Re: [PATCH v2 2/2] hfs: Update sanity check of the root record

Next message: Akhil P Oommen: "Re: [PATCH v2 21/21] dt-bindings: arm-smmu: Add Glymur GPU SMMU"
Previous message: Jan Kara: "Re: [PATCH v6 17/17] vfs: expose delegation support to userland"
In reply to: Viacheslav Dubeyko: "RE: [PATCH v2 2/2] hfs: Update sanity check of the root record"
Next in thread: Viacheslav Dubeyko: "RE: [PATCH v2 2/2] hfs: Update sanity check of the root record"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tetsuo Handa

Date: Tue Nov 11 2025 - 09:27:06 EST

On 2025/11/11 9:23, George Anthony Vernon wrote:
>> Technically speaking, we can adopt this check to be completely sure that nothing
>> will be wrong during the mount operation. But I believe that is_valid_cnid()
>> should be good enough to manage this. Potential argument could be that the check
>> of rec.dir.DirID could be faster operation than to call hfs_iget(). But mount is
>> rare and not very fast operation, anyway. And if we fail to mount, then the
>> speed of mount operation is not very important.
>
> Agreed we're not worried about speed that the mount operation can reach
> fail case. The check would have value if the bnode populated in
> hfs_find_data fd by hfs_cat_find_brec() is bad. That would be very
> defensive, I'm not sure it's necessary.

With my patch, mount() syscall fails with EIO unless rec.dir.DirID == 2.
Without my patch, mount() syscall succeeds and EIO is later returned when
trying to read the root directory of the mounted filesystem.

This is not a problem of speed. Fuzzing unreadable root directory is useless.
There is no point with making mount() syscall succeed.