think there is no need to add some middle ground where "check=none" 
would check some structures and won't check others.

Mikulas